692 files changed, 0 insertions, 180302 deletions

diff --git a/src/lib/libcrypto/aes/README b/src/lib/libcrypto/aes/README
deleted file mode 100644
index 0f9620a80e..0000000000
--- a/src/lib/libcrypto/aes/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This is an OpenSSL-compatible version of AES (also called Rijndael).
-aes_core.c is basically the same as rijndael-alg-fst.c but with an
-API that looks like the rest of the OpenSSL symmetric cipher suite.
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
deleted file mode 100644
index 8a3ea0b883..0000000000
--- a/src/lib/libcrypto/aes/aes.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-#define HEADER_AES_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#define AES_ENCRYPT     1
-#define AES_DECRYPT     0
-
-/* Because array size can't be a const in C, the following two are macros.
-   Both sizes are in bytes. */
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_AES_SIZE_T int
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-    unsigned long rd_key[4 *(AES_MAXNR + 1)];
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-        AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-        AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-        const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-        const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-        const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
-        unsigned char ecount_buf[AES_BLOCK_SIZE],
-        unsigned int *num);
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* !HEADER_AES_H */
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
deleted file mode 100644
index 373864cd4b..0000000000
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#if !defined(OPENSSL_FIPS_AES_ASM)
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc) {
-
-        unsigned long n;
-        unsigned long len = length;
-        unsigned char tmp[AES_BLOCK_SIZE];
-        const unsigned char *iv = ivec;
-
-        assert(in && out && key && ivec);
-        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-
-        if (AES_ENCRYPT == enc) {
-                while (len >= AES_BLOCK_SIZE) {
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        for(n=0; n < len; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else if (in != out) {
-                while (len >= AES_BLOCK_SIZE) {
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        iv = in;
-                        len -= AES_BLOCK_SIZE;
-                        in  += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        AES_decrypt(in,tmp,key);
-                        for(n=0; n < len; ++n)
-                                out[n] = tmp[n] ^ iv[n];
-                        iv = in;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else {
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= ivec[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(tmp, out, key);
-                        for(n=0; n < len; ++n)
-                                out[n] ^= ivec[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = tmp[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                }
-        }
-}
-#endif
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c
deleted file mode 100644
index 49f0411010..0000000000
--- a/src/lib/libcrypto/aes/aes_cfb.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-#include "e_os.h"
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc) {
-
-        unsigned int n;
-        unsigned long l = length;
-        unsigned char c;
-
-        assert(in && out && key && ivec && num);
-
-        n = *num;
-
-        if (enc) {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        } else {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        c = *(in);
-                        *(out++) = *(in++) ^ ivec[n];
-                        ivec[n] = c;
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        }
-
-        *num=n;
-}
-
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc)
-    {
-    int n,rem,num;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-
-    if (nbits<=0 || nbits>128) return;
-
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,AES_BLOCK_SIZE);
-        /* construct the new IV */
-        AES_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-            memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-        else
-            for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
-
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-    unsigned char c[1],d[1];
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    memset(out,0,(length+7)/8);
-    for(n=0 ; n < length ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-        out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-        }
-    }
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    for(n=0 ; n < length ; ++n)
-        AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
-    }
-
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
deleted file mode 100644
index ed566a8123..0000000000
--- a/src/lib/libcrypto/aes/aes_core.c
+++ /dev/null
@@ -1,1261 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Note: rewritten a little bit to provide error control and an OpenSSL-
-   compatible API */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include <openssl/fips.h>
-#include "aes_locl.h"
-
-#ifndef OPENSSL_FIPS
-
-/*
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-Te4[x] = S [x].[01, 01, 01, 01];
-
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01, 01, 01, 01];
-*/
-
-static const u32 Te0[256] = {
-    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
-    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
-    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
-    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
-    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
-    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
-    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
-    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
-    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
-    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
-    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
-    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
-    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
-    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
-    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
-    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
-    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
-    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
-    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
-    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
-    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
-    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
-    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
-    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
-    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
-    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
-    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
-    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
-    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
-    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
-    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
-    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
-    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
-    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
-    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
-    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
-    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
-    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
-    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
-    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
-    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
-    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
-    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
-    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
-    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
-    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
-    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
-    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
-    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
-    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
-    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
-    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
-    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
-    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
-    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
-    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
-    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
-    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
-    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
-    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
-    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
-    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
-    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
-    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
-};
-static const u32 Te1[256] = {
-    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
-    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
-    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
-    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
-    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
-    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
-    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
-    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
-    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
-    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
-    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
-    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
-    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
-    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
-    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
-    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
-    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
-    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
-    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
-    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
-    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
-    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
-    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
-    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
-    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
-    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
-    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
-    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
-    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
-    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
-    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
-    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
-    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
-    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
-    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
-    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
-    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
-    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
-    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
-    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
-    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
-    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
-    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
-    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
-    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
-    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
-    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
-    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
-    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
-    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
-    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
-    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
-    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
-    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
-    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
-    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
-    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
-    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
-    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
-    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
-    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
-    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
-    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
-    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
-};
-static const u32 Te2[256] = {
-    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
-    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
-    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
-    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
-    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
-    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
-    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
-    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
-    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
-    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
-    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
-    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
-    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
-    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
-    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
-    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
-    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
-    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
-    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
-    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
-    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
-    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
-    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
-    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
-    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
-    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
-    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
-    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
-    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
-    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
-    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
-    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
-    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
-    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
-    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
-    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
-    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
-    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
-    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
-    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
-    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
-    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
-    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
-    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
-    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
-    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
-    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
-    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
-    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
-    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
-    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
-    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
-    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
-    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
-    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
-    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
-    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
-    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
-    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
-    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
-    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
-    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
-    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
-    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
-};
-static const u32 Te3[256] = {
-
-    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
-    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
-    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
-    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
-    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
-    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
-    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
-    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
-    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
-    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
-    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
-    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
-    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
-    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
-    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
-    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
-    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
-    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
-    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
-    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
-    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
-    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
-    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
-    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
-    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
-    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
-    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
-    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
-    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
-    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
-    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
-    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
-    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
-    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
-    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
-    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
-    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
-    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
-    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
-    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
-    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
-    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
-    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
-    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
-    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
-    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
-    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
-    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
-    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
-    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
-    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
-    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
-    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
-    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
-    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
-    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
-    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
-    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
-    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
-    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
-    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
-    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
-    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
-    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
-};
-static const u32 Te4[256] = {
-    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
-    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
-    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
-    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
-    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
-    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
-    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
-    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
-    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
-    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
-    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
-    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
-    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
-    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
-    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
-    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
-    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
-    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
-    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
-    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
-    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
-    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
-    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
-    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
-    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
-    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
-    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
-    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
-    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
-    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
-    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
-    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
-    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
-    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
-    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
-    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
-    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
-    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
-    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
-    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
-    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
-    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
-    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
-    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
-    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
-    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
-    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
-    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
-    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
-    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
-    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
-    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
-    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
-    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
-    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
-    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
-    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
-    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
-    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
-    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
-    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
-    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
-    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
-    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
-};
-static const u32 Td0[256] = {
-    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
-    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
-    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
-    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
-    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
-    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
-    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
-    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
-    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
-    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
-    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
-    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
-    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
-    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
-    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
-    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
-    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
-    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
-    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
-    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
-    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
-    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
-    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
-    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
-    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
-    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
-    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
-    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
-    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
-    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
-    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
-    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
-    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
-    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
-    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
-    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
-    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
-    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
-    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
-    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
-    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
-    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
-    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
-    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
-    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
-    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
-    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
-    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
-    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
-    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
-    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
-    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
-    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
-    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
-    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
-    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
-    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
-    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
-    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
-    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
-    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
-    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
-    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
-    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
-};
-static const u32 Td1[256] = {
-    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
-    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
-    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
-    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
-    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
-    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
-    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
-    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
-    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
-    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
-    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
-    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
-    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
-    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
-    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
-    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
-    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
-    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
-    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
-    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
-    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
-    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
-    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
-    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
-    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
-    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
-    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
-    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
-    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
-    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
-    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
-    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
-    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
-    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
-    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
-    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
-    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
-    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
-    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
-    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
-    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
-    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
-    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
-    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
-    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
-    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
-    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
-    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
-    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
-    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
-    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
-    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
-    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
-    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
-    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
-    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
-    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
-    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
-    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
-    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
-    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
-    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
-    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
-    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
-};
-static const u32 Td2[256] = {
-    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
-    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
-    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
-    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
-    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
-    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
-    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
-    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
-    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
-    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
-    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
-    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
-    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
-    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
-    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
-    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
-    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
-    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
-    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
-    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
-
-    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
-    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
-    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
-    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
-    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
-    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
-    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
-    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
-    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
-    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
-    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
-    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
-    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
-    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
-    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
-    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
-    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
-    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
-    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
-    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
-    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
-    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
-    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
-    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
-    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
-    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
-    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
-    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
-    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
-    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
-    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
-    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
-    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
-    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
-    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
-    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
-    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
-    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
-    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
-    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
-    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
-    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
-    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
-    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
-};
-static const u32 Td3[256] = {
-    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
-    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
-    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
-    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
-    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
-    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
-    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
-    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
-    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
-    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
-    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
-    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
-    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
-    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
-    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
-    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
-    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
-    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
-    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
-    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
-    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
-    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
-    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
-    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
-    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
-    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
-    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
-    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
-    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
-    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
-    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
-    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
-    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
-    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
-    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
-    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
-    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
-    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
-    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
-    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
-    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
-    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
-    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
-    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
-    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
-    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
-    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
-    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
-    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
-    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
-    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
-    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
-    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
-    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
-    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
-    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
-    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
-    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
-    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
-    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
-    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
-    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
-    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
-    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
-};
-static const u32 Td4[256] = {
-    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
-    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
-    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
-    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
-    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
-    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
-    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
-    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
-    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
-    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
-    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
-    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
-    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
-    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
-    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
-    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
-    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
-    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
-    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
-    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
-    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
-    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
-    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
-    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
-    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
-    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
-    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
-    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
-    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
-    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
-    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
-    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
-    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
-    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
-    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
-    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
-    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
-    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
-    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
-    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
-    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
-    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
-    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
-    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
-    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
-    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
-    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
-    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
-    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
-    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
-    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
-    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
-    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
-    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
-    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
-    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
-    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
-    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
-    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
-    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
-    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
-    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
-    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
-    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
-};
-static const u32 rcon[] = {
-        0x01000000, 0x02000000, 0x04000000, 0x08000000,
-        0x10000000, 0x20000000, 0x40000000, 0x80000000,
-        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key) {
-
-        u32 *rk;
-        int i = 0;
-        u32 temp;
-
-        if (!userKey || !key)
-                return -1;
-        if (bits != 128 && bits != 192 && bits != 256)
-                return -2;
-
-        rk = key->rd_key;
-
-        if (bits==128)
-                key->rounds = 10;
-        else if (bits==192)
-                key->rounds = 12;
-        else
-                key->rounds = 14;
-
-        rk[0] = GETU32(userKey     );
-        rk[1] = GETU32(userKey +  4);
-        rk[2] = GETU32(userKey +  8);
-        rk[3] = GETU32(userKey + 12);
-        if (bits == 128) {
-                while (1) {
-                        temp  = rk[3];
-                        rk[4] = rk[0] ^
-                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
-                                rcon[i];
-                        rk[5] = rk[1] ^ rk[4];
-                        rk[6] = rk[2] ^ rk[5];
-                        rk[7] = rk[3] ^ rk[6];
-                        if (++i == 10) {
-                                return 0;
-                        }
-                        rk += 4;
-                }
-        }
-        rk[4] = GETU32(userKey + 16);
-        rk[5] = GETU32(userKey + 20);
-        if (bits == 192) {
-                while (1) {
-                        temp = rk[ 5];
-                        rk[ 6] = rk[ 0] ^
-                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
-                                rcon[i];
-                        rk[ 7] = rk[ 1] ^ rk[ 6];
-                        rk[ 8] = rk[ 2] ^ rk[ 7];
-                        rk[ 9] = rk[ 3] ^ rk[ 8];
-                        if (++i == 8) {
-                                return 0;
-                        }
-                        rk[10] = rk[ 4] ^ rk[ 9];
-                        rk[11] = rk[ 5] ^ rk[10];
-                        rk += 6;
-                }
-        }
-        rk[6] = GETU32(userKey + 24);
-        rk[7] = GETU32(userKey + 28);
-        if (bits == 256) {
-                while (1) {
-                        temp = rk[ 7];
-                        rk[ 8] = rk[ 0] ^
-                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
-                                rcon[i];
-                        rk[ 9] = rk[ 1] ^ rk[ 8];
-                        rk[10] = rk[ 2] ^ rk[ 9];
-                        rk[11] = rk[ 3] ^ rk[10];
-                        if (++i == 7) {
-                                return 0;
-                        }
-                        temp = rk[11];
-                        rk[12] = rk[ 4] ^
-                                (Te4[(temp >> 24)       ] & 0xff000000) ^
-                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                                (Te4[(temp      ) & 0xff] & 0x000000ff);
-                        rk[13] = rk[ 5] ^ rk[12];
-                        rk[14] = rk[ 6] ^ rk[13];
-                        rk[15] = rk[ 7] ^ rk[14];
-
-                        rk += 8;
-                }
-        }
-        return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                         AES_KEY *key) {
-
-        u32 *rk;
-        int i, j, status;
-        u32 temp;
-
-        /* first, start with an encryption schedule */
-        status = AES_set_encrypt_key(userKey, bits, key);
-        if (status < 0)
-                return status;
-
-        rk = key->rd_key;
-
-        /* invert the order of the round keys: */
-        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-        }
-        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
-        for (i = 1; i < (key->rounds); i++) {
-                rk += 4;
-                rk[0] =
-                        Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
-                        Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
-                rk[1] =
-                        Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
-                        Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
-                rk[2] =
-                        Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
-                        Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
-                rk[3] =
-                        Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
-                        Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
-        }
-        return 0;
-}
-
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key) {
-
-        const u32 *rk;
-        u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-        int r;
-#endif /* ?FULL_UNROLL */
-
-        assert(in && out && key);
-        rk = key->rd_key;
-
-        /*
-         * map byte array block to cipher state
-         * and add initial round key:
-         */
-        s0 = GETU32(in     ) ^ rk[0];
-        s1 = GETU32(in +  4) ^ rk[1];
-        s2 = GETU32(in +  8) ^ rk[2];
-        s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-        /* round 1: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-        /* round 2: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
-        /* round 3: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-        /* round 4: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
-        /* round 5: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-        /* round 6: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
-        /* round 7: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-        /* round 8: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
-        /* round 9: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
-        }
-    }
-    rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Te0[(s0 >> 24)       ] ^
-            Te1[(s1 >> 16) & 0xff] ^
-            Te2[(s2 >>  8) & 0xff] ^
-            Te3[(s3      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Te0[(s1 >> 24)       ] ^
-            Te1[(s2 >> 16) & 0xff] ^
-            Te2[(s3 >>  8) & 0xff] ^
-            Te3[(s0      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Te0[(s2 >> 24)       ] ^
-            Te1[(s3 >> 16) & 0xff] ^
-            Te2[(s0 >>  8) & 0xff] ^
-            Te3[(s1      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Te0[(s3 >> 24)       ] ^
-            Te1[(s0 >> 16) & 0xff] ^
-            Te2[(s1 >>  8) & 0xff] ^
-            Te3[(s2      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Te0[(t0 >> 24)       ] ^
-            Te1[(t1 >> 16) & 0xff] ^
-            Te2[(t2 >>  8) & 0xff] ^
-            Te3[(t3      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Te0[(t1 >> 24)       ] ^
-            Te1[(t2 >> 16) & 0xff] ^
-            Te2[(t3 >>  8) & 0xff] ^
-            Te3[(t0      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Te0[(t2 >> 24)       ] ^
-            Te1[(t3 >> 16) & 0xff] ^
-            Te2[(t0 >>  8) & 0xff] ^
-            Te3[(t1      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Te0[(t3 >> 24)       ] ^
-            Te1[(t0 >> 16) & 0xff] ^
-            Te2[(t1 >>  8) & 0xff] ^
-            Te3[(t2      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-         * apply last round and
-         * map cipher state to byte array block:
-         */
-        s0 =
-                (Te4[(t0 >> 24)       ] & 0xff000000) ^
-                (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te4[(t3      ) & 0xff] & 0x000000ff) ^
-                rk[0];
-        PUTU32(out     , s0);
-        s1 =
-                (Te4[(t1 >> 24)       ] & 0xff000000) ^
-                (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te4[(t0      ) & 0xff] & 0x000000ff) ^
-                rk[1];
-        PUTU32(out +  4, s1);
-        s2 =
-                (Te4[(t2 >> 24)       ] & 0xff000000) ^
-                (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te4[(t1      ) & 0xff] & 0x000000ff) ^
-                rk[2];
-        PUTU32(out +  8, s2);
-        s3 =
-                (Te4[(t3 >> 24)       ] & 0xff000000) ^
-                (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te4[(t2      ) & 0xff] & 0x000000ff) ^
-                rk[3];
-        PUTU32(out + 12, s3);
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key) {
-
-        const u32 *rk;
-        u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-        int r;
-#endif /* ?FULL_UNROLL */
-
-        assert(in && out && key);
-        rk = key->rd_key;
-
-        /*
-         * map byte array block to cipher state
-         * and add initial round key:
-         */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-    /* round 1: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
-    /* round 2: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
-    /* round 3: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
-    /* round 4: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
-    /* round 5: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
-    /* round 6: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
-    /* round 7: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
-    /* round 8: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
-    /* round 9: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
-        }
-    }
-        rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Td0[(s0 >> 24)       ] ^
-            Td1[(s3 >> 16) & 0xff] ^
-            Td2[(s2 >>  8) & 0xff] ^
-            Td3[(s1      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Td0[(s1 >> 24)       ] ^
-            Td1[(s0 >> 16) & 0xff] ^
-            Td2[(s3 >>  8) & 0xff] ^
-            Td3[(s2      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Td0[(s2 >> 24)       ] ^
-            Td1[(s1 >> 16) & 0xff] ^
-            Td2[(s0 >>  8) & 0xff] ^
-            Td3[(s3      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Td0[(s3 >> 24)       ] ^
-            Td1[(s2 >> 16) & 0xff] ^
-            Td2[(s1 >>  8) & 0xff] ^
-            Td3[(s0      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Td0[(t0 >> 24)       ] ^
-            Td1[(t3 >> 16) & 0xff] ^
-            Td2[(t2 >>  8) & 0xff] ^
-            Td3[(t1      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Td0[(t1 >> 24)       ] ^
-            Td1[(t0 >> 16) & 0xff] ^
-            Td2[(t3 >>  8) & 0xff] ^
-            Td3[(t2      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Td0[(t2 >> 24)       ] ^
-            Td1[(t1 >> 16) & 0xff] ^
-            Td2[(t0 >>  8) & 0xff] ^
-            Td3[(t3      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Td0[(t3 >> 24)       ] ^
-            Td1[(t2 >> 16) & 0xff] ^
-            Td2[(t1 >>  8) & 0xff] ^
-            Td3[(t0      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-         * apply last round and
-         * map cipher state to byte array block:
-         */
-        s0 =
-                (Td4[(t0 >> 24)       ] & 0xff000000) ^
-                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
-                rk[0];
-        PUTU32(out     , s0);
-        s1 =
-                (Td4[(t1 >> 24)       ] & 0xff000000) ^
-                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
-                rk[1];
-        PUTU32(out +  4, s1);
-        s2 =
-                (Td4[(t2 >> 24)       ] & 0xff000000) ^
-                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
-                rk[2];
-        PUTU32(out +  8, s2);
-        s3 =
-                (Td4[(t3 >> 24)       ] & 0xff000000) ^
-                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
-                rk[3];
-        PUTU32(out + 12, s3);
-}
-
-#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
deleted file mode 100644
index f36982be1e..0000000000
--- a/src/lib/libcrypto/aes/aes_ctr.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
- * is endian-neutral. */
-
-/* increment counter (128-bit int) by 1 */
-static void AES_ctr128_inc(unsigned char *counter) {
-        unsigned long c;
-
-        /* Grab bottom dword of counter and increment */
-        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter + 12, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 1st dword of counter and increment */
-        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  8, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 2nd dword of counter and increment */
-        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  4, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab top dword of counter and increment */
-        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  0, c);
-}
-
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
-        unsigned char ecount_buf[AES_BLOCK_SIZE],
-        unsigned int *num) {
-
-        unsigned int n;
-        unsigned long l=length;
-
-        assert(in && out && key && counter && num);
-        assert(*num < AES_BLOCK_SIZE);
-
-        n = *num;
-
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ecount_buf, key);
-                        AES_ctr128_inc(ivec);
-                }
-                *(out++) = *(in++) ^ ecount_buf[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-
-        *num=n;
-}
diff --git a/src/lib/libcrypto/aes/aes_ecb.c b/src/lib/libcrypto/aes/aes_ecb.c
deleted file mode 100644
index 28aa561c2d..0000000000
--- a/src/lib/libcrypto/aes/aes_ecb.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     const AES_KEY *key, const int enc) {
-
-        assert(in && out && key);
-        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-
-        if (AES_ENCRYPT == enc)
-                AES_encrypt(in, out, key);
-        else
-                AES_decrypt(in, out, key);
-}
-
diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h
deleted file mode 100644
index 4184729e34..0000000000
--- a/src/lib/libcrypto/aes/aes_locl.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_LOCL_H
-#define HEADER_AES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-#else
-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
-#endif
-
-typedef unsigned long u32;
-typedef unsigned short u16;
-typedef unsigned char u8;
-
-#define MAXKC   (256/32)
-#define MAXKB   (256/8)
-#define MAXNR   14
-
-/* This controls loop-unrolling in aes_core.c */
-#undef FULL_UNROLL
-
-#endif /* !HEADER_AES_LOCL_H */
diff --git a/src/lib/libcrypto/aes/aes_misc.c b/src/lib/libcrypto/aes/aes_misc.c
deleted file mode 100644
index 090def25d5..0000000000
--- a/src/lib/libcrypto/aes/aes_misc.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
-
-const char *AES_options(void) {
-#ifdef FULL_UNROLL
-        return "aes(full)";
-#else   
-        return "aes(partial)";
-#endif
-}
diff --git a/src/lib/libcrypto/aes/aes_ofb.c b/src/lib/libcrypto/aes/aes_ofb.c
deleted file mode 100644
index f358bb39e2..0000000000
--- a/src/lib/libcrypto/aes/aes_ofb.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num) {
-
-        unsigned int n;
-        unsigned long l=length;
-
-        assert(in && out && key && ivec && num);
-
-        n = *num;
-
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ivec, key);
-                }
-                *(out++) = *(in++) ^ ivec[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-
-        *num=n;
-}
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
deleted file mode 100644
index 688fda21ff..0000000000
--- a/src/lib/libcrypto/aes/asm/aes-586.pl
+++ /dev/null
@@ -1,1541 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
-# ====================================================================
-#
-# Version 2.0.
-#
-# You might fail to appreciate this module performance from the first
-# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
-# to be *the* best Intel C compiler without -KPIC, performance appears
-# to be virtually identical... But try to re-configure with shared
-# library support... Aha! Intel compiler "suddenly" lags behind by 30%
-# [on P4, more on others]:-) And if compared to position-independent
-# code generated by GNU C, this code performs *more* than *twice* as
-# fast! Yes, all this buzz about PIC means that unlike other hand-
-# coded implementations, this one was explicitly designed to be safe
-# to use even in shared library context... This also means that this
-# code isn't necessarily absolutely fastest "ever," because in order
-# to achieve position independence an extra register has to be
-# off-loaded to stack, which affects the benchmark result.
-#
-# Special note about instruction choice. Do you recall RC4_INT code
-# performing poorly on P4? It might be the time to figure out why.
-# RC4_INT code implies effective address calculations in base+offset*4
-# form. Trouble is that it seems that offset scaling turned to be
-# critical path... At least eliminating scaling resulted in 2.8x RC4
-# performance improvement [as you might recall]. As AES code is hungry
-# for scaling too, I [try to] avoid the latter by favoring off-by-2
-# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
-#
-# As was shown by Dean Gaudet <dean@arctic.org>, the above note turned
-# void. Performance improvement with off-by-2 shifts was observed on
-# intermediate implementation, which was spilling yet another register
-# to stack... Final offset*4 code below runs just a tad faster on P4,
-# but exhibits up to 10% improvement on other cores.
-#
-# Second version is "monolithic" replacement for aes_core.c, which in
-# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
-# This made it possible to implement little-endian variant of the
-# algorithm without modifying the base C code. Motivating factor for
-# the undertaken effort was that it appeared that in tight IA-32
-# register window little-endian flavor could achieve slightly higher
-# Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent µ-archs...
-#
-# Current ECB performance numbers for 128-bit key in cycles per byte
-# [measure commonly used by AES benchmarkers] are:
-#
-#               small footprint         fully unrolled
-# P4[-3]        23[24]                  22[23]
-# AMD K8        19                      18
-# PIII          26(*)                   23
-# Pentium       63(*)                   52
-#
-# (*)   Performance difference between small footprint code and fully
-#       unrolled in more commonly used CBC mode is not as big, 7% for
-#       PIII and 15% for Pentium, which I consider tolerable.
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
-
-$small_footprint=1;     # $small_footprint=1 code is ~5% slower [on
-                        # recent µ-archs], but ~5 times smaller!
-                        # I favor compact code, because it minimizes
-                        # cache contention...
-$vertical_spin=0;       # shift "verticaly" defaults to 0, because of
-                        # its proof-of-concept status, see below...
-
-$s0="eax";
-$s1="ebx";
-$s2="ecx";
-$s3="edx";
-$key="esi";
-$acc="edi";
-
-if ($vertical_spin) {
-        # I need high parts of volatile registers to be accessible...
-        $s1="esi";      $key="ebx";
-        $s2="edi";      $acc="ecx";
-}
-# Note that there is no decvert(), as well as last encryption round is
-# performed with "horizontal" shifts. This is because this "vertical"
-# implementation [one which groups shifts on a given $s[i] to form a
-# "column," unlike "horizontal" one, which groups shifts on different
-# $s[i] to form a "row"] is work in progress. It was observed to run
-# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
-# whole 12% slower:-( So we face a trade-off... Shall it be resolved
-# some day? Till then the code is considered experimental and by
-# default remains dormant...
-
-sub encvert()
-{ my ($te,@s) = @_;
-  my $v0 = $acc, $v1 = $key;
-
-        &mov    ($v0,$s[3]);                            # copy s3
-        &mov    (&DWP(0,"esp"),$s[2]);                  # save s2
-        &mov    ($v1,$s[0]);                            # copy s0
-        &mov    (&DWP(4,"esp"),$s[1]);                  # save s1
-
-        &movz   ($s[2],&HB($s[0]));
-        &and    ($s[0],0xFF);
-        &mov    ($s[0],&DWP(1024*0,$te,$s[0],4));       # s0>>0
-        &shr    ($v1,16);
-        &mov    ($s[3],&DWP(1024*1,$te,$s[2],4));       # s0>>8
-        &movz   ($s[1],&HB($v1));
-        &and    ($v1,0xFF);
-        &mov    ($s[2],&DWP(1024*2,$te,$v1,4));         # s0>>16
-         &mov   ($v1,$v0);
-        &mov    ($s[1],&DWP(1024*3,$te,$s[1],4));       # s0>>24
-
-        &and    ($v0,0xFF);
-        &xor    ($s[3],&DWP(1024*0,$te,$v0,4));         # s3>>0
-        &movz   ($v0,&HB($v1));
-        &shr    ($v1,16);
-        &xor    ($s[2],&DWP(1024*1,$te,$v0,4));         # s3>>8
-        &movz   ($v0,&HB($v1));
-        &and    ($v1,0xFF);
-        &xor    ($s[1],&DWP(1024*2,$te,$v1,4));         # s3>>16
-         &mov   ($v1,&DWP(0,"esp"));                    # restore s2
-        &xor    ($s[0],&DWP(1024*3,$te,$v0,4));         # s3>>24
-
-        &mov    ($v0,$v1);
-        &and    ($v1,0xFF);
-        &xor    ($s[2],&DWP(1024*0,$te,$v1,4));         # s2>>0
-        &movz   ($v1,&HB($v0));
-        &shr    ($v0,16);
-        &xor    ($s[1],&DWP(1024*1,$te,$v1,4));         # s2>>8
-        &movz   ($v1,&HB($v0));
-        &and    ($v0,0xFF);
-        &xor    ($s[0],&DWP(1024*2,$te,$v0,4));         # s2>>16
-         &mov   ($v0,&DWP(4,"esp"));                    # restore s1
-        &xor    ($s[3],&DWP(1024*3,$te,$v1,4));         # s2>>24
-
-        &mov    ($v1,$v0);
-        &and    ($v0,0xFF);
-        &xor    ($s[1],&DWP(1024*0,$te,$v0,4));         # s1>>0
-        &movz   ($v0,&HB($v1));
-        &shr    ($v1,16);
-        &xor    ($s[0],&DWP(1024*1,$te,$v0,4));         # s1>>8
-        &movz   ($v0,&HB($v1));
-        &and    ($v1,0xFF);
-        &xor    ($s[3],&DWP(1024*2,$te,$v1,4));         # s1>>16
-         &mov   ($key,&DWP(12,"esp"));                  # reincarnate v1 as key
-        &xor    ($s[2],&DWP(1024*3,$te,$v0,4));         # s1>>24
-}
-
-sub encstep()
-{ my ($i,$te,@s) = @_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-        # lines marked with #%e?x[i] denote "reordered" instructions...
-        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
-        else        {   &mov    ($out,$s[0]);
-                        &and    ($out,0xFF);                    }
-        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
-        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
-                        &mov    ($out,&DWP(1024*0,$te,$out,4));
-
-        if ($i==3)  {   $tmp=$s[1];                             }##%eax
-                        &movz   ($tmp,&HB($s[1]));
-                        &xor    ($out,&DWP(1024*1,$te,$tmp,4));
-
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
-        else        {   &mov    ($tmp,$s[2]);
-                        &shr    ($tmp,16);                      }
-        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
-                        &and    ($tmp,0xFF);
-                        &xor    ($out,&DWP(1024*2,$te,$tmp,4));
-
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
-        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
-        else        {   &mov    ($tmp,$s[3]); 
-                        &shr    ($tmp,24)                       }
-                        &xor    ($out,&DWP(1024*3,$te,$tmp,4));
-        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],$acc);                   }
-                        &comment();
-}
-
-sub enclast()
-{ my ($i,$te,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
-        else        {   &mov    ($out,$s[0]);                   }
-                        &and    ($out,0xFF);
-        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
-        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
-                        &mov    ($out,&DWP(1024*0,$te,$out,4));
-                        &and    ($out,0x000000ff);
-
-        if ($i==3)  {   $tmp=$s[1];                             }##%eax
-                        &movz   ($tmp,&HB($s[1]));
-                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
-                        &and    ($tmp,0x0000ff00);
-                        &xor    ($out,$tmp);
-
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
-        else        {   mov     ($tmp,$s[2]);
-                        &shr    ($tmp,16);                      }
-        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
-                        &and    ($tmp,0xFF);
-                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
-                        &and    ($tmp,0x00ff0000);
-                        &xor    ($out,$tmp);
-
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
-        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
-        else        {   &mov    ($tmp,$s[3]);
-                        &shr    ($tmp,24);                      }
-                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
-                        &and    ($tmp,0xff000000);
-                        &xor    ($out,$tmp);
-        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],$acc);                   }
-}
-
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Te");
-&function_begin("AES_encrypt");
-        &mov    ($acc,&wparam(0));              # load inp
-        &mov    ($key,&wparam(2));              # load key
-
-        &call   (&label("pic_point"));          # make it PIC!
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-
-        # allocate aligned stack frame
-        &mov    ($s0,"esp");
-        &sub    ("esp",20);
-        &and    ("esp",-16);
-
-        &mov    (&DWP(12,"esp"),$key);          # save key
-        &mov    (&DWP(16,"esp"),$s0);           # save %esp
-
-        &mov    ($s0,&DWP(0,$acc));             # load input data
-        &mov    ($s1,&DWP(4,$acc));
-        &mov    ($s2,&DWP(8,$acc));
-        &mov    ($s3,&DWP(12,$acc));
-
-        &xor    ($s0,&DWP(0,$key));
-        &xor    ($s1,&DWP(4,$key));
-        &xor    ($s2,&DWP(8,$key));
-        &xor    ($s3,&DWP(12,$key));
-
-        &mov    ($acc,&DWP(240,$key));          # load key->rounds
-
-        if ($small_footprint) {
-            &lea        ($acc,&DWP(-2,$acc,$acc));
-            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
-            &align      (4);
-            &set_label("loop");
-                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
-                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
-                }
-                &add    ($key,16);                      # advance rd_key
-                &xor    ($s0,&DWP(0,$key));
-                &xor    ($s1,&DWP(4,$key));
-                &xor    ($s2,&DWP(8,$key));
-                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(8,"esp"));
-            &mov        (&DWP(12,"esp"),$key);
-            &jb         (&label("loop"));
-        }
-        else {
-            &cmp        ($acc,10);
-            &jle        (&label("10rounds"));
-            &cmp        ($acc,12);
-            &jle        (&label("12rounds"));
-
-        &set_label("14rounds");
-            for ($i=1;$i<3;$i++) {
-                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
-                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
-                }
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
-        &set_label("12rounds");
-            for ($i=1;$i<3;$i++) {
-                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
-                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
-                }
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
-        &set_label("10rounds");
-            for ($i=1;$i<10;$i++) {
-                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
-                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
-                }
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-        }
-
-        &add    ("ebp",4*1024);                 # skip to Te4
-        if ($vertical_spin) {
-            # "reincarnate" some registers for "horizontal" spin...
-            &mov        ($s1="ebx",$key="esi");
-            &mov        ($s2="ecx",$acc="edi");
-        }
-        &enclast(0,"ebp",$s0,$s1,$s2,$s3);
-        &enclast(1,"ebp",$s1,$s2,$s3,$s0);
-        &enclast(2,"ebp",$s2,$s3,$s0,$s1);
-        &enclast(3,"ebp",$s3,$s0,$s1,$s2);
-
-        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
-        &add    ($key,$small_footprint?16:160);
-        &xor    ($s0,&DWP(0,$key));
-        &xor    ($s1,&DWP(4,$key));
-        &xor    ($s2,&DWP(8,$key));
-        &xor    ($s3,&DWP(12,$key));
-
-        &mov    ($acc,&wparam(1));              # load out
-        &mov    (&DWP(0,$acc),$s0);             # write output data
-        &mov    (&DWP(4,$acc),$s1);
-        &mov    (&DWP(8,$acc),$s2);
-        &mov    (&DWP(12,$acc),$s3);
-
-        &pop    ("edi");
-        &pop    ("esi");
-        &pop    ("ebx");
-        &pop    ("ebp");
-        &ret    ();
-
-&set_label("AES_Te",64);        # Yes! I keep it in the code segment!
-        &data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
-        &data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
-        &data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
-        &data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
-        &data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
-        &data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
-        &data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
-        &data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
-        &data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
-        &data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
-        &data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
-        &data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
-        &data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
-        &data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
-        &data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
-        &data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
-        &data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
-        &data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
-        &data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
-        &data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
-        &data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
-        &data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
-        &data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
-        &data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
-        &data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
-        &data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
-        &data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
-        &data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
-        &data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
-        &data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
-        &data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
-        &data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
-        &data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
-        &data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
-        &data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
-        &data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
-        &data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
-        &data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
-        &data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
-        &data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
-        &data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
-        &data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
-        &data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
-        &data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
-        &data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
-        &data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
-        &data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
-        &data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
-        &data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
-        &data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
-        &data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
-        &data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
-        &data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
-        &data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
-        &data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
-        &data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
-        &data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
-        &data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
-        &data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
-        &data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
-        &data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
-        &data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
-        &data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
-        &data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-#Te1:
-        &data_word(0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d);
-        &data_word(0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154);
-        &data_word(0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d);
-        &data_word(0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a);
-        &data_word(0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87);
-        &data_word(0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b);
-        &data_word(0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea);
-        &data_word(0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b);
-        &data_word(0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a);
-        &data_word(0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f);
-        &data_word(0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908);
-        &data_word(0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f);
-        &data_word(0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e);
-        &data_word(0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5);
-        &data_word(0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d);
-        &data_word(0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f);
-        &data_word(0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e);
-        &data_word(0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb);
-        &data_word(0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce);
-        &data_word(0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397);
-        &data_word(0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c);
-        &data_word(0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed);
-        &data_word(0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b);
-        &data_word(0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a);
-        &data_word(0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16);
-        &data_word(0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194);
-        &data_word(0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81);
-        &data_word(0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3);
-        &data_word(0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a);
-        &data_word(0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104);
-        &data_word(0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263);
-        &data_word(0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d);
-        &data_word(0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f);
-        &data_word(0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39);
-        &data_word(0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47);
-        &data_word(0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695);
-        &data_word(0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f);
-        &data_word(0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83);
-        &data_word(0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c);
-        &data_word(0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76);
-        &data_word(0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e);
-        &data_word(0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4);
-        &data_word(0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6);
-        &data_word(0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b);
-        &data_word(0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7);
-        &data_word(0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0);
-        &data_word(0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25);
-        &data_word(0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018);
-        &data_word(0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72);
-        &data_word(0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751);
-        &data_word(0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21);
-        &data_word(0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85);
-        &data_word(0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa);
-        &data_word(0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12);
-        &data_word(0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0);
-        &data_word(0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9);
-        &data_word(0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233);
-        &data_word(0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7);
-        &data_word(0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920);
-        &data_word(0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a);
-        &data_word(0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17);
-        &data_word(0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8);
-        &data_word(0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11);
-        &data_word(0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a);
-#Te2:
-        &data_word(0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b);
-        &data_word(0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5);
-        &data_word(0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b);
-        &data_word(0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76);
-        &data_word(0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d);
-        &data_word(0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0);
-        &data_word(0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf);
-        &data_word(0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0);
-        &data_word(0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26);
-        &data_word(0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc);
-        &data_word(0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1);
-        &data_word(0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15);
-        &data_word(0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3);
-        &data_word(0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a);
-        &data_word(0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2);
-        &data_word(0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75);
-        &data_word(0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a);
-        &data_word(0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0);
-        &data_word(0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3);
-        &data_word(0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784);
-        &data_word(0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced);
-        &data_word(0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b);
-        &data_word(0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39);
-        &data_word(0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf);
-        &data_word(0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb);
-        &data_word(0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485);
-        &data_word(0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f);
-        &data_word(0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8);
-        &data_word(0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f);
-        &data_word(0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5);
-        &data_word(0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321);
-        &data_word(0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2);
-        &data_word(0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec);
-        &data_word(0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917);
-        &data_word(0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d);
-        &data_word(0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573);
-        &data_word(0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc);
-        &data_word(0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388);
-        &data_word(0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14);
-        &data_word(0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db);
-        &data_word(0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a);
-        &data_word(0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c);
-        &data_word(0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662);
-        &data_word(0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79);
-        &data_word(0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d);
-        &data_word(0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9);
-        &data_word(0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea);
-        &data_word(0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808);
-        &data_word(0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e);
-        &data_word(0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6);
-        &data_word(0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f);
-        &data_word(0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a);
-        &data_word(0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66);
-        &data_word(0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e);
-        &data_word(0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9);
-        &data_word(0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e);
-        &data_word(0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311);
-        &data_word(0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794);
-        &data_word(0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9);
-        &data_word(0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf);
-        &data_word(0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d);
-        &data_word(0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868);
-        &data_word(0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f);
-        &data_word(0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16);
-#Te3:
-        &data_word(0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b);
-        &data_word(0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5);
-        &data_word(0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b);
-        &data_word(0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676);
-        &data_word(0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d);
-        &data_word(0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0);
-        &data_word(0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf);
-        &data_word(0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0);
-        &data_word(0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626);
-        &data_word(0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc);
-        &data_word(0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1);
-        &data_word(0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515);
-        &data_word(0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3);
-        &data_word(0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a);
-        &data_word(0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2);
-        &data_word(0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575);
-        &data_word(0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a);
-        &data_word(0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0);
-        &data_word(0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3);
-        &data_word(0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484);
-        &data_word(0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded);
-        &data_word(0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b);
-        &data_word(0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939);
-        &data_word(0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf);
-        &data_word(0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb);
-        &data_word(0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585);
-        &data_word(0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f);
-        &data_word(0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8);
-        &data_word(0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f);
-        &data_word(0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5);
-        &data_word(0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121);
-        &data_word(0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2);
-        &data_word(0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec);
-        &data_word(0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717);
-        &data_word(0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d);
-        &data_word(0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373);
-        &data_word(0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc);
-        &data_word(0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888);
-        &data_word(0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414);
-        &data_word(0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb);
-        &data_word(0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a);
-        &data_word(0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c);
-        &data_word(0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262);
-        &data_word(0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979);
-        &data_word(0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d);
-        &data_word(0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9);
-        &data_word(0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea);
-        &data_word(0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808);
-        &data_word(0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e);
-        &data_word(0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6);
-        &data_word(0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f);
-        &data_word(0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a);
-        &data_word(0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666);
-        &data_word(0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e);
-        &data_word(0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9);
-        &data_word(0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e);
-        &data_word(0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111);
-        &data_word(0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494);
-        &data_word(0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9);
-        &data_word(0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf);
-        &data_word(0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d);
-        &data_word(0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868);
-        &data_word(0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f);
-        &data_word(0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616);
-#Te4:
-        &data_word(0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b);
-        &data_word(0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5);
-        &data_word(0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b);
-        &data_word(0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676);
-        &data_word(0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d);
-        &data_word(0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0);
-        &data_word(0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf);
-        &data_word(0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0);
-        &data_word(0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626);
-        &data_word(0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc);
-        &data_word(0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1);
-        &data_word(0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515);
-        &data_word(0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3);
-        &data_word(0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a);
-        &data_word(0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2);
-        &data_word(0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575);
-        &data_word(0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a);
-        &data_word(0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0);
-        &data_word(0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3);
-        &data_word(0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484);
-        &data_word(0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed);
-        &data_word(0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b);
-        &data_word(0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939);
-        &data_word(0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf);
-        &data_word(0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb);
-        &data_word(0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585);
-        &data_word(0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f);
-        &data_word(0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8);
-        &data_word(0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f);
-        &data_word(0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5);
-        &data_word(0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121);
-        &data_word(0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2);
-        &data_word(0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec);
-        &data_word(0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717);
-        &data_word(0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d);
-        &data_word(0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373);
-        &data_word(0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc);
-        &data_word(0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888);
-        &data_word(0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414);
-        &data_word(0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb);
-        &data_word(0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a);
-        &data_word(0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c);
-        &data_word(0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262);
-        &data_word(0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979);
-        &data_word(0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d);
-        &data_word(0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9);
-        &data_word(0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea);
-        &data_word(0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808);
-        &data_word(0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e);
-        &data_word(0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6);
-        &data_word(0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f);
-        &data_word(0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a);
-        &data_word(0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666);
-        &data_word(0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e);
-        &data_word(0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9);
-        &data_word(0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e);
-        &data_word(0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111);
-        &data_word(0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494);
-        &data_word(0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9);
-        &data_word(0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf);
-        &data_word(0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d);
-        &data_word(0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868);
-        &data_word(0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f);
-        &data_word(0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616);
-#rcon:
-        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
-        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
-        &data_word(0x0000001b, 0x00000036);
-&function_end_B("AES_encrypt");
-
-#------------------------------------------------------------------#
-
-$s0="eax";
-$s1="ebx";
-$s2="ecx";
-$s3="edx";
-$key="edi";
-$acc="esi";
-
-sub decstep()
-{ my ($i,$td,@s) = @_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-        # no instructions are reordered, as performance appears
-        # optimal... or rather that all attempts to reorder didn't
-        # result in better performance [which by the way is not a
-        # bit lower than ecryption].
-        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
-        else        {   &mov    ($out,$s[0]);                   }
-                        &and    ($out,0xFF);
-                        &mov    ($out,&DWP(1024*0,$td,$out,4));
-
-        if ($i==3)  {   $tmp=$s[1];                             }
-                        &movz   ($tmp,&HB($s[1]));
-                        &xor    ($out,&DWP(1024*1,$td,$tmp,4));
-
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
-        else        {   &mov    ($tmp,$s[2]);                   }
-                        &shr    ($tmp,16);
-                        &and    ($tmp,0xFF);
-                        &xor    ($out,&DWP(1024*2,$td,$tmp,4));
-
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
-        else        {   &mov    ($tmp,$s[3]);                   }
-                        &shr    ($tmp,24);
-                        &xor    ($out,&DWP(1024*3,$td,$tmp,4));
-        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
-                        &comment();
-}
-
-sub declast()
-{ my ($i,$td,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
-        else        {   &mov    ($out,$s[0]);                   }
-                        &and    ($out,0xFF);
-                        &mov    ($out,&DWP(0,$td,$out,4));
-                        &and    ($out,0x000000ff);
-
-        if ($i==3)  {   $tmp=$s[1];                             }
-                        &movz   ($tmp,&HB($s[1]));
-                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &and    ($tmp,0x0000ff00);
-                        &xor    ($out,$tmp);
-
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
-        else        {   mov     ($tmp,$s[2]);                   }
-                        &shr    ($tmp,16);
-                        &and    ($tmp,0xFF);
-                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &and    ($tmp,0x00ff0000);
-                        &xor    ($out,$tmp);
-
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
-        else        {   &mov    ($tmp,$s[3]);                   }
-                        &shr    ($tmp,24);
-                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &and    ($tmp,0xff000000);
-                        &xor    ($out,$tmp);
-        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
-}
-
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
-&function_begin("AES_decrypt");
-        &mov    ($acc,&wparam(0));              # load inp
-        &mov    ($key,&wparam(2));              # load key
-
-        &call   (&label("pic_point"));          # make it PIC!
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-
-        # allocate aligned stack frame
-        &mov    ($s0,"esp");
-        &sub    ("esp",20);
-        &and    ("esp",-16);
-
-        &mov    (&DWP(12,"esp"),$key);          # save key
-        &mov    (&DWP(16,"esp"),$s0);           # save %esp
-
-        &mov    ($s0,&DWP(0,$acc));             # load input data
-        &mov    ($s1,&DWP(4,$acc));
-        &mov    ($s2,&DWP(8,$acc));
-        &mov    ($s3,&DWP(12,$acc));
-
-        &xor    ($s0,&DWP(0,$key));
-        &xor    ($s1,&DWP(4,$key));
-        &xor    ($s2,&DWP(8,$key));
-        &xor    ($s3,&DWP(12,$key));
-
-        &mov    ($acc,&DWP(240,$key));          # load key->rounds
-
-        if ($small_footprint) {
-            &lea        ($acc,&DWP(-2,$acc,$acc));
-            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
-            &align      (4);
-            &set_label("loop");
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
-                &add    ($key,16);                      # advance rd_key
-                &xor    ($s0,&DWP(0,$key));
-                &xor    ($s1,&DWP(4,$key));
-                &xor    ($s2,&DWP(8,$key));
-                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(8,"esp"));
-            &mov        (&DWP(12,"esp"),$key);
-            &jb         (&label("loop"));
-        }
-        else {
-            &cmp        ($acc,10);
-            &jle        (&label("10rounds"));
-            &cmp        ($acc,12);
-            &jle        (&label("12rounds"));
-
-        &set_label("14rounds");
-            for ($i=1;$i<3;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
-        &set_label("12rounds");
-            for ($i=1;$i<3;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
-        &set_label("10rounds");
-            for ($i=1;$i<10;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
-                &xor    ($s0,&DWP(16*$i+0,$key));
-                &xor    ($s1,&DWP(16*$i+4,$key));
-                &xor    ($s2,&DWP(16*$i+8,$key));
-                &xor    ($s3,&DWP(16*$i+12,$key));
-            }
-        }
-
-        &add    ("ebp",4*1024);                 # skip to Te4
-        &declast(0,"ebp",$s0,$s3,$s2,$s1);
-        &declast(1,"ebp",$s1,$s0,$s3,$s2);
-        &declast(2,"ebp",$s2,$s1,$s0,$s3);
-        &declast(3,"ebp",$s3,$s2,$s1,$s0);
-
-        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
-        &add    ($key,$small_footprint?16:160);
-        &xor    ($s0,&DWP(0,$key));
-        &xor    ($s1,&DWP(4,$key));
-        &xor    ($s2,&DWP(8,$key));
-        &xor    ($s3,&DWP(12,$key));
-
-        &mov    ($key,&wparam(1));              # load out
-        &mov    (&DWP(0,$key),$s0);             # write output data
-        &mov    (&DWP(4,$key),$s1);
-        &mov    (&DWP(8,$key),$s2);
-        &mov    (&DWP(12,$key),$s3);
-
-        &pop    ("edi");
-        &pop    ("esi");
-        &pop    ("ebx");
-        &pop    ("ebp");
-        &ret    ();
-
-&set_label("AES_Td",64);        # Yes! I keep it in the code segment!
-        &data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
-        &data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
-        &data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
-        &data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
-        &data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
-        &data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
-        &data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
-        &data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
-        &data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
-        &data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
-        &data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
-        &data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
-        &data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
-        &data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
-        &data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
-        &data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
-        &data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
-        &data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
-        &data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
-        &data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
-        &data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
-        &data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
-        &data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
-        &data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
-        &data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
-        &data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
-        &data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
-        &data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
-        &data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
-        &data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
-        &data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
-        &data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
-        &data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
-        &data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
-        &data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
-        &data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
-        &data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
-        &data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
-        &data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
-        &data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
-        &data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
-        &data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
-        &data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
-        &data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
-        &data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
-        &data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
-        &data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
-        &data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
-        &data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
-        &data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
-        &data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
-        &data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
-        &data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
-        &data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
-        &data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
-        &data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
-        &data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
-        &data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
-        &data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
-        &data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
-        &data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
-        &data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
-        &data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
-        &data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td1:
-        &data_word(0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96);
-        &data_word(0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93);
-        &data_word(0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525);
-        &data_word(0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f);
-        &data_word(0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1);
-        &data_word(0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6);
-        &data_word(0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da);
-        &data_word(0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44);
-        &data_word(0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd);
-        &data_word(0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4);
-        &data_word(0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245);
-        &data_word(0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994);
-        &data_word(0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7);
-        &data_word(0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a);
-        &data_word(0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5);
-        &data_word(0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c);
-        &data_word(0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1);
-        &data_word(0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a);
-        &data_word(0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475);
-        &data_word(0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51);
-        &data_word(0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46);
-        &data_word(0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff);
-        &data_word(0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777);
-        &data_word(0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db);
-        &data_word(0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000);
-        &data_word(0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e);
-        &data_word(0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627);
-        &data_word(0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a);
-        &data_word(0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e);
-        &data_word(0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16);
-        &data_word(0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d);
-        &data_word(0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8);
-        &data_word(0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd);
-        &data_word(0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34);
-        &data_word(0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863);
-        &data_word(0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420);
-        &data_word(0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d);
-        &data_word(0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0);
-        &data_word(0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722);
-        &data_word(0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef);
-        &data_word(0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836);
-        &data_word(0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4);
-        &data_word(0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462);
-        &data_word(0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5);
-        &data_word(0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3);
-        &data_word(0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b);
-        &data_word(0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8);
-        &data_word(0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6);
-        &data_word(0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6);
-        &data_word(0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0);
-        &data_word(0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315);
-        &data_word(0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f);
-        &data_word(0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df);
-        &data_word(0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f);
-        &data_word(0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e);
-        &data_word(0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13);
-        &data_word(0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89);
-        &data_word(0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c);
-        &data_word(0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf);
-        &data_word(0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886);
-        &data_word(0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f);
-        &data_word(0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41);
-        &data_word(0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490);
-        &data_word(0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042);
-#Td2:
-        &data_word(0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e);
-        &data_word(0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303);
-        &data_word(0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c);
-        &data_word(0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3);
-        &data_word(0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0);
-        &data_word(0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9);
-        &data_word(0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59);
-        &data_word(0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8);
-        &data_word(0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71);
-        &data_word(0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a);
-        &data_word(0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f);
-        &data_word(0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b);
-        &data_word(0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8);
-        &data_word(0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab);
-        &data_word(0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508);
-        &data_word(0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82);
-        &data_word(0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2);
-        &data_word(0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe);
-        &data_word(0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb);
-        &data_word(0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110);
-        &data_word(0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd);
-        &data_word(0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15);
-        &data_word(0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e);
-        &data_word(0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee);
-        &data_word(0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000);
-        &data_word(0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72);
-        &data_word(0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739);
-        &data_word(0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e);
-        &data_word(0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91);
-        &data_word(0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a);
-        &data_word(0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17);
-        &data_word(0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9);
-        &data_word(0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60);
-        &data_word(0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e);
-        &data_word(0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1);
-        &data_word(0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011);
-        &data_word(0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1);
-        &data_word(0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3);
-        &data_word(0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264);
-        &data_word(0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90);
-        &data_word(0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b);
-        &data_word(0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf);
-        &data_word(0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246);
-        &data_word(0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af);
-        &data_word(0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312);
-        &data_word(0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb);
-        &data_word(0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a);
-        &data_word(0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8);
-        &data_word(0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c);
-        &data_word(0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066);
-        &data_word(0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8);
-        &data_word(0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6);
-        &data_word(0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04);
-        &data_word(0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51);
-        &data_word(0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41);
-        &data_word(0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347);
-        &data_word(0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c);
-        &data_word(0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1);
-        &data_word(0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37);
-        &data_word(0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db);
-        &data_word(0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40);
-        &data_word(0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195);
-        &data_word(0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1);
-        &data_word(0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257);
-#Td3:
-        &data_word(0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27);
-        &data_word(0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3);
-        &data_word(0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02);
-        &data_word(0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362);
-        &data_word(0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe);
-        &data_word(0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3);
-        &data_word(0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952);
-        &data_word(0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9);
-        &data_word(0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9);
-        &data_word(0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace);
-        &data_word(0x63184adf, 0xe582311a, 0x97603351, 0x62457f53);
-        &data_word(0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08);
-        &data_word(0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b);
-        &data_word(0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55);
-        &data_word(0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837);
-        &data_word(0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216);
-        &data_word(0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269);
-        &data_word(0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6);
-        &data_word(0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6);
-        &data_word(0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e);
-        &data_word(0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6);
-        &data_word(0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550);
-        &data_word(0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9);
-        &data_word(0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8);
-        &data_word(0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000);
-        &data_word(0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a);
-        &data_word(0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d);
-        &data_word(0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36);
-        &data_word(0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b);
-        &data_word(0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12);
-        &data_word(0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b);
-        &data_word(0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e);
-        &data_word(0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f);
-        &data_word(0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb);
-        &data_word(0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4);
-        &data_word(0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6);
-        &data_word(0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129);
-        &data_word(0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1);
-        &data_word(0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9);
-        &data_word(0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033);
-        &data_word(0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4);
-        &data_word(0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad);
-        &data_word(0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e);
-        &data_word(0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3);
-        &data_word(0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225);
-        &data_word(0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b);
-        &data_word(0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f);
-        &data_word(0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815);
-        &data_word(0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0);
-        &data_word(0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2);
-        &data_word(0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7);
-        &data_word(0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691);
-        &data_word(0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496);
-        &data_word(0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165);
-        &data_word(0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b);
-        &data_word(0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6);
-        &data_word(0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13);
-        &data_word(0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147);
-        &data_word(0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7);
-        &data_word(0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44);
-        &data_word(0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3);
-        &data_word(0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d);
-        &data_word(0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156);
-        &data_word(0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8);
-#Td4:
-        &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
-        &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
-        &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
-        &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
-        &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
-        &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
-        &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
-        &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
-        &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
-        &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
-        &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
-        &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
-        &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
-        &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
-        &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
-        &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
-        &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
-        &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
-        &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
-        &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
-        &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
-        &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
-        &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
-        &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
-        &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
-        &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
-        &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
-        &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
-        &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
-        &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
-        &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
-        &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
-        &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
-        &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
-        &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
-        &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
-        &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
-        &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
-        &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
-        &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
-        &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
-        &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
-        &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
-        &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
-        &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
-        &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
-        &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
-        &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
-        &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
-        &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
-        &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
-        &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
-        &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
-        &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
-        &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
-        &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
-        &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
-        &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
-        &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
-        &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
-        &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
-        &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
-        &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
-        &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
-&function_end_B("AES_decrypt");
-
-sub enckey()
-{
-        &movz   ("esi",&LB("edx"));             # rk[i]>>0
-        &mov    ("ebx",&DWP(0,"ebp","esi",4));
-        &movz   ("esi",&HB("edx"));             # rk[i]>>8
-        &and    ("ebx",0xFF000000);
-        &xor    ("eax","ebx");
-
-        &mov    ("ebx",&DWP(0,"ebp","esi",4));
-        &shr    ("edx",16);
-        &and    ("ebx",0x000000FF);
-        &movz   ("esi",&LB("edx"));             # rk[i]>>16
-        &xor    ("eax","ebx");
-
-        &mov    ("ebx",&DWP(0,"ebp","esi",4));
-        &movz   ("esi",&HB("edx"));             # rk[i]>>24
-        &and    ("ebx",0x0000FF00);
-        &xor    ("eax","ebx");
-
-        &mov    ("ebx",&DWP(0,"ebp","esi",4));
-        &and    ("ebx",0x00FF0000);
-        &xor    ("eax","ebx");
-
-        &xor    ("eax",&DWP(1024,"ebp","ecx",4));       # rcon
-}
-
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-&public_label("AES_Te");
-&function_begin("AES_set_encrypt_key");
-        &mov    ("esi",&wparam(0));             # user supplied key
-        &mov    ("edi",&wparam(2));             # private key schedule
-
-        &test   ("esi",-1);
-        &jz     (&label("badpointer"));
-        &test   ("edi",-1);
-        &jz     (&label("badpointer"));
-
-        &call   (&label("pic_point"));
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-        &add    ("ebp",1024*4);                 # skip to Te4
-
-        &mov    ("ecx",&wparam(1));             # number of bits in key
-        &cmp    ("ecx",128);
-        &je     (&label("10rounds"));
-        &cmp    ("ecx",192);
-        &je     (&label("12rounds"));
-        &cmp    ("ecx",256);
-        &je     (&label("14rounds"));
-        &mov    ("eax",-2);                     # invalid number of bits
-        &jmp    (&label("exit"));
-
-    &set_label("10rounds");
-        &mov    ("eax",&DWP(0,"esi"));          # copy first 4 dwords
-        &mov    ("ebx",&DWP(4,"esi"));
-        &mov    ("ecx",&DWP(8,"esi"));
-        &mov    ("edx",&DWP(12,"esi"));
-        &mov    (&DWP(0,"edi"),"eax");
-        &mov    (&DWP(4,"edi"),"ebx");
-        &mov    (&DWP(8,"edi"),"ecx");
-        &mov    (&DWP(12,"edi"),"edx");
-
-        &xor    ("ecx","ecx");
-        &jmp    (&label("10shortcut"));
-
-        &align  (4);
-        &set_label("10loop");
-                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
-                &mov    ("edx",&DWP(12,"edi"));         # rk[3]
-        &set_label("10shortcut");
-                &enckey ();
-
-                &mov    (&DWP(16,"edi"),"eax");         # rk[4]
-                &xor    ("eax",&DWP(4,"edi"));
-                &mov    (&DWP(20,"edi"),"eax");         # rk[5]
-                &xor    ("eax",&DWP(8,"edi"));
-                &mov    (&DWP(24,"edi"),"eax");         # rk[6]
-                &xor    ("eax",&DWP(12,"edi"));
-                &mov    (&DWP(28,"edi"),"eax");         # rk[7]
-                &inc    ("ecx");
-                &add    ("edi",16);
-                &cmp    ("ecx",10);
-        &jl     (&label("10loop"));
-
-        &mov    (&DWP(80,"edi"),10);            # setup number of rounds
-        &xor    ("eax","eax");
-        &jmp    (&label("exit"));
-                
-    &set_label("12rounds");
-        &mov    ("eax",&DWP(0,"esi"));          # copy first 6 dwords
-        &mov    ("ebx",&DWP(4,"esi"));
-        &mov    ("ecx",&DWP(8,"esi"));
-        &mov    ("edx",&DWP(12,"esi"));
-        &mov    (&DWP(0,"edi"),"eax");
-        &mov    (&DWP(4,"edi"),"ebx");
-        &mov    (&DWP(8,"edi"),"ecx");
-        &mov    (&DWP(12,"edi"),"edx");
-        &mov    ("ecx",&DWP(16,"esi"));
-        &mov    ("edx",&DWP(20,"esi"));
-        &mov    (&DWP(16,"edi"),"ecx");
-        &mov    (&DWP(20,"edi"),"edx");
-
-        &xor    ("ecx","ecx");
-        &jmp    (&label("12shortcut"));
-
-        &align  (4);
-        &set_label("12loop");
-                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
-                &mov    ("edx",&DWP(20,"edi"));         # rk[5]
-        &set_label("12shortcut");
-                &enckey ();
-
-                &mov    (&DWP(24,"edi"),"eax");         # rk[6]
-                &xor    ("eax",&DWP(4,"edi"));
-                &mov    (&DWP(28,"edi"),"eax");         # rk[7]
-                &xor    ("eax",&DWP(8,"edi"));
-                &mov    (&DWP(32,"edi"),"eax");         # rk[8]
-                &xor    ("eax",&DWP(12,"edi"));
-                &mov    (&DWP(36,"edi"),"eax");         # rk[9]
-
-                &cmp    ("ecx",7);
-                &je     (&label("12break"));
-                &inc    ("ecx");
-
-                &xor    ("eax",&DWP(16,"edi"));
-                &mov    (&DWP(40,"edi"),"eax");         # rk[10]
-                &xor    ("eax",&DWP(20,"edi"));
-                &mov    (&DWP(44,"edi"),"eax");         # rk[11]
-
-                &add    ("edi",24);
-        &jmp    (&label("12loop"));
-
-        &set_label("12break");
-        &mov    (&DWP(72,"edi"),12);            # setup number of rounds
-        &xor    ("eax","eax");
-        &jmp    (&label("exit"));
-
-    &set_label("14rounds");
-        &mov    ("eax",&DWP(0,"esi"));          # copy first 8 dwords
-        &mov    ("ebx",&DWP(4,"esi"));
-        &mov    ("ecx",&DWP(8,"esi"));
-        &mov    ("edx",&DWP(12,"esi"));
-        &mov    (&DWP(0,"edi"),"eax");
-        &mov    (&DWP(4,"edi"),"ebx");
-        &mov    (&DWP(8,"edi"),"ecx");
-        &mov    (&DWP(12,"edi"),"edx");
-        &mov    ("eax",&DWP(16,"esi"));
-        &mov    ("ebx",&DWP(20,"esi"));
-        &mov    ("ecx",&DWP(24,"esi"));
-        &mov    ("edx",&DWP(28,"esi"));
-        &mov    (&DWP(16,"edi"),"eax");
-        &mov    (&DWP(20,"edi"),"ebx");
-        &mov    (&DWP(24,"edi"),"ecx");
-        &mov    (&DWP(28,"edi"),"edx");
-
-        &xor    ("ecx","ecx");
-        &jmp    (&label("14shortcut"));
-
-        &align  (4);
-        &set_label("14loop");
-                &mov    ("edx",&DWP(28,"edi"));         # rk[7]
-        &set_label("14shortcut");
-                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
-
-                &enckey ();
-
-                &mov    (&DWP(32,"edi"),"eax");         # rk[8]
-                &xor    ("eax",&DWP(4,"edi"));
-                &mov    (&DWP(36,"edi"),"eax");         # rk[9]
-                &xor    ("eax",&DWP(8,"edi"));
-                &mov    (&DWP(40,"edi"),"eax");         # rk[10]
-                &xor    ("eax",&DWP(12,"edi"));
-                &mov    (&DWP(44,"edi"),"eax");         # rk[11]
-
-                &cmp    ("ecx",6);
-                &je     (&label("14break"));
-                &inc    ("ecx");
-
-                &mov    ("edx","eax");
-                &mov    ("eax",&DWP(16,"edi"));         # rk[4]
-                &movz   ("esi",&LB("edx"));             # rk[11]>>0
-                &mov    ("ebx",&DWP(0,"ebp","esi",4));
-                &movz   ("esi",&HB("edx"));             # rk[11]>>8
-                &and    ("ebx",0x000000FF);
-                &xor    ("eax","ebx");
-
-                &mov    ("ebx",&DWP(0,"ebp","esi",4));
-                &shr    ("edx",16);
-                &and    ("ebx",0x0000FF00);
-                &movz   ("esi",&LB("edx"));             # rk[11]>>16
-                &xor    ("eax","ebx");
-
-                &mov    ("ebx",&DWP(0,"ebp","esi",4));
-                &movz   ("esi",&HB("edx"));             # rk[11]>>24
-                &and    ("ebx",0x00FF0000);
-                &xor    ("eax","ebx");
-
-                &mov    ("ebx",&DWP(0,"ebp","esi",4));
-                &and    ("ebx",0xFF000000);
-                &xor    ("eax","ebx");
-
-                &mov    (&DWP(48,"edi"),"eax");         # rk[12]
-                &xor    ("eax",&DWP(20,"edi"));
-                &mov    (&DWP(52,"edi"),"eax");         # rk[13]
-                &xor    ("eax",&DWP(24,"edi"));
-                &mov    (&DWP(56,"edi"),"eax");         # rk[14]
-                &xor    ("eax",&DWP(28,"edi"));
-                &mov    (&DWP(60,"edi"),"eax");         # rk[15]
-
-                &add    ("edi",32);
-        &jmp    (&label("14loop"));
-
-        &set_label("14break");
-        &mov    (&DWP(48,"edi"),14);            # setup number of rounds
-        &xor    ("eax","eax");
-        &jmp    (&label("exit"));
-
-    &set_label("badpointer");
-        &mov    ("eax",-1);
-    &set_label("exit");
-&function_end("AES_set_encrypt_key");
-
-sub deckey()
-{ my ($i,$ptr,$te4,$td) = @_;
-
-        &mov    ("eax",&DWP($i,$ptr));
-        &mov    ("edx","eax");
-        &movz   ("ebx",&HB("eax"));
-        &shr    ("edx",16);
-        &and    ("eax",0xFF);
-        &movz   ("eax",&BP(0,$te4,"eax",4));
-        &movz   ("ebx",&BP(0,$te4,"ebx",4));
-        &mov    ("eax",&DWP(1024*0,$td,"eax",4));
-        &xor    ("eax",&DWP(1024*1,$td,"ebx",4));
-        &movz   ("ebx",&HB("edx"));
-        &and    ("edx",0xFF);
-        &movz   ("edx",&BP(0,$te4,"edx",4));
-        &movz   ("ebx",&BP(0,$te4,"ebx",4));
-        &xor    ("eax",&DWP(1024*2,$td,"edx",4));
-        &xor    ("eax",&DWP(1024*3,$td,"ebx",4));
-        &mov    (&DWP($i,$ptr),"eax");
-}
-
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-&public_label("AES_Td");
-&public_label("AES_Te");
-&function_begin_B("AES_set_decrypt_key");
-        &mov    ("eax",&wparam(0));
-        &mov    ("ecx",&wparam(1));
-        &mov    ("edx",&wparam(2));
-        &sub    ("esp",12);
-        &mov    (&DWP(0,"esp"),"eax");
-        &mov    (&DWP(4,"esp"),"ecx");
-        &mov    (&DWP(8,"esp"),"edx");
-        &call   ("AES_set_encrypt_key");
-        &add    ("esp",12);
-        &cmp    ("eax",0);
-        &je     (&label("proceed"));
-        &ret    ();
-
-    &set_label("proceed");
-        &push   ("ebp");
-        &push   ("ebx");
-        &push   ("esi");
-        &push   ("edi");
-
-        &mov    ("esi",&wparam(2));
-        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
-        &lea    ("ecx",&DWP(0,"","ecx",4));
-        &lea    ("edi",&DWP(0,"esi","ecx",4));  # pointer to last chunk
-
-        &align  (4);
-        &set_label("invert");                   # invert order of chunks
-                &mov    ("eax",&DWP(0,"esi"));
-                &mov    ("ebx",&DWP(4,"esi"));
-                &mov    ("ecx",&DWP(0,"edi"));
-                &mov    ("edx",&DWP(4,"edi"));
-                &mov    (&DWP(0,"edi"),"eax");
-                &mov    (&DWP(4,"edi"),"ebx");
-                &mov    (&DWP(0,"esi"),"ecx");
-                &mov    (&DWP(4,"esi"),"edx");
-                &mov    ("eax",&DWP(8,"esi"));
-                &mov    ("ebx",&DWP(12,"esi"));
-                &mov    ("ecx",&DWP(8,"edi"));
-                &mov    ("edx",&DWP(12,"edi"));
-                &mov    (&DWP(8,"edi"),"eax");
-                &mov    (&DWP(12,"edi"),"ebx");
-                &mov    (&DWP(8,"esi"),"ecx");
-                &mov    (&DWP(12,"esi"),"edx");
-                &add    ("esi",16);
-                &sub    ("edi",16);
-                &cmp    ("esi","edi");
-        &jne    (&label("invert"));
-
-        &call   (&label("pic_point"));
-        &set_label("pic_point");
-        blindpop("ebp");
-        &lea    ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-        &add    ("ebp",1024*4);                 # skip to Te4
-
-        &mov    ("esi",&wparam(2));
-        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
-        &dec    ("ecx");
-        &align  (4);
-        &set_label("permute");                  # permute the key schedule
-                &add    ("esi",16);
-                &deckey (0,"esi","ebp","edi");
-                &deckey (4,"esi","ebp","edi");
-                &deckey (8,"esi","ebp","edi");
-                &deckey (12,"esi","ebp","edi");
-                &dec    ("ecx");
-        &jnz    (&label("permute"));
-
-        &xor    ("eax","eax");                  # return success
-&function_end("AES_set_decrypt_key");
-
-&asm_finish();
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
deleted file mode 100644
index b81bf4fc81..0000000000
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
-{ return M_ASN1_BIT_STRING_set(x, d, len); }
-
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-        {
-        int ret,j,bits,len;
-        unsigned char *p,*d;
-
-        if (a == NULL) return(0);
-
-        len=a->length;
-
-        if (len > 0)
-                {
-                if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
-                        {
-                        bits=(int)a->flags&0x07;
-                        }
-                else
-                        {
-                        for ( ; len > 0; len--)
-                                {
-                                if (a->data[len-1]) break;
-                                }
-                        j=a->data[len-1];
-                        if      (j & 0x01) bits=0;
-                        else if (j & 0x02) bits=1;
-                        else if (j & 0x04) bits=2;
-                        else if (j & 0x08) bits=3;
-                        else if (j & 0x10) bits=4;
-                        else if (j & 0x20) bits=5;
-                        else if (j & 0x40) bits=6;
-                        else if (j & 0x80) bits=7;
-                        else bits=0; /* should not happen */
-                        }
-                }
-        else
-                bits=0;
-
-        ret=1+len;
-        if (pp == NULL) return(ret);
-
-        p= *pp;
-
-        *(p++)=(unsigned char)bits;
-        d=a->data;
-        memcpy(p,d,len);
-        p+=len;
-        if (len > 0) p[-1]&=(0xff<<bits);
-        *pp=p;
-        return(ret);
-        }
-
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-             long len)
-        {
-        ASN1_BIT_STRING *ret=NULL;
-        unsigned char *p,*s;
-        int i;
-
-        if (len < 1)
-                {
-                i=ASN1_R_STRING_TOO_SHORT;
-                goto err;
-                }
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
-                }
-        else
-                ret=(*a);
-
-        p= *pp;
-        i= *(p++);
-        /* We do this to preserve the settings.  If we modify
-         * the settings, via the _set_bit function, we will recalculate
-         * on output */
-        ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-        ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
-
-        if (len-- > 1) /* using one because of the bits left byte */
-                {
-                s=(unsigned char *)OPENSSL_malloc((int)len);
-                if (s == NULL)
-                        {
-                        i=ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                memcpy(s,p,(int)len);
-                s[len-1]&=(0xff<<i);
-                p+=len;
-                }
-        else
-                s=NULL;
-
-        ret->length=(int)len;
-        if (ret->data != NULL) OPENSSL_free(ret->data);
-        ret->data=s;
-        ret->type=V_ASN1_BIT_STRING;
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                M_ASN1_BIT_STRING_free(ret);
-        return(NULL);
-        }
-
-/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
- */
-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
-        {
-        int w,v,iv;
-        unsigned char *c;
-
-        w=n/8;
-        v=1<<(7-(n&0x07));
-        iv= ~v;
-        if (!value) v=0;
-
-        a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
-
-        if (a == NULL) return(0);
-        if ((a->length < (w+1)) || (a->data == NULL))
-                {
-                if (!value) return(1); /* Don't need to set */
-                if (a->data == NULL)
-                        c=(unsigned char *)OPENSSL_malloc(w+1);
-                else
-                        c=(unsigned char *)OPENSSL_realloc_clean(a->data,
-                                                                 a->length,
-                                                                 w+1);
-                if (c == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
-                a->data=c;
-                a->length=w+1;
-        }
-        a->data[w]=((a->data[w])&iv)|v;
-        while ((a->length > 0) && (a->data[a->length-1] == 0))
-                a->length--;
-        return(1);
-        }
-
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
-        {
-        int w,v;
-
-        w=n/8;
-        v=1<<(7-(n&0x07));
-        if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
-                return(0);
-        return((a->data[w]&v) != 0);
-        }
-
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
deleted file mode 100644
index 24333ea4d5..0000000000
--- a/src/lib/libcrypto/asn1/a_bool.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
-        {
-        int r;
-        unsigned char *p;
-
-        r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
-        if (pp == NULL) return(r);
-        p= *pp;
-
-        ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
-        *(p++)= (unsigned char)a;
-        *pp=p;
-        return(r);
-        }
-
-int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
-        {
-        int ret= -1;
-        unsigned char *p;
-        long len;
-        int inf,tag,xclass;
-        int i=0;
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_BOOLEAN)
-                {
-                i=ASN1_R_EXPECTING_A_BOOLEAN;
-                goto err;
-                }
-
-        if (len != 1)
-                {
-                i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-                goto err;
-                }
-        ret= (int)*(p++);
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
-        return(ret);
-        }
-
-
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
deleted file mode 100644
index 2407f7c87a..0000000000
--- a/src/lib/libcrypto/asn1/a_bytes.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
-/* type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
-             long length, int type)
-        {
-        ASN1_STRING *ret=NULL;
-        unsigned char *p,*s;
-        long len;
-        int inf,tag,xclass;
-        int i=0;
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80) goto err;
-
-        if (tag >= 32)
-                {
-                i=ASN1_R_TAG_VALUE_TOO_HIGH;
-                goto err;
-                }
-        if (!(ASN1_tag2bit(tag) & type))
-                {
-                i=ASN1_R_WRONG_TYPE;
-                goto err;
-                }
-
-        /* If a bit-string, exit early */
-        if (tag == V_ASN1_BIT_STRING)
-                return(d2i_ASN1_BIT_STRING(a,pp,length));
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-                }
-        else
-                ret=(*a);
-
-        if (len != 0)
-                {
-                s=(unsigned char *)OPENSSL_malloc((int)len+1);
-                if (s == NULL)
-                        {
-                        i=ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                memcpy(s,p,(int)len);
-                s[len]='\0';
-                p+=len;
-                }
-        else
-                s=NULL;
-
-        if (ret->data != NULL) OPENSSL_free(ret->data);
-        ret->length=(int)len;
-        ret->data=s;
-        ret->type=tag;
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_STRING_free(ret);
-        return(NULL);
-        }
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-        {
-        int ret,r,constructed;
-        unsigned char *p;
-
-        if (a == NULL)  return(0);
-
-        if (tag == V_ASN1_BIT_STRING)
-                return(i2d_ASN1_BIT_STRING(a,pp));
-                
-        ret=a->length;
-        r=ASN1_object_size(0,ret,tag);
-        if (pp == NULL) return(r);
-        p= *pp;
-
-        if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
-                constructed=1;
-        else
-                constructed=0;
-        ASN1_put_object(&p,constructed,ret,tag,xclass);
-        memcpy(p,a->data,a->length);
-        p+=a->length;
-        *pp= p;
-        return(r);
-        }
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
-             int Ptag, int Pclass)
-        {
-        ASN1_STRING *ret=NULL;
-        unsigned char *p,*s;
-        long len;
-        int inf,tag,xclass;
-        int i=0;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-                }
-        else
-                ret=(*a);
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != Ptag)
-                {
-                i=ASN1_R_WRONG_TAG;
-                goto err;
-                }
-
-        if (inf & V_ASN1_CONSTRUCTED)
-                {
-                ASN1_CTX c;
-
-                c.pp=pp;
-                c.p=p;
-                c.inf=inf;
-                c.slen=len;
-                c.tag=Ptag;
-                c.xclass=Pclass;
-                c.max=(length == 0)?0:(p+length);
-                if (!asn1_collate_primitive(ret,&c)) 
-                        goto err; 
-                else
-                        {
-                        p=c.p;
-                        }
-                }
-        else
-                {
-                if (len != 0)
-                        {
-                        if ((ret->length < len) || (ret->data == NULL))
-                                {
-                                if (ret->data != NULL) OPENSSL_free(ret->data);
-                                s=(unsigned char *)OPENSSL_malloc((int)len + 1);
-                                if (s == NULL)
-                                        {
-                                        i=ERR_R_MALLOC_FAILURE;
-                                        goto err;
-                                        }
-                                }
-                        else
-                                s=ret->data;
-                        memcpy(s,p,(int)len);
-                        s[len] = '\0';
-                        p+=len;
-                        }
-                else
-                        {
-                        s=NULL;
-                        if (ret->data != NULL) OPENSSL_free(ret->data);
-                        }
-
-                ret->length=(int)len;
-                ret->data=s;
-                ret->type=Ptag;
-                }
-
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_STRING_free(ret);
-        ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
-        return(NULL);
-        }
-
-
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
- * them into the one structure that is then returned */
-/* There have been a few bug fixes for this function from
- * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
-        {
-        ASN1_STRING *os=NULL;
-        BUF_MEM b;
-        int num;
-
-        b.length=0;
-        b.max=0;
-        b.data=NULL;
-
-        if (a == NULL)
-                {
-                c->error=ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-
-        num=0;
-        for (;;)
-                {
-                if (c->inf & 1)
-                        {
-                        c->eos=ASN1_check_infinite_end(&c->p,
-                                (long)(c->max-c->p));
-                        if (c->eos) break;
-                        }
-                else
-                        {
-                        if (c->slen <= 0) break;
-                        }
-
-                c->q=c->p;
-                if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
-                        == NULL)
-                        {
-                        c->error=ERR_R_ASN1_LIB;
-                        goto err;
-                        }
-
-                if (!BUF_MEM_grow_clean(&b,num+os->length))
-                        {
-                        c->error=ERR_R_BUF_LIB;
-                        goto err;
-                        }
-                memcpy(&(b.data[num]),os->data,os->length);
-                if (!(c->inf & 1))
-                        c->slen-=(c->p-c->q);
-                num+=os->length;
-                }
-
-        if (!asn1_Finish(c)) goto err;
-
-        a->length=num;
-        if (a->data != NULL) OPENSSL_free(a->data);
-        a->data=(unsigned char *)b.data;
-        if (os != NULL) ASN1_STRING_free(os);
-        return(1);
-err:
-        ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
-        if (os != NULL) ASN1_STRING_free(os);
-        if (b.data != NULL) OPENSSL_free(b.data);
-        return(0);
-        }
-
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
deleted file mode 100644
index b67b75e7c2..0000000000
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-#ifndef OPENSSL_NO_FP_API
-
-char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
-             unsigned char **x)
-        {
-        BIO *b;
-        char *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-                }
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_d2i_bio(xnew,d2i,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
-             unsigned char **x)
-        {
-        BUF_MEM *b = NULL;
-        unsigned char *p;
-        char *ret=NULL;
-        int len;
-
-        len = asn1_d2i_read_bio(in, &b);
-        if(len < 0) goto err;
-
-        p=(unsigned char *)b->data;
-        ret=d2i(x,&p,len);
-err:
-        if (b != NULL) BUF_MEM_free(b);
-        return(ret);
-        }
-
-#endif
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
-        {
-        BUF_MEM *b = NULL;
-        unsigned char *p;
-        void *ret=NULL;
-        int len;
-
-        len = asn1_d2i_read_bio(in, &b);
-        if(len < 0) goto err;
-
-        p=(unsigned char *)b->data;
-        ret=ASN1_item_d2i(x,&p,len, it);
-err:
-        if (b != NULL) BUF_MEM_free(b);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
-        {
-        BIO *b;
-        char *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-                }
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_item_d2i_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-#define HEADER_SIZE   8
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-        {
-        BUF_MEM *b;
-        unsigned char *p;
-        int i;
-        int ret=-1;
-        ASN1_CTX c;
-        int want=HEADER_SIZE;
-        int eos=0;
-#if defined(__GNUC__) && defined(__ia64)
-        /* pathetic compiler bug in all known versions as of Nov. 2002 */
-        long off=0;
-#else
-        int off=0;
-#endif
-        int len=0;
-
-        b=BUF_MEM_new();
-        if (b == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-                return -1;
-                }
-
-        ERR_clear_error();
-        for (;;)
-                {
-                if (want >= (len-off))
-                        {
-                        want-=(len-off);
-
-                        if (!BUF_MEM_grow_clean(b,len+want))
-                                {
-                                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        i=BIO_read(in,&(b->data[len]),want);
-                        if ((i < 0) && ((len-off) == 0))
-                                {
-                                ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
-                                goto err;
-                                }
-                        if (i > 0)
-                                len+=i;
-                        }
-                /* else data already loaded */
-
-                p=(unsigned char *)&(b->data[off]);
-                c.p=p;
-                c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
-                        len-off);
-                if (c.inf & 0x80)
-                        {
-                        unsigned long e;
-
-                        e=ERR_GET_REASON(ERR_peek_error());
-                        if (e != ASN1_R_TOO_LONG)
-                                goto err;
-                        else
-                                ERR_get_error(); /* clear error */
-                        }
-                i=c.p-p;/* header length */
-                off+=i; /* end of data */
-
-                if (c.inf & 1)
-                        {
-                        /* no data body so go round again */
-                        eos++;
-                        want=HEADER_SIZE;
-                        }
-                else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
-                        {
-                        /* eos value, so go back and read another header */
-                        eos--;
-                        if (eos <= 0)
-                                break;
-                        else
-                                want=HEADER_SIZE;
-                        }
-                else 
-                        {
-                        /* suck in c.slen bytes of data */
-                        want=(int)c.slen;
-                        if (want > (len-off))
-                                {
-                                want-=(len-off);
-                                if (!BUF_MEM_grow_clean(b,len+want))
-                                        {
-                                        ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-                                        goto err;
-                                        }
-                                while (want > 0)
-                                        {
-                                        i=BIO_read(in,&(b->data[len]),want);
-                                        if (i <= 0)
-                                                {
-                                                ASN1err(ASN1_F_ASN1_D2I_BIO,
-                                                    ASN1_R_NOT_ENOUGH_DATA);
-                                                goto err;
-                                                }
-                                        len+=i;
-                                        want -= i;
-                                        }
-                                }
-                        off+=(int)c.slen;
-                        if (eos <= 0)
-                                {
-                                break;
-                                }
-                        else
-                                want=HEADER_SIZE;
-                        }
-                }
-
-        *pb = b;
-        return off;
-err:
-        if (b != NULL) BUF_MEM_free(b);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
deleted file mode 100644
index 7182e9fa5d..0000000000
--- a/src/lib/libcrypto/asn1/a_digest.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/asn1/a_digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
-                unsigned char *md, unsigned int *len)
-        {
-        int i;
-        unsigned char *str,*p;
-
-        i=i2d(data,NULL);
-        if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        p=str;
-        i2d(data,&p);
-
-        EVP_Digest(str, i, md, len, type, NULL);
-        OPENSSL_free(str);
-        return(1);
-        }
-
-#endif
-
-
-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
-                unsigned char *md, unsigned int *len)
-        {
-        int i;
-        unsigned char *str = NULL;
-
-        i=ASN1_item_i2d(asn,&str, it);
-        if (!str) return(0);
-
-        EVP_Digest(str, i, md, len, type, NULL);
-        OPENSSL_free(str);
-        return(1);
-        }
-
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
deleted file mode 100644
index 58a017884c..0000000000
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/asn1/a_dup.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
-        {
-        unsigned char *b,*p;
-        long i;
-        char *ret;
-
-        if (x == NULL) return(NULL);
-
-        i=(long)i2d(x,NULL);
-        b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
-        if (b == NULL)
-                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-        p= b;
-        i=i2d(x,&p);
-        p= b;
-        ret=d2i(NULL,&p,i);
-        OPENSSL_free(b);
-        return(ret);
-        }
-
-#endif
-
-/* ASN1_ITEM version of dup: this follows the model above except we don't need
- * to allocate the buffer. At some point this could be rewritten to directly dup
- * the underlying structure instead of doing and encode and decode.
- */
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
-        {
-        unsigned char *b = NULL, *p;
-        long i;
-        void *ret;
-
-        if (x == NULL) return(NULL);
-
-        i=ASN1_item_i2d(x,&b,it);
-        if (b == NULL)
-                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-        p= b;
-        ret=ASN1_item_d2i(NULL,&p,i, it);
-        OPENSSL_free(b);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
deleted file mode 100644
index 03ede68d1c..0000000000
--- a/src/lib/libcrypto/asn1/a_enum.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/* crypto/asn1/a_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-/* 
- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
- * for comments on encoding see a_int.c
- */
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
-        {
-        int i,j,k;
-        unsigned char buf[sizeof(long)+1];
-        long d;
-
-        a->type=V_ASN1_ENUMERATED;
-        if (a->length < (sizeof(long)+1))
-                {
-                if (a->data != NULL)
-                        OPENSSL_free(a->data);
-                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-                        memset((char *)a->data,0,sizeof(long)+1);
-                }
-        if (a->data == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        d=v;
-        if (d < 0)
-                {
-                d= -d;
-                a->type=V_ASN1_NEG_ENUMERATED;
-                }
-
-        for (i=0; i<sizeof(long); i++)
-                {
-                if (d == 0) break;
-                buf[i]=(int)d&0xff;
-                d>>=8;
-                }
-        j=0;
-        for (k=i-1; k >=0; k--)
-                a->data[j++]=buf[k];
-        a->length=j;
-        return(1);
-        }
-
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
-        {
-        int neg=0,i;
-        long r=0;
-
-        if (a == NULL) return(0L);
-        i=a->type;
-        if (i == V_ASN1_NEG_ENUMERATED)
-                neg=1;
-        else if (i != V_ASN1_ENUMERATED)
-                return -1;
-        
-        if (a->length > sizeof(long))
-                {
-                /* hmm... a bit ugly */
-                return(0xffffffffL);
-                }
-        if (a->data == NULL)
-                return 0;
-
-        for (i=0; i<a->length; i++)
-                {
-                r<<=8;
-                r|=(unsigned char)a->data[i];
-                }
-        if (neg) r= -r;
-        return(r);
-        }
-
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
-        {
-        ASN1_ENUMERATED *ret;
-        int len,j;
-
-        if (ai == NULL)
-                ret=M_ASN1_ENUMERATED_new();
-        else
-                ret=ai;
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-                }
-        if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
-        else ret->type=V_ASN1_ENUMERATED;
-        j=BN_num_bits(bn);
-        len=((j == 0)?0:((j/8)+1));
-        if (ret->length < len+4)
-                {
-                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-                if (!new_data)
-                        {
-                        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                ret->data=new_data;
-                }
-
-        ret->length=BN_bn2bin(bn,ret->data);
-        return(ret);
-err:
-        if (ret != ai) M_ASN1_ENUMERATED_free(ret);
-        return(NULL);
-        }
-
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
-        {
-        BIGNUM *ret;
-
-        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-                ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-        else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
deleted file mode 100644
index f4f1b73ebe..0000000000
--- a/src/lib/libcrypto/asn1/a_i2d_fp.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/* crypto/asn1/a_i2d_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_i2d_bio(i2d,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
-        {
-        char *b;
-        unsigned char *p;
-        int i,j=0,n,ret=1;
-
-        n=i2d(x,NULL);
-        b=(char *)OPENSSL_malloc(n);
-        if (b == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-
-        p=(unsigned char *)b;
-        i2d(x,&p);
-        
-        for (;;)
-                {
-                i=BIO_write(out,&(b[j]),n);
-                if (i == n) break;
-                if (i <= 0)
-                        {
-                        ret=0;
-                        break;
-                        }
-                j+=i;
-                n-=i;
-                }
-        OPENSSL_free(b);
-        return(ret);
-        }
-
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_item_i2d_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
-        {
-        unsigned char *b = NULL;
-        int i,j=0,n,ret=1;
-
-        n = ASN1_item_i2d(x, &b, it);
-        if (b == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-
-        for (;;)
-                {
-                i=BIO_write(out,&(b[j]),n);
-                if (i == n) break;
-                if (i <= 0)
-                        {
-                        ret=0;
-                        break;
-                        }
-                j+=i;
-                n-=i;
-                }
-        OPENSSL_free(b);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
deleted file mode 100644
index 21cc64bb23..0000000000
--- a/src/lib/libcrypto/asn1/a_int.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/* crypto/asn1/a_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
-{ return M_ASN1_INTEGER_dup(x);}
-
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
-        { 
-        int neg, ret;
-        /* Compare signs */
-        neg = x->type & V_ASN1_NEG;
-        if (neg != (y->type & V_ASN1_NEG))
-                {
-                if (neg)
-                        return -1;
-                else
-                        return 1;
-                }
-
-        ret = ASN1_STRING_cmp(x, y);
-
-        if (neg)
-                return -ret;
-        else
-                return ret;
-        }
-        
-
-/* 
- * This converts an ASN1 INTEGER into its content encoding.
- * The internal representation is an ASN1_STRING whose data is a big endian
- * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
- *
- * Positive integers are no problem: they are almost the same as the DER
- * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
- *
- * Negative integers are a bit trickier...
- * The DER representation of negative integers is in 2s complement form.
- * The internal form is converted by complementing each octet and finally 
- * adding one to the result. This can be done less messily with a little trick.
- * If the internal form has trailing zeroes then they will become FF by the
- * complement and 0 by the add one (due to carry) so just copy as many trailing 
- * zeros to the destination as there are in the source. The carry will add one
- * to the last none zero octet: so complement this octet and add one and finally
- * complement any left over until you get to the start of the string.
- *
- * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
- * with 0xff. However if the first byte is 0x80 and one of the following bytes
- * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
- * followed by optional zeros isn't padded.
- */
-
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-        {
-        int pad=0,ret,i,neg;
-        unsigned char *p,*n,pb=0;
-
-        if ((a == NULL) || (a->data == NULL)) return(0);
-        neg=a->type & V_ASN1_NEG;
-        if (a->length == 0)
-                ret=1;
-        else
-                {
-                ret=a->length;
-                i=a->data[0];
-                if (!neg && (i > 127)) {
-                        pad=1;
-                        pb=0;
-                } else if(neg) {
-                        if(i>128) {
-                                pad=1;
-                                pb=0xFF;
-                        } else if(i == 128) {
-                        /*
-                         * Special case: if any other bytes non zero we pad:
-                         * otherwise we don't.
-                         */
-                                for(i = 1; i < a->length; i++) if(a->data[i]) {
-                                                pad=1;
-                                                pb=0xFF;
-                                                break;
-                                }
-                        }
-                }
-                ret+=pad;
-                }
-        if (pp == NULL) return(ret);
-        p= *pp;
-
-        if (pad) *(p++)=pb;
-        if (a->length == 0) *(p++)=0;
-        else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
-        else {
-                /* Begin at the end of the encoding */
-                n=a->data + a->length - 1;
-                p += a->length - 1;
-                i = a->length;
-                /* Copy zeros to destination as long as source is zero */
-                while(!*n) {
-                        *(p--) = 0;
-                        n--;
-                        i--;
-                }
-                /* Complement and increment next octet */
-                *(p--) = ((*(n--)) ^ 0xff) + 1;
-                i--;
-                /* Complement any octets left */
-                for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
-        }
-
-        *pp+=ret;
-        return(ret);
-        }
-
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
-
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
-             long len)
-        {
-        ASN1_INTEGER *ret=NULL;
-        unsigned char *p,*to,*s, *pend;
-        int i;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-                ret->type=V_ASN1_INTEGER;
-                }
-        else
-                ret=(*a);
-
-        p= *pp;
-        pend = p + len;
-
-        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-         * signifies a missing NULL parameter. */
-        s=(unsigned char *)OPENSSL_malloc((int)len+1);
-        if (s == NULL)
-                {
-                i=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        to=s;
-        if(!len) {
-                /* Strictly speaking this is an illegal INTEGER but we
-                 * tolerate it.
-                 */
-                ret->type=V_ASN1_INTEGER;
-        } else if (*p & 0x80) /* a negative number */
-                {
-                ret->type=V_ASN1_NEG_INTEGER;
-                if ((*p == 0xff) && (len != 1)) {
-                        p++;
-                        len--;
-                }
-                i = len;
-                p += i - 1;
-                to += i - 1;
-                while((!*p) && i) {
-                        *(to--) = 0;
-                        i--;
-                        p--;
-                }
-                /* Special case: if all zeros then the number will be of
-                 * the form FF followed by n zero bytes: this corresponds to
-                 * 1 followed by n zero bytes. We've already written n zeros
-                 * so we just append an extra one and set the first byte to
-                 * a 1. This is treated separately because it is the only case
-                 * where the number of bytes is larger than len.
-                 */
-                if(!i) {
-                        *s = 1;
-                        s[len] = 0;
-                        len++;
-                } else {
-                        *(to--) = (*(p--) ^ 0xff) + 1;
-                        i--;
-                        for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
-                }
-        } else {
-                ret->type=V_ASN1_INTEGER;
-                if ((*p == 0) && (len != 1))
-                        {
-                        p++;
-                        len--;
-                        }
-                memcpy(s,p,(int)len);
-        }
-
-        if (ret->data != NULL) OPENSSL_free(ret->data);
-        ret->data=s;
-        ret->length=(int)len;
-        if (a != NULL) (*a)=ret;
-        *pp=pend;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                M_ASN1_INTEGER_free(ret);
-        return(NULL);
-        }
-
-
-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
- * ASN1 integers: some broken software can encode a positive INTEGER
- * with its MSB set as negative (it doesn't add a padding zero).
- */
-
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
-             long length)
-        {
-        ASN1_INTEGER *ret=NULL;
-        unsigned char *p,*to,*s;
-        long len;
-        int inf,tag,xclass;
-        int i;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-                ret->type=V_ASN1_INTEGER;
-                }
-        else
-                ret=(*a);
-
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_INTEGER)
-                {
-                i=ASN1_R_EXPECTING_AN_INTEGER;
-                goto err;
-                }
-
-        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-         * signifies a missing NULL parameter. */
-        s=(unsigned char *)OPENSSL_malloc((int)len+1);
-        if (s == NULL)
-                {
-                i=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        to=s;
-        ret->type=V_ASN1_INTEGER;
-        if(len) {
-                if ((*p == 0) && (len != 1))
-                        {
-                        p++;
-                        len--;
-                        }
-                memcpy(s,p,(int)len);
-                p+=len;
-        }
-
-        if (ret->data != NULL) OPENSSL_free(ret->data);
-        ret->data=s;
-        ret->length=(int)len;
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                M_ASN1_INTEGER_free(ret);
-        return(NULL);
-        }
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
-        {
-        int i,j,k;
-        unsigned char buf[sizeof(long)+1];
-        long d;
-
-        a->type=V_ASN1_INTEGER;
-        if (a->length < (sizeof(long)+1))
-                {
-                if (a->data != NULL)
-                        OPENSSL_free(a->data);
-                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-                        memset((char *)a->data,0,sizeof(long)+1);
-                }
-        if (a->data == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        d=v;
-        if (d < 0)
-                {
-                d= -d;
-                a->type=V_ASN1_NEG_INTEGER;
-                }
-
-        for (i=0; i<sizeof(long); i++)
-                {
-                if (d == 0) break;
-                buf[i]=(int)d&0xff;
-                d>>=8;
-                }
-        j=0;
-        for (k=i-1; k >=0; k--)
-                a->data[j++]=buf[k];
-        a->length=j;
-        return(1);
-        }
-
-long ASN1_INTEGER_get(ASN1_INTEGER *a)
-        {
-        int neg=0,i;
-        long r=0;
-
-        if (a == NULL) return(0L);
-        i=a->type;
-        if (i == V_ASN1_NEG_INTEGER)
-                neg=1;
-        else if (i != V_ASN1_INTEGER)
-                return -1;
-        
-        if (a->length > sizeof(long))
-                {
-                /* hmm... a bit ugly */
-                return(0xffffffffL);
-                }
-        if (a->data == NULL)
-                return 0;
-
-        for (i=0; i<a->length; i++)
-                {
-                r<<=8;
-                r|=(unsigned char)a->data[i];
-                }
-        if (neg) r= -r;
-        return(r);
-        }
-
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
-        {
-        ASN1_INTEGER *ret;
-        int len,j;
-
-        if (ai == NULL)
-                ret=M_ASN1_INTEGER_new();
-        else
-                ret=ai;
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-                }
-        if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
-        else ret->type=V_ASN1_INTEGER;
-        j=BN_num_bits(bn);
-        len=((j == 0)?0:((j/8)+1));
-        if (ret->length < len+4)
-                {
-                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-                if (!new_data)
-                        {
-                        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                ret->data=new_data;
-                }
-        ret->length=BN_bn2bin(bn,ret->data);
-        /* Correct zero case */
-        if(!ret->length)
-                {
-                ret->data[0] = 0;
-                ret->length = 1;
-                }
-        return(ret);
-err:
-        if (ret != ai) M_ASN1_INTEGER_free(ret);
-        return(NULL);
-        }
-
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
-        {
-        BIGNUM *ret;
-
-        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-        else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
-        return(ret);
-        }
-
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
deleted file mode 100644
index 208b3ec395..0000000000
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* a_mbstr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int traverse_string(const unsigned char *p, int len, int inform,
-                 int (*rfunc)(unsigned long value, void *in), void *arg);
-static int in_utf8(unsigned long value, void *arg);
-static int out_utf8(unsigned long value, void *arg);
-static int type_str(unsigned long value, void *arg);
-static int cpy_asc(unsigned long value, void *arg);
-static int cpy_bmp(unsigned long value, void *arg);
-static int cpy_univ(unsigned long value, void *arg);
-static int cpy_utf8(unsigned long value, void *arg);
-static int is_printable(unsigned long value);
-
-/* These functions take a string in UTF8, ASCII or multibyte form and
- * a mask of permissible ASN1 string types. It then works out the minimal
- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
- * and creates a string of the correct type with the supplied data.
- * Yes this is horrible: it has to be :-(
- * The 'ncopy' form checks minimum and maximum size limits too.
- */
-
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-                                        int inform, unsigned long mask)
-{
-        return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
-}
-
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-                                        int inform, unsigned long mask, 
-                                        long minsize, long maxsize)
-{
-        int str_type;
-        int ret;
-        char free_out;
-        int outform, outlen;
-        ASN1_STRING *dest;
-        unsigned char *p;
-        int nchar;
-        char strbuf[32];
-        int (*cpyfunc)(unsigned long,void *) = NULL;
-        if(len == -1) len = strlen((const char *)in);
-        if(!mask) mask = DIRSTRING_TYPE;
-
-        /* First do a string check and work out the number of characters */
-        switch(inform) {
-
-                case MBSTRING_BMP:
-                if(len & 1) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
-                                         ASN1_R_INVALID_BMPSTRING_LENGTH);
-                        return -1;
-                }
-                nchar = len >> 1;
-                break;
-
-                case MBSTRING_UNIV:
-                if(len & 3) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
-                                         ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
-                        return -1;
-                }
-                nchar = len >> 2;
-                break;
-
-                case MBSTRING_UTF8:
-                nchar = 0;
-                /* This counts the characters and does utf8 syntax checking */
-                ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
-                if(ret < 0) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
-                                                 ASN1_R_INVALID_UTF8STRING);
-                        return -1;
-                }
-                break;
-
-                case MBSTRING_ASC:
-                nchar = len;
-                break;
-
-                default:
-                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
-                return -1;
-        }
-
-        if((minsize > 0) && (nchar < minsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
-                BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
-                ERR_add_error_data(2, "minsize=", strbuf);
-                return -1;
-        }
-
-        if((maxsize > 0) && (nchar > maxsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
-                BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
-                ERR_add_error_data(2, "maxsize=", strbuf);
-                return -1;
-        }
-
-        /* Now work out minimal type (if any) */
-        if(traverse_string(in, len, inform, type_str, &mask) < 0) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
-                return -1;
-        }
-
-
-        /* Now work out output format and string type */
-        outform = MBSTRING_ASC;
-        if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
-        else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
-        else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
-        else if(mask & B_ASN1_BMPSTRING) {
-                str_type = V_ASN1_BMPSTRING;
-                outform = MBSTRING_BMP;
-        } else if(mask & B_ASN1_UNIVERSALSTRING) {
-                str_type = V_ASN1_UNIVERSALSTRING;
-                outform = MBSTRING_UNIV;
-        } else {
-                str_type = V_ASN1_UTF8STRING;
-                outform = MBSTRING_UTF8;
-        }
-        if(!out) return str_type;
-        if(*out) {
-                free_out = 0;
-                dest = *out;
-                if(dest->data) {
-                        dest->length = 0;
-                        OPENSSL_free(dest->data);
-                        dest->data = NULL;
-                }
-                dest->type = str_type;
-        } else {
-                free_out = 1;
-                dest = ASN1_STRING_type_new(str_type);
-                if(!dest) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
-                                                        ERR_R_MALLOC_FAILURE);
-                        return -1;
-                }
-                *out = dest;
-        }
-        /* If both the same type just copy across */
-        if(inform == outform) {
-                if(!ASN1_STRING_set(dest, in, len)) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
-                        return -1;
-                }
-                return str_type;
-        } 
-
-        /* Work out how much space the destination will need */
-        switch(outform) {
-                case MBSTRING_ASC:
-                outlen = nchar;
-                cpyfunc = cpy_asc;
-                break;
-
-                case MBSTRING_BMP:
-                outlen = nchar << 1;
-                cpyfunc = cpy_bmp;
-                break;
-
-                case MBSTRING_UNIV:
-                outlen = nchar << 2;
-                cpyfunc = cpy_univ;
-                break;
-
-                case MBSTRING_UTF8:
-                outlen = 0;
-                traverse_string(in, len, inform, out_utf8, &outlen);
-                cpyfunc = cpy_utf8;
-                break;
-        }
-        if(!(p = OPENSSL_malloc(outlen + 1))) {
-                if(free_out) ASN1_STRING_free(dest);
-                ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
-                return -1;
-        }
-        dest->length = outlen;
-        dest->data = p;
-        p[outlen] = 0;
-        traverse_string(in, len, inform, cpyfunc, &p);
-        return str_type;        
-}
-
-/* This function traverses a string and passes the value of each character
- * to an optional function along with a void * argument.
- */
-
-static int traverse_string(const unsigned char *p, int len, int inform,
-                 int (*rfunc)(unsigned long value, void *in), void *arg)
-{
-        unsigned long value;
-        int ret;
-        while(len) {
-                if(inform == MBSTRING_ASC) {
-                        value = *p++;
-                        len--;
-                } else if(inform == MBSTRING_BMP) {
-                        value = *p++ << 8;
-                        value |= *p++;
-                        len -= 2;
-                } else if(inform == MBSTRING_UNIV) {
-                        value = ((unsigned long)*p++) << 24;
-                        value |= ((unsigned long)*p++) << 16;
-                        value |= *p++ << 8;
-                        value |= *p++;
-                        len -= 4;
-                } else {
-                        ret = UTF8_getc(p, len, &value);
-                        if(ret < 0) return -1;
-                        len -= ret;
-                        p += ret;
-                }
-                if(rfunc) {
-                        ret = rfunc(value, arg);
-                        if(ret <= 0) return ret;
-                }
-        }
-        return 1;
-}
-
-/* Various utility functions for traverse_string */
-
-/* Just count number of characters */
-
-static int in_utf8(unsigned long value, void *arg)
-{
-        int *nchar;
-        nchar = arg;
-        (*nchar)++;
-        return 1;
-}
-
-/* Determine size of output as a UTF8 String */
-
-static int out_utf8(unsigned long value, void *arg)
-{
-        int *outlen;
-        outlen = arg;
-        *outlen += UTF8_putc(NULL, -1, value);
-        return 1;
-}
-
-/* Determine the "type" of a string: check each character against a
- * supplied "mask".
- */
-
-static int type_str(unsigned long value, void *arg)
-{
-        unsigned long types;
-        types = *((unsigned long *)arg);
-        if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
-                                        types &= ~B_ASN1_PRINTABLESTRING;
-        if((types & B_ASN1_IA5STRING) && (value > 127))
-                                        types &= ~B_ASN1_IA5STRING;
-        if((types & B_ASN1_T61STRING) && (value > 0xff))
-                                        types &= ~B_ASN1_T61STRING;
-        if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
-                                        types &= ~B_ASN1_BMPSTRING;
-        if(!types) return -1;
-        *((unsigned long *)arg) = types;
-        return 1;
-}
-
-/* Copy one byte per character ASCII like strings */
-
-static int cpy_asc(unsigned long value, void *arg)
-{
-        unsigned char **p, *q;
-        p = arg;
-        q = *p;
-        *q = (unsigned char) value;
-        (*p)++;
-        return 1;
-}
-
-/* Copy two byte per character BMPStrings */
-
-static int cpy_bmp(unsigned long value, void *arg)
-{
-        unsigned char **p, *q;
-        p = arg;
-        q = *p;
-        *q++ = (unsigned char) ((value >> 8) & 0xff);
-        *q = (unsigned char) (value & 0xff);
-        *p += 2;
-        return 1;
-}
-
-/* Copy four byte per character UniversalStrings */
-
-static int cpy_univ(unsigned long value, void *arg)
-{
-        unsigned char **p, *q;
-        p = arg;
-        q = *p;
-        *q++ = (unsigned char) ((value >> 24) & 0xff);
-        *q++ = (unsigned char) ((value >> 16) & 0xff);
-        *q++ = (unsigned char) ((value >> 8) & 0xff);
-        *q = (unsigned char) (value & 0xff);
-        *p += 4;
-        return 1;
-}
-
-/* Copy to a UTF8String */
-
-static int cpy_utf8(unsigned long value, void *arg)
-{
-        unsigned char **p;
-        int ret;
-        p = arg;
-        /* We already know there is enough room so pass 0xff as the length */
-        ret = UTF8_putc(*p, 0xff, value);
-        *p += ret;
-        return 1;
-}
-
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(unsigned long value)
-{
-        int ch;
-        if(value > 0x7f) return 0;
-        ch = (int) value;
-        /* Note: we can't use 'isalnum' because certain accented 
-         * characters may count as alphanumeric in some environments.
-         */
-#ifndef CHARSET_EBCDIC
-        if((ch >= 'a') && (ch <= 'z')) return 1;
-        if((ch >= 'A') && (ch <= 'Z')) return 1;
-        if((ch >= '0') && (ch <= '9')) return 1;
-        if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
-#else /*CHARSET_EBCDIC*/
-        if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
-        if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
-        if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
-        if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
-#endif /*CHARSET_EBCDIC*/
-        return 0;
-}
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
deleted file mode 100644
index 0a8e6c287c..0000000000
--- a/src/lib/libcrypto/asn1/a_object.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
-        {
-        unsigned char *p;
-        int objsize;
-
-        if ((a == NULL) || (a->data == NULL)) return(0);
-
-        objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
-        if (pp == NULL) return objsize;
-
-        p= *pp;
-        ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-        memcpy(p,a->data,a->length);
-        p+=a->length;
-
-        *pp=p;
-        return(objsize);
-        }
-
-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
-        {
-        int i,first,len=0,c;
-        char tmp[24];
-        const char *p;
-        unsigned long l;
-
-        if (num == 0)
-                return(0);
-        else if (num == -1)
-                num=strlen(buf);
-
-        p=buf;
-        c= *(p++);
-        num--;
-        if ((c >= '0') && (c <= '2'))
-                {
-                first=(c-'0')*40;
-                }
-        else
-                {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
-                goto err;
-                }
-
-        if (num <= 0)
-                {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
-                goto err;
-                }
-        c= *(p++);
-        num--;
-        for (;;)
-                {
-                if (num <= 0) break;
-                if ((c != '.') && (c != ' '))
-                        {
-                        ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
-                        goto err;
-                        }
-                l=0;
-                for (;;)
-                        {
-                        if (num <= 0) break;
-                        num--;
-                        c= *(p++);
-                        if ((c == ' ') || (c == '.'))
-                                break;
-                        if ((c < '0') || (c > '9'))
-                                {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
-                                goto err;
-                                }
-                        l=l*10L+(long)(c-'0');
-                        }
-                if (len == 0)
-                        {
-                        if ((first < 2) && (l >= 40))
-                                {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
-                                goto err;
-                                }
-                        l+=(long)first;
-                        }
-                i=0;
-                for (;;)
-                        {
-                        tmp[i++]=(unsigned char)l&0x7f;
-                        l>>=7L;
-                        if (l == 0L) break;
-                        }
-                if (out != NULL)
-                        {
-                        if (len+i > olen)
-                                {
-                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
-                                goto err;
-                                }
-                        while (--i > 0)
-                                out[len++]=tmp[i]|0x80;
-                        out[len++]=tmp[0];
-                        }
-                else
-                        len+=i;
-                }
-        return(len);
-err:
-        return(0);
-        }
-
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-{
-        return OBJ_obj2txt(buf, buf_len, a, 0);
-}
-
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
-        {
-        char buf[80];
-        int i;
-
-        if ((a == NULL) || (a->data == NULL))
-                return(BIO_write(bp,"NULL",4));
-        i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-        if (i > sizeof buf) i=sizeof buf;
-        BIO_write(bp,buf,i);
-        return(i);
-        }
-
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
-             long length)
-{
-        unsigned char *p;
-        long len;
-        int tag,xclass;
-        int inf,i;
-        ASN1_OBJECT *ret = NULL;
-        p= *pp;
-        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-        if (inf & 0x80)
-                {
-                i=ASN1_R_BAD_OBJECT_HEADER;
-                goto err;
-                }
-
-        if (tag != V_ASN1_OBJECT)
-                {
-                i=ASN1_R_EXPECTING_AN_OBJECT;
-                goto err;
-                }
-        ret = c2i_ASN1_OBJECT(a, &p, len);
-        if(ret) *pp = p;
-        return ret;
-err:
-        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_OBJECT_free(ret);
-        return(NULL);
-}
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
-             long len)
-        {
-        ASN1_OBJECT *ret=NULL;
-        unsigned char *p;
-        int i;
-
-        /* only the ASN1_OBJECTs from the 'table' will have values
-         * for ->sn or ->ln */
-        if ((a == NULL) || ((*a) == NULL) ||
-                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-                {
-                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-                }
-        else    ret=(*a);
-
-        p= *pp;
-        if ((ret->data == NULL) || (ret->length < len))
-                {
-                if (ret->data != NULL) OPENSSL_free(ret->data);
-                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
-                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-                if (ret->data == NULL)
-                        { i=ERR_R_MALLOC_FAILURE; goto err; }
-                }
-        memcpy(ret->data,p,(int)len);
-        ret->length=(int)len;
-        ret->sn=NULL;
-        ret->ln=NULL;
-        /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-        p+=len;
-
-        if (a != NULL) (*a)=ret;
-        *pp=p;
-        return(ret);
-err:
-        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_OBJECT_free(ret);
-        return(NULL);
-        }
-
-ASN1_OBJECT *ASN1_OBJECT_new(void)
-        {
-        ASN1_OBJECT *ret;
-
-        ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->length=0;
-        ret->data=NULL;
-        ret->nid=0;
-        ret->sn=NULL;
-        ret->ln=NULL;
-        ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
-        return(ret);
-        }
-
-void ASN1_OBJECT_free(ASN1_OBJECT *a)
-        {
-        if (a == NULL) return;
-        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
-                {
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
-                if (a->sn != NULL) OPENSSL_free((void *)a->sn);
-                if (a->ln != NULL) OPENSSL_free((void *)a->ln);
-#endif
-                a->sn=a->ln=NULL;
-                }
-        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
-                {
-                if (a->data != NULL) OPENSSL_free(a->data);
-                a->data=NULL;
-                a->length=0;
-                }
-        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-                OPENSSL_free(a);
-        }
-
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-             const char *sn, const char *ln)
-        {
-        ASN1_OBJECT o;
-
-        o.sn=sn;
-        o.ln=ln;
-        o.data=data;
-        o.nid=nid;
-        o.length=len;
-        o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-                ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-        return(OBJ_dup(&o));
-        }
-
-IMPLEMENT_STACK_OF(ASN1_OBJECT)
-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
deleted file mode 100644
index 9690bae0f1..0000000000
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* crypto/asn1/a_octet.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
-{ return M_ASN1_OCTET_STRING_dup(x); }
-
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
-{ return M_ASN1_OCTET_STRING_cmp(a, b); }
-
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
-{ return M_ASN1_OCTET_STRING_set(x, d, len); }
-
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c
deleted file mode 100644
index d18e772320..0000000000
--- a/src/lib/libcrypto/asn1/a_print.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/asn1/a_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_PRINTABLE_type(const unsigned char *s, int len)
-        {
-        int c;
-        int ia5=0;
-        int t61=0;
-
-        if (len <= 0) len= -1;
-        if (s == NULL) return(V_ASN1_PRINTABLESTRING);
-
-        while ((*s) && (len-- != 0))
-                {
-                c= *(s++);
-#ifndef CHARSET_EBCDIC
-                if (!(  ((c >= 'a') && (c <= 'z')) ||
-                        ((c >= 'A') && (c <= 'Z')) ||
-                        (c == ' ') ||
-                        ((c >= '0') && (c <= '9')) ||
-                        (c == ' ') || (c == '\'') ||
-                        (c == '(') || (c == ')') ||
-                        (c == '+') || (c == ',') ||
-                        (c == '-') || (c == '.') ||
-                        (c == '/') || (c == ':') ||
-                        (c == '=') || (c == '?')))
-                        ia5=1;
-                if (c&0x80)
-                        t61=1;
-#else
-                if (!isalnum(c) && (c != ' ') &&
-                    strchr("'()+,-./:=?", c) == NULL)
-                        ia5=1;
-                if (os_toascii[c] & 0x80)
-                        t61=1;
-#endif
-                }
-        if (t61) return(V_ASN1_T61STRING);
-        if (ia5) return(V_ASN1_IA5STRING);
-        return(V_ASN1_PRINTABLESTRING);
-        }
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
-        {
-        int i;
-        unsigned char *p;
-
-        if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
-        if ((s->length%4) != 0) return(0);
-        p=s->data;
-        for (i=0; i<s->length; i+=4)
-                {
-                if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
-                        break;
-                else
-                        p+=4;
-                }
-        if (i < s->length) return(0);
-        p=s->data;
-        for (i=3; i<s->length; i+=4)
-                {
-                *(p++)=s->data[i];
-                }
-        *(p)='\0';
-        s->length/=4;
-        s->type=ASN1_PRINTABLE_type(s->data,s->length);
-        return(1);
-        }
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
deleted file mode 100644
index e24061c545..0000000000
--- a/src/lib/libcrypto/asn1/a_set.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct
-    {
-    unsigned char *pbData;
-    int cbData;
-    } MYBLOB;
-
-/* SetBlobCmp
- * This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2 )
-    {
-    const MYBLOB *b1 = (const MYBLOB *)elem1;
-    const MYBLOB *b2 = (const MYBLOB *)elem2;
-    int r;
-
-    r = memcmp(b1->pbData, b2->pbData,
-               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
-    if(r != 0)
-        return r;
-    return b1->cbData-b2->cbData;
-    }
-
-/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
-             int ex_class, int is_set)
-        {
-        int ret=0,r;
-        int i;
-        unsigned char *p;
-        unsigned char *pStart, *pTempMem;
-        MYBLOB *rgSetBlob;
-        int totSize;
-
-        if (a == NULL) return(0);
-        for (i=sk_num(a)-1; i>=0; i--)
-                ret+=func(sk_value(a,i),NULL);
-        r=ASN1_object_size(1,ret,ex_tag);
-        if (pp == NULL) return(r);
-
-        p= *pp;
-        ASN1_put_object(&p,1,ret,ex_tag,ex_class);
-
-/* Modified by gp@nsj.co.jp */
-        /* And then again by Ben */
-        /* And again by Steve */
-
-        if(!is_set || (sk_num(a) < 2))
-                {
-                for (i=0; i<sk_num(a); i++)
-                        func(sk_value(a,i),&p);
-
-                *pp=p;
-                return(r);
-                }
-
-        pStart  = p; /* Catch the beg of Setblobs*/
-                /* In this array we will store the SET blobs */
-                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
-                if (rgSetBlob == NULL)
-                        {
-                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-
-        for (i=0; i<sk_num(a); i++)
-                {
-                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                func(sk_value(a,i),&p);
-                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-SetBlob
-*/
-                }
-        *pp=p;
-        totSize = p - pStart; /* This is the total size of all set blobs */
-
- /* Now we have to sort the blobs. I am using a simple algo.
-    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-                if (!(pTempMem = OPENSSL_malloc(totSize)))
-                        {
-                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-
-/* Copy to temp mem */
-        p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
-                {
-                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
-                p += rgSetBlob[i].cbData;
-                }
-
-/* Copy back to user mem*/
-        memcpy(pStart, pTempMem, totSize);
-        OPENSSL_free(pTempMem);
-        OPENSSL_free(rgSetBlob);
-
-        return(r);
-        }
-
-STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-             char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
-        {
-        ASN1_CTX c;
-        STACK *ret=NULL;
-
-        if ((a == NULL) || ((*a) == NULL))
-                {
-                if ((ret=sk_new_null()) == NULL)
-                        {
-                        ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        else
-                ret=(*a);
-
-        c.p= *pp;
-        c.max=(length == 0)?0:(c.p+length);
-
-        c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
-        if (c.inf & 0x80) goto err;
-        if (ex_class != c.xclass)
-                {
-                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
-                goto err;
-                }
-        if (ex_tag != c.tag)
-                {
-                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
-                goto err;
-                }
-        if ((c.slen+c.p) > c.max)
-                {
-                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
-                goto err;
-                }
-        /* check for infinite constructed - it can be as long
-         * as the amount of data passed to us */
-        if (c.inf == (V_ASN1_CONSTRUCTED+1))
-                c.slen=length+ *pp-c.p;
-        c.max=c.p+c.slen;
-
-        while (c.p < c.max)
-                {
-                char *s;
-
-                if (M_ASN1_D2I_end_sequence()) break;
-                if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
-                        {
-                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-                        asn1_add_error(*pp,(int)(c.q- *pp));
-                        goto err;
-                        }
-                if (!sk_push(ret,s)) goto err;
-                }
-        if (a != NULL) (*a)=ret;
-        *pp=c.p;
-        return(ret);
-err:
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                {
-                if (free_func != NULL)
-                        sk_pop_free(ret,free_func);
-                else
-                        sk_free(ret);
-                }
-        return(NULL);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
deleted file mode 100644
index 52ce7e3974..0000000000
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/* crypto/asn1/a_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-             ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
-             const EVP_MD *type)
-        {
-        EVP_MD_CTX ctx;
-        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
-
-        EVP_MD_CTX_init(&ctx);
-        for (i=0; i<2; i++)
-                {
-                if (i == 0)
-                        a=algor1;
-                else
-                        a=algor2;
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1)
-                        {
-                        /* special case: RFC 2459 tells us to omit 'parameters'
-                         * with id-dsa-with-sha1 */
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
-                        }
-                else if ((a->parameter == NULL) || 
-                        (a->parameter->type != V_ASN1_NULL))
-                        {
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
-                        {
-                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                        goto err;
-                        }
-                }
-        inl=i2d(data,NULL);
-        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
-        outll=outl=EVP_PKEY_size(pkey);
-        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-        if ((buf_in == NULL) || (buf_out == NULL))
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=buf_in;
-
-        i2d(data,&p);
-        EVP_SignInit_ex(&ctx,type, NULL);
-        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-                        (unsigned int *)&outl,pkey))
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
-        if (signature->data != NULL) OPENSSL_free(signature->data);
-        signature->data=buf_out;
-        buf_out=NULL;
-        signature->length=outl;
-        /* In the interests of compatibility, I'll make sure that
-         * the bit string has a 'not-used bits' value of 0
-         */
-        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-        EVP_MD_CTX_cleanup(&ctx);
-        if (buf_in != NULL)
-                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-        if (buf_out != NULL)
-                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-        return(outl);
-        }
-
-#endif
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
-             const EVP_MD *type)
-        {
-        EVP_MD_CTX ctx;
-        unsigned char *buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
-
-        EVP_MD_CTX_init(&ctx);
-        for (i=0; i<2; i++)
-                {
-                if (i == 0)
-                        a=algor1;
-                else
-                        a=algor2;
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1)
-                        {
-                        /* special case: RFC 2459 tells us to omit 'parameters'
-                         * with id-dsa-with-sha1 */
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
-                        }
-                else if ((a->parameter == NULL) || 
-                        (a->parameter->type != V_ASN1_NULL))
-                        {
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
-                        {
-                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                        goto err;
-                        }
-                }
-        inl=ASN1_item_i2d(asn,&buf_in, it);
-        outll=outl=EVP_PKEY_size(pkey);
-        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-        if ((buf_in == NULL) || (buf_out == NULL))
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        EVP_SignInit_ex(&ctx,type, NULL);
-        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-                        (unsigned int *)&outl,pkey))
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
-        if (signature->data != NULL) OPENSSL_free(signature->data);
-        signature->data=buf_out;
-        buf_out=NULL;
-        signature->length=outl;
-        /* In the interests of compatibility, I'll make sure that
-         * the bit string has a 'not-used bits' value of 0
-         */
-        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-        EVP_MD_CTX_cleanup(&ctx);
-        if (buf_in != NULL)
-                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-        if (buf_out != NULL)
-                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-        return(outl);
-        }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
deleted file mode 100644
index a07122ba47..0000000000
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/* a_strex.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-#include "charmap.h"
-#include "cryptlib.h"
-
-/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
- * Enhanced string and name printing routines handling
- * multibyte characters, RFC2253 and a host of other
- * options.
- */
-
-
-#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
-
-
-/* Three IO functions for sending data to memory, a BIO and
- * and a FILE pointer.
- */
-#if 0                           /* never used */
-static int send_mem_chars(void *arg, const void *buf, int len)
-{
-        unsigned char **out = arg;
-        if(!out) return 1;
-        memcpy(*out, buf, len);
-        *out += len;
-        return 1;
-}
-#endif
-
-static int send_bio_chars(void *arg, const void *buf, int len)
-{
-        if(!arg) return 1;
-        if(BIO_write(arg, buf, len) != len) return 0;
-        return 1;
-}
-
-static int send_fp_chars(void *arg, const void *buf, int len)
-{
-        if(!arg) return 1;
-        if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
-        return 1;
-}
-
-typedef int char_io(void *arg, const void *buf, int len);
-
-/* This function handles display of
- * strings, one character at a time.
- * It is passed an unsigned long for each
- * character because it could come from 2 or even
- * 4 byte forms.
- */
-
-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
-{
-        unsigned char chflgs, chtmp;
-        char tmphex[HEX_SIZE(long)+3];
-
-        if(c > 0xffffffffL)
-                return -1;
-        if(c > 0xffff) {
-                BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
-                if(!io_ch(arg, tmphex, 10)) return -1;
-                return 10;
-        }
-        if(c > 0xff) {
-                BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
-                if(!io_ch(arg, tmphex, 6)) return -1;
-                return 6;
-        }
-        chtmp = (unsigned char)c;
-        if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
-        else chflgs = char_type[chtmp] & flags;
-        if(chflgs & CHARTYPE_BS_ESC) {
-                /* If we don't escape with quotes, signal we need quotes */
-                if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
-                        if(do_quotes) *do_quotes = 1;
-                        if(!io_ch(arg, &chtmp, 1)) return -1;
-                        return 1;
-                }
-                if(!io_ch(arg, "\\", 1)) return -1;
-                if(!io_ch(arg, &chtmp, 1)) return -1;
-                return 2;
-        }
-        if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
-                BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
-                if(!io_ch(arg, tmphex, 3)) return -1;
-                return 3;
-        }
-        if(!io_ch(arg, &chtmp, 1)) return -1;
-        return 1;
-}
-
-#define BUF_TYPE_WIDTH_MASK     0x7
-#define BUF_TYPE_CONVUTF8       0x8
-
-/* This function sends each character in a buffer to
- * do_esc_char(). It interprets the content formats
- * and converts to or from UTF8 as appropriate.
- */
-
-static int do_buf(unsigned char *buf, int buflen,
-                        int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
-{
-        int i, outlen, len;
-        unsigned char orflags, *p, *q;
-        unsigned long c;
-        p = buf;
-        q = buf + buflen;
-        outlen = 0;
-        while(p != q) {
-                if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
-                else orflags = 0;
-                switch(type & BUF_TYPE_WIDTH_MASK) {
-                        case 4:
-                        c = ((unsigned long)*p++) << 24;
-                        c |= ((unsigned long)*p++) << 16;
-                        c |= ((unsigned long)*p++) << 8;
-                        c |= *p++;
-                        break;
-
-                        case 2:
-                        c = ((unsigned long)*p++) << 8;
-                        c |= *p++;
-                        break;
-
-                        case 1:
-                        c = *p++;
-                        break;
-                        
-                        case 0:
-                        i = UTF8_getc(p, buflen, &c);
-                        if(i < 0) return -1;    /* Invalid UTF8String */
-                        p += i;
-                        break;
-                }
-                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
-                if(type & BUF_TYPE_CONVUTF8) {
-                        unsigned char utfbuf[6];
-                        int utflen;
-                        utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
-                        for(i = 0; i < utflen; i++) {
-                                /* We don't need to worry about setting orflags correctly
-                                 * because if utflen==1 its value will be correct anyway 
-                                 * otherwise each character will be > 0x7f and so the 
-                                 * character will never be escaped on first and last.
-                                 */
-                                len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
-                                if(len < 0) return -1;
-                                outlen += len;
-                        }
-                } else {
-                        len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
-                        if(len < 0) return -1;
-                        outlen += len;
-                }
-        }
-        return outlen;
-}
-
-/* This function hex dumps a buffer of characters */
-
-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
-{
-        const static char hexdig[] = "0123456789ABCDEF";
-        unsigned char *p, *q;
-        char hextmp[2];
-        if(arg) {
-                p = buf;
-                q = buf + buflen;
-                while(p != q) {
-                        hextmp[0] = hexdig[*p >> 4];
-                        hextmp[1] = hexdig[*p & 0xf];
-                        if(!io_ch(arg, hextmp, 2)) return -1;
-                        p++;
-                }
-        }
-        return buflen << 1;
-}
-
-/* "dump" a string. This is done when the type is unknown,
- * or the flags request it. We can either dump the content
- * octets or the entire DER encoding. This uses the RFC2253
- * #01234 format.
- */
-
-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
-{
-        /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
-         * the DER encoding to readily obtained
-         */
-        ASN1_TYPE t;
-        unsigned char *der_buf, *p;
-        int outlen, der_len;
-
-        if(!io_ch(arg, "#", 1)) return -1;
-        /* If we don't dump DER encoding just dump content octets */
-        if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
-                outlen = do_hex_dump(io_ch, arg, str->data, str->length);
-                if(outlen < 0) return -1;
-                return outlen + 1;
-        }
-        t.type = str->type;
-        t.value.ptr = (char *)str;
-        der_len = i2d_ASN1_TYPE(&t, NULL);
-        der_buf = OPENSSL_malloc(der_len);
-        if(!der_buf) return -1;
-        p = der_buf;
-        i2d_ASN1_TYPE(&t, &p);
-        outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
-        OPENSSL_free(der_buf);
-        if(outlen < 0) return -1;
-        return outlen + 1;
-}
-
-/* Lookup table to convert tags to character widths,
- * 0 = UTF8 encoded, -1 is used for non string types
- * otherwise it is the number of bytes per character
- */
-
-const static signed char tag2nbyte[] = {
-        -1, -1, -1, -1, -1,     /* 0-4 */
-        -1, -1, -1, -1, -1,     /* 5-9 */
-        -1, -1, 0, -1,          /* 10-13 */
-        -1, -1, -1, -1,         /* 15-17 */
-        -1, 1, 1,               /* 18-20 */
-        -1, 1, 1, 1,            /* 21-24 */
-        -1, 1, -1,              /* 25-27 */
-        4, -1, 2                /* 28-30 */
-};
-
-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
-                  ASN1_STRFLGS_ESC_QUOTE | \
-                  ASN1_STRFLGS_ESC_CTRL | \
-                  ASN1_STRFLGS_ESC_MSB)
-
-/* This is the main function, print out an
- * ASN1_STRING taking note of various escape
- * and display options. Returns number of
- * characters written or -1 if an error
- * occurred.
- */
-
-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
-{
-        int outlen, len;
-        int type;
-        char quotes;
-        unsigned char flags;
-        quotes = 0;
-        /* Keep a copy of escape flags */
-        flags = (unsigned char)(lflags & ESC_FLAGS);
-
-        type = str->type;
-
-        outlen = 0;
-
-
-        if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
-                const char *tagname;
-                tagname = ASN1_tag2str(type);
-                outlen += strlen(tagname);
-                if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
-                outlen++;
-        }
-
-        /* Decide what to do with type, either dump content or display it */
-
-        /* Dump everything */
-        if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
-        /* Ignore the string type */
-        else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
-        else {
-                /* Else determine width based on type */
-                if((type > 0) && (type < 31)) type = tag2nbyte[type];
-                else type = -1;
-                if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
-        }
-
-        if(type == -1) {
-                len = do_dump(lflags, io_ch, arg, str);
-                if(len < 0) return -1;
-                outlen += len;
-                return outlen;
-        }
-
-        if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
-                /* Note: if string is UTF8 and we want
-                 * to convert to UTF8 then we just interpret
-                 * it as 1 byte per character to avoid converting
-                 * twice.
-                 */
-                if(!type) type = 1;
-                else type |= BUF_TYPE_CONVUTF8;
-        }
-
-        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-        if(outlen < 0) return -1;
-        outlen += len;
-        if(quotes) outlen += 2;
-        if(!arg) return outlen;
-        if(quotes && !io_ch(arg, "\"", 1)) return -1;
-        do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
-        if(quotes && !io_ch(arg, "\"", 1)) return -1;
-        return outlen;
-}
-
-/* Used for line indenting: print 'indent' spaces */
-
-static int do_indent(char_io *io_ch, void *arg, int indent)
-{
-        int i;
-        for(i = 0; i < indent; i++)
-                        if(!io_ch(arg, " ", 1)) return 0;
-        return 1;
-}
-
-#define FN_WIDTH_LN     25
-#define FN_WIDTH_SN     10
-
-static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
-                                int indent, unsigned long flags)
-{
-        int i, prev = -1, orflags, cnt;
-        int fn_opt, fn_nid;
-        ASN1_OBJECT *fn;
-        ASN1_STRING *val;
-        X509_NAME_ENTRY *ent;
-        char objtmp[80];
-        const char *objbuf;
-        int outlen, len;
-        char *sep_dn, *sep_mv, *sep_eq;
-        int sep_dn_len, sep_mv_len, sep_eq_len;
-        if(indent < 0) indent = 0;
-        outlen = indent;
-        if(!do_indent(io_ch, arg, indent)) return -1;
-        switch (flags & XN_FLAG_SEP_MASK)
-        {
-                case XN_FLAG_SEP_MULTILINE:
-                sep_dn = "\n";
-                sep_dn_len = 1;
-                sep_mv = " + ";
-                sep_mv_len = 3;
-                break;
-
-                case XN_FLAG_SEP_COMMA_PLUS:
-                sep_dn = ",";
-                sep_dn_len = 1;
-                sep_mv = "+";
-                sep_mv_len = 1;
-                indent = 0;
-                break;
-
-                case XN_FLAG_SEP_CPLUS_SPC:
-                sep_dn = ", ";
-                sep_dn_len = 2;
-                sep_mv = " + ";
-                sep_mv_len = 3;
-                indent = 0;
-                break;
-
-                case XN_FLAG_SEP_SPLUS_SPC:
-                sep_dn = "; ";
-                sep_dn_len = 2;
-                sep_mv = " + ";
-                sep_mv_len = 3;
-                indent = 0;
-                break;
-
-                default:
-                return -1;
-        }
-
-        if(flags & XN_FLAG_SPC_EQ) {
-                sep_eq = " = ";
-                sep_eq_len = 3;
-        } else {
-                sep_eq = "=";
-                sep_eq_len = 1;
-        }
-
-        fn_opt = flags & XN_FLAG_FN_MASK;
-
-        cnt = X509_NAME_entry_count(n); 
-        for(i = 0; i < cnt; i++) {
-                if(flags & XN_FLAG_DN_REV)
-                                ent = X509_NAME_get_entry(n, cnt - i - 1);
-                else ent = X509_NAME_get_entry(n, i);
-                if(prev != -1) {
-                        if(prev == ent->set) {
-                                if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
-                                outlen += sep_mv_len;
-                        } else {
-                                if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
-                                outlen += sep_dn_len;
-                                if(!do_indent(io_ch, arg, indent)) return -1;
-                                outlen += indent;
-                        }
-                }
-                prev = ent->set;
-                fn = X509_NAME_ENTRY_get_object(ent);
-                val = X509_NAME_ENTRY_get_data(ent);
-                fn_nid = OBJ_obj2nid(fn);
-                if(fn_opt != XN_FLAG_FN_NONE) {
-                        int objlen, fld_len;
-                        if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
-                                OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
-                                fld_len = 0; /* XXX: what should this be? */
-                                objbuf = objtmp;
-                        } else {
-                                if(fn_opt == XN_FLAG_FN_SN) {
-                                        fld_len = FN_WIDTH_SN;
-                                        objbuf = OBJ_nid2sn(fn_nid);
-                                } else if(fn_opt == XN_FLAG_FN_LN) {
-                                        fld_len = FN_WIDTH_LN;
-                                        objbuf = OBJ_nid2ln(fn_nid);
-                                } else {
-                                        fld_len = 0; /* XXX: what should this be? */
-                                        objbuf = "";
-                                }
-                        }
-                        objlen = strlen(objbuf);
-                        if(!io_ch(arg, objbuf, objlen)) return -1;
-                        if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
-                                if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
-                                outlen += fld_len - objlen;
-                        }
-                        if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
-                        outlen += objlen + sep_eq_len;
-                }
-                /* If the field name is unknown then fix up the DER dump
-                 * flag. We might want to limit this further so it will
-                 * DER dump on anything other than a few 'standard' fields.
-                 */
-                if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
-                                        orflags = ASN1_STRFLGS_DUMP_ALL;
-                else orflags = 0;
-     
-                len = do_print_ex(io_ch, arg, flags | orflags, val);
-                if(len < 0) return -1;
-                outlen += len;
-        }
-        return outlen;
-}
-
-/* Wrappers round the main functions */
-
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
-{
-        if(flags == XN_FLAG_COMPAT)
-                return X509_NAME_print(out, nm, indent);
-        return do_name_ex(send_bio_chars, out, nm, indent, flags);
-}
-
-
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
-{
-        if(flags == XN_FLAG_COMPAT)
-                {
-                BIO *btmp;
-                int ret;
-                btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-                if(!btmp) return -1;
-                ret = X509_NAME_print(btmp, nm, indent);
-                BIO_free(btmp);
-                return ret;
-                }
-        return do_name_ex(send_fp_chars, fp, nm, indent, flags);
-}
-
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
-{
-        return do_print_ex(send_bio_chars, out, flags, str);
-}
-
-
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
-{
-        return do_print_ex(send_fp_chars, fp, flags, str);
-}
-
-/* Utility function: convert any string type to UTF8, returns number of bytes
- * in output string or a negative error code
- */
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
-{
-        ASN1_STRING stmp, *str = &stmp;
-        int mbflag, type, ret;
-        if(!in) return -1;
-        type = in->type;
-        if((type < 0) || (type > 30)) return -1;
-        mbflag = tag2nbyte[type];
-        if(mbflag == -1) return -1;
-        if (mbflag == 0)
-                mbflag = MBSTRING_UTF8;
-        else if (mbflag == 4)
-                mbflag = MBSTRING_UNIV;
-        else            
-                mbflag |= MBSTRING_FLAG;
-        stmp.data = NULL;
-        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
-        if(ret < 0) return ret;
-        *out = stmp.data;
-        return stmp.length;
-}
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
deleted file mode 100644
index 613bbc4a7d..0000000000
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/* a_strnid.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-
-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
-static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-                        const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
-
-
-/* This is the global mask for the mbstring functions: this is use to
- * mask out certain types (such as BMPString and UTF8String) because
- * certain software (e.g. Netscape) has problems with them.
- */
-
-static unsigned long global_mask = 0xFFFFFFFFL;
-
-void ASN1_STRING_set_default_mask(unsigned long mask)
-{
-        global_mask = mask;
-}
-
-unsigned long ASN1_STRING_get_default_mask(void)
-{
-        return global_mask;
-}
-
-/* This function sets the default to various "flavours" of configuration.
- * based on an ASCII string. Currently this is:
- * MASK:XXXX : a numerical mask value.
- * nobmp : Don't use BMPStrings (just Printable, T61).
- * pkix : PKIX recommendation in RFC2459.
- * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
- * default:   the default value, Printable, T61, BMP.
- */
-
-int ASN1_STRING_set_default_mask_asc(char *p)
-{
-        unsigned long mask;
-        char *end;
-        if(!strncmp(p, "MASK:", 5)) {
-                if(!p[5]) return 0;
-                mask = strtoul(p + 5, &end, 0);
-                if(*end) return 0;
-        } else if(!strcmp(p, "nombstr"))
-                         mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
-        else if(!strcmp(p, "pkix"))
-                        mask = ~((unsigned long)B_ASN1_T61STRING);
-        else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
-        else if(!strcmp(p, "default"))
-            mask = 0xFFFFFFFFL;
-        else return 0;
-        ASN1_STRING_set_default_mask(mask);
-        return 1;
-}
-
-/* The following function generates an ASN1_STRING based on limits in a table.
- * Frequently the types and length of an ASN1_STRING are restricted by a 
- * corresponding OID. For example certificates and certificate requests.
- */
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
-                                        int inlen, int inform, int nid)
-{
-        ASN1_STRING_TABLE *tbl;
-        ASN1_STRING *str = NULL;
-        unsigned long mask;
-        int ret;
-        if(!out) out = &str;
-        tbl = ASN1_STRING_TABLE_get(nid);
-        if(tbl) {
-                mask = tbl->mask;
-                if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-                ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
-                                        tbl->minsize, tbl->maxsize);
-        } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
-        if(ret <= 0) return NULL;
-        return *out;
-}
-
-/* Now the tables and helper functions for the string table:
- */
-
-/* size limits: this stuff is taken straight from RFC3280 */
-
-#define ub_name                         32768
-#define ub_common_name                  64
-#define ub_locality_name                128
-#define ub_state_name                   128
-#define ub_organization_name            64
-#define ub_organization_unit_name       64
-#define ub_title                        64
-#define ub_email_address                128
-#define ub_serial_number                64
-
-
-/* This table must be kept in NID order */
-
-static ASN1_STRING_TABLE tbl_standard[] = {
-{NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
-{NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
-{NID_stateOrProvinceName,       1, ub_state_name, DIRSTRING_TYPE, 0},
-{NID_organizationName,          1, ub_organization_name, DIRSTRING_TYPE, 0},
-{NID_organizationalUnitName,    1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
-{NID_pkcs9_emailAddress,        1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_pkcs9_unstructuredName,    1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_challengePassword,   1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
-{NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
-{NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
-{NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber,              1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-{NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_domainComponent,           1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_ms_csp_name,               -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
-};
-
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-                        const ASN1_STRING_TABLE * const *b)
-{
-        return (*a)->nid - (*b)->nid;
-}
-
-static int table_cmp(const void *a, const void *b)
-{
-        const ASN1_STRING_TABLE *sa = a, *sb = b;
-        return sa->nid - sb->nid;
-}
-
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
-{
-        int idx;
-        ASN1_STRING_TABLE *ttmp;
-        ASN1_STRING_TABLE fnd;
-        fnd.nid = nid;
-        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-                                        (char *)tbl_standard, 
-                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                        sizeof(ASN1_STRING_TABLE), table_cmp);
-        if(ttmp) return ttmp;
-        if(!stable) return NULL;
-        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
-        if(idx < 0) return NULL;
-        return sk_ASN1_STRING_TABLE_value(stable, idx);
-}
-        
-int ASN1_STRING_TABLE_add(int nid,
-                 long minsize, long maxsize, unsigned long mask,
-                                unsigned long flags)
-{
-        ASN1_STRING_TABLE *tmp;
-        char new_nid = 0;
-        flags &= ~STABLE_FLAGS_MALLOC;
-        if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-        if(!stable) {
-                ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
-                tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
-                if(!tmp) {
-                        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
-                                                        ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                tmp->flags = flags | STABLE_FLAGS_MALLOC;
-                tmp->nid = nid;
-                new_nid = 1;
-        } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
-        if(minsize != -1) tmp->minsize = minsize;
-        if(maxsize != -1) tmp->maxsize = maxsize;
-        tmp->mask = mask;
-        if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
-        return 1;
-}
-
-void ASN1_STRING_TABLE_cleanup(void)
-{
-        STACK_OF(ASN1_STRING_TABLE) *tmp;
-        tmp = stable;
-        if(!tmp) return;
-        stable = NULL;
-        sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
-}
-
-static void st_free(ASN1_STRING_TABLE *tbl)
-{
-        if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
-}
-
-
-IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
-        ASN1_STRING_TABLE *tmp;
-        int i, last_nid = -1;
-
-        for (tmp = tbl_standard, i = 0;
-                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-                {
-                        if (tmp->nid < last_nid)
-                                {
-                                last_nid = 0;
-                                break;
-                                }
-                        last_nid = tmp->nid;
-                }
-
-        if (last_nid != 0)
-                {
-                printf("Table order OK\n");
-                exit(0);
-                }
-
-        for (tmp = tbl_standard, i = 0;
-                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-                        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-                                                        OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
deleted file mode 100644
index 159681fbcb..0000000000
--- a/src/lib/libcrypto/asn1/a_time.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* crypto/asn1/a_time.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* This is an implementation of the ASN1 Time structure which is:
- *    Time ::= CHOICE {
- *      utcTime        UTCTime,
- *      generalTime    GeneralizedTime }
- * written by Steve Henson.
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1t.h>
-
-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
-
-#if 0
-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
-        {
-#ifdef CHARSET_EBCDIC
-        /* KLUDGE! We convert to ascii before writing DER */
-        char tmp[24];
-        ASN1_STRING tmpstr;
-
-        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
-            int len;
-
-            tmpstr = *(ASN1_STRING *)a;
-            len = tmpstr.length;
-            ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
-            tmpstr.data = tmp;
-            a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-        }
-#endif
-        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
-                                return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-                                     a->type ,V_ASN1_UNIVERSAL));
-        ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-        return -1;
-        }
-#endif
-
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
-        {
-        struct tm *ts;
-        struct tm data;
-
-        ts=OPENSSL_gmtime(&t,&data);
-        if (ts == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
-                return NULL;
-                }
-        if((ts->tm_year >= 50) && (ts->tm_year < 150))
-                                        return ASN1_UTCTIME_set(s, t);
-        return ASN1_GENERALIZEDTIME_set(s,t);
-        }
-
-int ASN1_TIME_check(ASN1_TIME *t)
-        {
-        if (t->type == V_ASN1_GENERALIZEDTIME)
-                return ASN1_GENERALIZEDTIME_check(t);
-        else if (t->type == V_ASN1_UTCTIME)
-                return ASN1_UTCTIME_check(t);
-        return 0;
-        }
-
-/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
-        {
-        ASN1_GENERALIZEDTIME *ret;
-        char *str;
-        int newlen;
-
-        if (!ASN1_TIME_check(t)) return NULL;
-
-        if (!out || !*out)
-                {
-                if (!(ret = ASN1_GENERALIZEDTIME_new ()))
-                        return NULL;
-                if (out) *out = ret;
-                }
-        else ret = *out;
-
-        /* If already GeneralizedTime just copy across */
-        if (t->type == V_ASN1_GENERALIZEDTIME)
-                {
-                if(!ASN1_STRING_set(ret, t->data, t->length))
-                        return NULL;
-                return ret;
-                }
-
-        /* grow the string */
-        if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-                return NULL;
-        /* ASN1_STRING_set() allocated 'len + 1' bytes. */
-        newlen = t->length + 2 + 1;
-        str = (char *)ret->data;
-        /* Work out the century and prepend */
-        if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-        else BUF_strlcpy(str, "20", newlen);
-
-        BUF_strlcat(str, (char *)t->data, newlen);
-
-        return ret;
-        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
deleted file mode 100644
index 2292d49b93..0000000000
--- a/src/lib/libcrypto/asn1/a_type.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/asn1t.h>
-#include "cryptlib.h"
-
-int ASN1_TYPE_get(ASN1_TYPE *a)
-        {
-        if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-                return(a->type);
-        else
-                return(0);
-        }
-
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
-        {
-        if (a->value.ptr != NULL)
-                {
-                ASN1_TYPE **tmp_a = &a;
-                ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-                }
-        a->type=type;
-        a->value.ptr=value;
-        }
-
-
-IMPLEMENT_STACK_OF(ASN1_TYPE)
-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c
deleted file mode 100644
index 508e11e527..0000000000
--- a/src/lib/libcrypto/asn1/a_utf8.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/* crypto/asn1/a_utf8.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-
-/* UTF8 utilities */
-
-/* This parses a UTF8 string one character at a time. It is passed a pointer
- * to the string and the length of the string. It sets 'value' to the value of
- * the current character. It returns the number of characters read or a
- * negative error code:
- * -1 = string too short
- * -2 = illegal character
- * -3 = subsequent characters not of the form 10xxxxxx
- * -4 = character encoded incorrectly (not minimal length).
- */
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-{
-        const unsigned char *p;
-        unsigned long value;
-        int ret;
-        if(len <= 0) return 0;
-        p = str;
-
-        /* Check syntax and work out the encoded value (if correct) */
-        if((*p & 0x80) == 0) {
-                value = *p++ & 0x7f;
-                ret = 1;
-        } else if((*p & 0xe0) == 0xc0) {
-                if(len < 2) return -1;
-                if((p[1] & 0xc0) != 0x80) return -3;
-                value = (*p++ & 0x1f) << 6;
-                value |= *p++ & 0x3f;
-                if(value < 0x80) return -4;
-                ret = 2;
-        } else if((*p & 0xf0) == 0xe0) {
-                if(len < 3) return -1;
-                if( ((p[1] & 0xc0) != 0x80)
-                   || ((p[2] & 0xc0) != 0x80) ) return -3;
-                value = (*p++ & 0xf) << 12;
-                value |= (*p++ & 0x3f) << 6;
-                value |= *p++ & 0x3f;
-                if(value < 0x800) return -4;
-                ret = 3;
-        } else if((*p & 0xf8) == 0xf0) {
-                if(len < 4) return -1;
-                if( ((p[1] & 0xc0) != 0x80)
-                   || ((p[2] & 0xc0) != 0x80) 
-                   || ((p[3] & 0xc0) != 0x80) ) return -3;
-                value = ((unsigned long)(*p++ & 0x7)) << 18;
-                value |= (*p++ & 0x3f) << 12;
-                value |= (*p++ & 0x3f) << 6;
-                value |= *p++ & 0x3f;
-                if(value < 0x10000) return -4;
-                ret = 4;
-        } else if((*p & 0xfc) == 0xf8) {
-                if(len < 5) return -1;
-                if( ((p[1] & 0xc0) != 0x80)
-                   || ((p[2] & 0xc0) != 0x80) 
-                   || ((p[3] & 0xc0) != 0x80) 
-                   || ((p[4] & 0xc0) != 0x80) ) return -3;
-                value = ((unsigned long)(*p++ & 0x3)) << 24;
-                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-                value |= (*p++ & 0x3f) << 6;
-                value |= *p++ & 0x3f;
-                if(value < 0x200000) return -4;
-                ret = 5;
-        } else if((*p & 0xfe) == 0xfc) {
-                if(len < 6) return -1;
-                if( ((p[1] & 0xc0) != 0x80)
-                   || ((p[2] & 0xc0) != 0x80) 
-                   || ((p[3] & 0xc0) != 0x80) 
-                   || ((p[4] & 0xc0) != 0x80) 
-                   || ((p[5] & 0xc0) != 0x80) ) return -3;
-                value = ((unsigned long)(*p++ & 0x1)) << 30;
-                value |= ((unsigned long)(*p++ & 0x3f)) << 24;
-                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-                value |= (*p++ & 0x3f) << 6;
-                value |= *p++ & 0x3f;
-                if(value < 0x4000000) return -4;
-                ret = 6;
-        } else return -2;
-        *val = value;
-        return ret;
-}
-
-/* This takes a character 'value' and writes the UTF8 encoded value in
- * 'str' where 'str' is a buffer containing 'len' characters. Returns
- * the number of characters written or -1 if 'len' is too small. 'str' can
- * be set to NULL in which case it just returns the number of characters.
- * It will need at most 6 characters.
- */
-
-int UTF8_putc(unsigned char *str, int len, unsigned long value)
-{
-        if(!str) len = 6;       /* Maximum we will need */
-        else if(len <= 0) return -1;
-        if(value < 0x80) {
-                if(str) *str = (unsigned char)value;
-                return 1;
-        }
-        if(value < 0x800) {
-                if(len < 2) return -1;
-                if(str) {
-                        *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
-                        *str = (unsigned char)((value & 0x3f) | 0x80);
-                }
-                return 2;
-        }
-        if(value < 0x10000) {
-                if(len < 3) return -1;
-                if(str) {
-                        *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
-                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-                        *str = (unsigned char)((value & 0x3f) | 0x80);
-                }
-                return 3;
-        }
-        if(value < 0x200000) {
-                if(len < 4) return -1;
-                if(str) {
-                        *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
-                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-                        *str = (unsigned char)((value & 0x3f) | 0x80);
-                }
-                return 4;
-        }
-        if(value < 0x4000000) {
-                if(len < 5) return -1;
-                if(str) {
-                        *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
-                        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-                        *str = (unsigned char)((value & 0x3f) | 0x80);
-                }
-                return 5;
-        }
-        if(len < 6) return -1;
-        if(str) {
-                *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
-                *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
-                *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-                *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-                *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-                *str = (unsigned char)((value & 0x3f) | 0x80);
-        }
-        return 6;
-}
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
deleted file mode 100644
index 18ef0acf00..0000000000
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/* crypto/asn1/a_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
-             char *data, EVP_PKEY *pkey)
-        {
-        EVP_MD_CTX ctx;
-        const EVP_MD *type;
-        unsigned char *p,*buf_in=NULL;
-        int ret= -1,i,inl;
-
-        EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
-        if (type == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-                goto err;
-                }
-        
-        inl=i2d(data,NULL);
-        buf_in=OPENSSL_malloc((unsigned int)inl);
-        if (buf_in == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=buf_in;
-
-        i2d(data,&p);
-        EVP_VerifyInit_ex(&ctx,type, NULL);
-        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
-        OPENSSL_cleanse(buf_in,(unsigned int)inl);
-        OPENSSL_free(buf_in);
-
-        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-                        (unsigned int)signature->length,pkey) <= 0)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
-        /* we don't need to zero the 'ctx' because we just checked
-         * public information */
-        /* memset(&ctx,0,sizeof(ctx)); */
-        ret=1;
-err:
-        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
-        }
-
-#endif
-
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-             void *asn, EVP_PKEY *pkey)
-        {
-        EVP_MD_CTX ctx;
-        const EVP_MD *type;
-        unsigned char *buf_in=NULL;
-        int ret= -1,i,inl;
-
-        EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
-        if (type == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-                goto err;
-                }
-
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
-
-        inl = ASN1_item_i2d(asn, &buf_in, it);
-        
-        if (buf_in == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
-        OPENSSL_cleanse(buf_in,(unsigned int)inl);
-        OPENSSL_free(buf_in);
-
-        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-                        (unsigned int)signature->length,pkey) <= 0)
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
-        /* we don't need to zero the 'ctx' because we just checked
-         * public information */
-        /* memset(&ctx,0,sizeof(ctx)); */
-        ret=1;
-err:
-        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
-        }
-
-
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
deleted file mode 100644
index 0184b475a7..0000000000
--- a/src/lib/libcrypto/asn1/asn1.h
+++ /dev/null
@@ -1,1113 +0,0 @@
-/* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_H
-#define HEADER_ASN1_H
-
-#include <time.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/e_os2.h>
-#include <openssl/bn.h>
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-
-#include <openssl/symhacks.h>
-
-#include <openssl/ossl_typ.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define V_ASN1_UNIVERSAL                0x00
-#define V_ASN1_APPLICATION              0x40
-#define V_ASN1_CONTEXT_SPECIFIC         0x80
-#define V_ASN1_PRIVATE                  0xc0
-
-#define V_ASN1_CONSTRUCTED              0x20
-#define V_ASN1_PRIMITIVE_TAG            0x1f
-#define V_ASN1_PRIMATIVE_TAG            0x1f
-
-#define V_ASN1_APP_CHOOSE               -2      /* let the recipient choose */
-#define V_ASN1_OTHER                    -3      /* used in ASN1_TYPE */
-#define V_ASN1_ANY                      -4      /* used in ASN1 template code */
-
-#define V_ASN1_NEG                      0x100   /* negative flag */
-
-#define V_ASN1_UNDEF                    -1
-#define V_ASN1_EOC                      0
-#define V_ASN1_BOOLEAN                  1       /**/
-#define V_ASN1_INTEGER                  2
-#define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
-#define V_ASN1_BIT_STRING               3
-#define V_ASN1_OCTET_STRING             4
-#define V_ASN1_NULL                     5
-#define V_ASN1_OBJECT                   6
-#define V_ASN1_OBJECT_DESCRIPTOR        7
-#define V_ASN1_EXTERNAL                 8
-#define V_ASN1_REAL                     9
-#define V_ASN1_ENUMERATED               10
-#define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
-#define V_ASN1_UTF8STRING               12
-#define V_ASN1_SEQUENCE                 16
-#define V_ASN1_SET                      17
-#define V_ASN1_NUMERICSTRING            18      /**/
-#define V_ASN1_PRINTABLESTRING          19
-#define V_ASN1_T61STRING                20
-#define V_ASN1_TELETEXSTRING            20      /* alias */
-#define V_ASN1_VIDEOTEXSTRING           21      /**/
-#define V_ASN1_IA5STRING                22
-#define V_ASN1_UTCTIME                  23
-#define V_ASN1_GENERALIZEDTIME          24      /**/
-#define V_ASN1_GRAPHICSTRING            25      /**/
-#define V_ASN1_ISO64STRING              26      /**/
-#define V_ASN1_VISIBLESTRING            26      /* alias */
-#define V_ASN1_GENERALSTRING            27      /**/
-#define V_ASN1_UNIVERSALSTRING          28      /**/
-#define V_ASN1_BMPSTRING                30
-
-/* For use with d2i_ASN1_type_bytes() */
-#define B_ASN1_NUMERICSTRING    0x0001
-#define B_ASN1_PRINTABLESTRING  0x0002
-#define B_ASN1_T61STRING        0x0004
-#define B_ASN1_TELETEXSTRING    0x0004
-#define B_ASN1_VIDEOTEXSTRING   0x0008
-#define B_ASN1_IA5STRING        0x0010
-#define B_ASN1_GRAPHICSTRING    0x0020
-#define B_ASN1_ISO64STRING      0x0040
-#define B_ASN1_VISIBLESTRING    0x0040
-#define B_ASN1_GENERALSTRING    0x0080
-#define B_ASN1_UNIVERSALSTRING  0x0100
-#define B_ASN1_OCTET_STRING     0x0200
-#define B_ASN1_BIT_STRING       0x0400
-#define B_ASN1_BMPSTRING        0x0800
-#define B_ASN1_UNKNOWN          0x1000
-#define B_ASN1_UTF8STRING       0x2000
-#define B_ASN1_UTCTIME          0x4000
-#define B_ASN1_GENERALIZEDTIME  0x8000
-
-/* For use with ASN1_mbstring_copy() */
-#define MBSTRING_FLAG           0x1000
-#define MBSTRING_ASC            (MBSTRING_FLAG|1)
-#define MBSTRING_BMP            (MBSTRING_FLAG|2)
-#define MBSTRING_UNIV           (MBSTRING_FLAG|3)
-#define MBSTRING_UTF8           (MBSTRING_FLAG|4)
-
-struct X509_algor_st;
-
-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
-
-typedef struct asn1_ctx_st
-        {
-        unsigned char *p;/* work char pointer */
-        int eos;        /* end of sequence read for indefinite encoding */
-        int error;      /* error code to use when returning an error */
-        int inf;        /* constructed if 0x20, indefinite is 0x21 */
-        int tag;        /* tag from last 'get object' */
-        int xclass;     /* class from last 'get object' */
-        long slen;      /* length of last 'get object' */
-        unsigned char *max; /* largest value of p allowed */
-        unsigned char *q;/* temporary variable */
-        unsigned char **pp;/* variable */
-        int line;       /* used in error processing */
-        } ASN1_CTX;
-
-/* These are used internally in the ASN1_OBJECT to keep track of
- * whether the names and data need to be free()ed */
-#define ASN1_OBJECT_FLAG_DYNAMIC         0x01   /* internal use */
-#define ASN1_OBJECT_FLAG_CRITICAL        0x02   /* critical x509v3 object id */
-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04   /* internal use */
-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08   /* internal use */
-typedef struct asn1_object_st
-        {
-        const char *sn,*ln;
-        int nid;
-        int length;
-        unsigned char *data;
-        int flags;      /* Should we free this one */
-        } ASN1_OBJECT;
-
-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This is the base type that holds just about everything :-) */
-typedef struct asn1_string_st
-        {
-        int length;
-        int type;
-        unsigned char *data;
-        /* The value of the following field depends on the type being
-         * held.  It is mostly being used for BIT_STRING so if the
-         * input data has a non-zero 'unused bits' value, it will be
-         * handled correctly */
-        long flags;
-        } ASN1_STRING;
-
-/* ASN1_ENCODING structure: this is used to save the received
- * encoding of an ASN1 type. This is useful to get round
- * problems with invalid encodings which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st
-        {
-        unsigned char *enc;     /* DER encoding */
-        long len;               /* Length of encoding */
-        int modified;            /* set to 1 if 'enc' is invalid */
-        } ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-#define ASN1_LONG_UNDEF 0x7fffffffL
-
-#define STABLE_FLAGS_MALLOC     0x01
-#define STABLE_NO_MASK          0x02
-#define DIRSTRING_TYPE  \
- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
-
-typedef struct asn1_string_table_st {
-        int nid;
-        long minsize;
-        long maxsize;
-        unsigned long mask;
-        unsigned long flags;
-} ASN1_STRING_TABLE;
-
-DECLARE_STACK_OF(ASN1_STRING_TABLE)
-
-/* size limits: this stuff is taken straight from RFC2459 */
-
-#define ub_name                         32768
-#define ub_common_name                  64
-#define ub_locality_name                128
-#define ub_state_name                   128
-#define ub_organization_name            64
-#define ub_organization_unit_name       64
-#define ub_title                        64
-#define ub_email_address                128
-
-/* Declarations for template structures: for full definitions
- * see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_ITEM_st ASN1_ITEM;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-        type *name##_new(void); \
-        void name##_free(type *a); \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-        type *name##_new(void); \
-        void name##_free(type *a); \
-        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-        type *d2i_##name(type **a, unsigned char **in, long len); \
-        int i2d_##name(type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(itname)
-
-#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
-        int i2d_##name(const type *a, unsigned char **out); \
-        DECLARE_ASN1_ITEM(name)
-
-#define DECLARE_ASN1_FUNCTIONS_const(name) \
-        name *name##_new(void); \
-        void name##_free(name *a);
-
-
-/* The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- *      ...
- *      ASN1_ITEM_EXP *iptr;
- *      ...
- * } SOMETHING; 
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) \
-        OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-#else
-
-/* Platforms that can't easily handle shared global variables are declared
- * as functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#define DECLARE_ASN1_ITEM(name) \
-        const ASN1_ITEM * name##_it(void);
-
-#endif
-
-/* Parameters used by ASN1_STRING_print_ex() */
-
-/* These determine which characters to escape:
- * RFC2253 special characters, control characters and
- * MSB set characters
- */
-
-#define ASN1_STRFLGS_ESC_2253           1
-#define ASN1_STRFLGS_ESC_CTRL           2
-#define ASN1_STRFLGS_ESC_MSB            4
-
-
-/* This flag determines how we do escaping: normally
- * RC2253 backslash only, set this to use backslash and
- * quote.
- */
-
-#define ASN1_STRFLGS_ESC_QUOTE          8
-
-
-/* These three flags are internal use only. */
-
-/* Character is a valid PrintableString character */
-#define CHARTYPE_PRINTABLESTRING        0x10
-/* Character needs escaping if it is the first character */
-#define CHARTYPE_FIRST_ESC_2253         0x20
-/* Character needs escaping if it is the last character */
-#define CHARTYPE_LAST_ESC_2253          0x40
-
-/* NB the internal flags are safely reused below by flags
- * handled at the top level.
- */
-
-/* If this is set we convert all character strings
- * to UTF8 first 
- */
-
-#define ASN1_STRFLGS_UTF8_CONVERT       0x10
-
-/* If this is set we don't attempt to interpret content:
- * just assume all strings are 1 byte per character. This
- * will produce some pretty odd looking output!
- */
-
-#define ASN1_STRFLGS_IGNORE_TYPE        0x20
-
-/* If this is set we include the string type in the output */
-#define ASN1_STRFLGS_SHOW_TYPE          0x40
-
-/* This determines which strings to display and which to
- * 'dump' (hex dump of content octets or DER encoding). We can
- * only dump non character strings or everything. If we
- * don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to
- * the usual escaping options.
- */
-
-#define ASN1_STRFLGS_DUMP_ALL           0x80
-#define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-
-/* These determine what 'dumping' does, we can dump the
- * content octets or the DER encoding: both use the
- * RFC2253 #XXXXX notation.
- */
-
-#define ASN1_STRFLGS_DUMP_DER           0x200
-
-/* All the string flags consistent with RFC2253,
- * escaping control characters isn't essential in
- * RFC2253 but it is advisable anyway.
- */
-
-#define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
-                                ASN1_STRFLGS_ESC_CTRL | \
-                                ASN1_STRFLGS_ESC_MSB | \
-                                ASN1_STRFLGS_UTF8_CONVERT | \
-                                ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                ASN1_STRFLGS_DUMP_DER)
-
-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
-DECLARE_STACK_OF(ASN1_GENERALSTRING)
-
-typedef struct asn1_type_st
-        {
-        int type;
-        union   {
-                char *ptr;
-                ASN1_BOOLEAN            boolean;
-                ASN1_STRING *           asn1_string;
-                ASN1_OBJECT *           object;
-                ASN1_INTEGER *          integer;
-                ASN1_ENUMERATED *       enumerated;
-                ASN1_BIT_STRING *       bit_string;
-                ASN1_OCTET_STRING *     octet_string;
-                ASN1_PRINTABLESTRING *  printablestring;
-                ASN1_T61STRING *        t61string;
-                ASN1_IA5STRING *        ia5string;
-                ASN1_GENERALSTRING *    generalstring;
-                ASN1_BMPSTRING *        bmpstring;
-                ASN1_UNIVERSALSTRING *  universalstring;
-                ASN1_UTCTIME *          utctime;
-                ASN1_GENERALIZEDTIME *  generalizedtime;
-                ASN1_VISIBLESTRING *    visiblestring;
-                ASN1_UTF8STRING *       utf8string;
-                /* set and sequence are left complete and still
-                 * contain the set or sequence bytes */
-                ASN1_STRING *           set;
-                ASN1_STRING *           sequence;
-                } value;
-        } ASN1_TYPE;
-
-DECLARE_STACK_OF(ASN1_TYPE)
-DECLARE_ASN1_SET_OF(ASN1_TYPE)
-
-typedef struct asn1_method_st
-        {
-        int (*i2d)();
-        char *(*d2i)();
-        char *(*create)();
-        void (*destroy)();
-        } ASN1_METHOD;
-
-/* This is used when parsing some Netscape objects */
-typedef struct asn1_header_st
-        {
-        ASN1_OCTET_STRING *header;
-        char *data;
-        ASN1_METHOD *meth;
-        } ASN1_HEADER;
-
-/* This is used to contain a list of bit names */
-typedef struct BIT_STRING_BITNAME_st {
-        int bitnum;
-        const char *lname;
-        const char *sname;
-} BIT_STRING_BITNAME;
-
-
-#define M_ASN1_STRING_length(x) ((x)->length)
-#define M_ASN1_STRING_length_set(x, n)  ((x)->length = (n))
-#define M_ASN1_STRING_type(x)   ((x)->type)
-#define M_ASN1_STRING_data(x)   ((x)->data)
-
-/* Macros for string operations */
-#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
-                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-#define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
-                ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
-
-#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
-                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-#define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
-
-#define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
-                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
-#define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
-#define M_i2d_ASN1_OCTET_STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
-                V_ASN1_UNIVERSAL)
-
-#define B_ASN1_TIME \
-                        B_ASN1_UTCTIME | \
-                        B_ASN1_GENERALIZEDTIME
-
-#define B_ASN1_PRINTABLE \
-                        B_ASN1_PRINTABLESTRING| \
-                        B_ASN1_T61STRING| \
-                        B_ASN1_IA5STRING| \
-                        B_ASN1_BIT_STRING| \
-                        B_ASN1_UNIVERSALSTRING|\
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UTF8STRING|\
-                        B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING \
-                        B_ASN1_PRINTABLESTRING| \
-                        B_ASN1_TELETEXSTRING|\
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UNIVERSALSTRING|\
-                        B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
-                        B_ASN1_IA5STRING| \
-                        B_ASN1_VISIBLESTRING| \
-                        B_ASN1_BMPSTRING|\
-                        B_ASN1_UTF8STRING
-
-#define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_PRINTABLE)
-
-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_DIRECTORYSTRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                                                pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DIRECTORYSTRING(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_DIRECTORYSTRING)
-
-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-                                                pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DISPLAYTEXT(a,pp,l) \
-                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-                        B_ASN1_DISPLAYTEXT)
-
-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
-                ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_ASN1_PRINTABLESTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
-                V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
-                (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-#define M_ASN1_T61STRING_new()  (ASN1_T61STRING *)\
-                ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_T61STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_T61STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
-                V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_T61STRING(a,pp,l) \
-                (ASN1_T61STRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-#define M_ASN1_IA5STRING_new()  (ASN1_IA5STRING *)\
-                ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_IA5STRING_dup(a) \
-                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_i2d_ASN1_IA5STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_IA5STRING(a,pp,l) \
-                (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
-                        B_ASN1_IA5STRING)
-
-#define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
-                ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
-
-#define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
-                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-        (ASN1_STRING *)a)
-
-#define M_ASN1_TIME_new()       (ASN1_TIME *)\
-                ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
-
-#define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define M_ASN1_GENERALSTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_GENERALSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
-                (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-#define M_ASN1_UNIVERSALSTRING_new()    (ASN1_UNIVERSALSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define M_ASN1_UNIVERSALSTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
-                (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-#define M_ASN1_BMPSTRING_new()  (ASN1_BMPSTRING *)\
-                ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define M_ASN1_BMPSTRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_BMPSTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
-                (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-#define M_ASN1_VISIBLESTRING_new()      (ASN1_VISIBLESTRING *)\
-                ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_ASN1_VISIBLESTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
-                (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
-                ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-#define M_ASN1_UTF8STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UTF8STRING(a,pp) \
-                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
-                        V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
-                (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
-                ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
-  /* for the is_set parameter to i2d_ASN1_SET */
-#define IS_SEQUENCE     0
-#define IS_SET          1
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-
-ASN1_OBJECT *   ASN1_OBJECT_new(void );
-void            ASN1_OBJECT_free(ASN1_OBJECT *a);
-int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
-                        long length);
-ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
-                        long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_STACK_OF(ASN1_OBJECT)
-DECLARE_ASN1_SET_OF(ASN1_OBJECT)
-
-ASN1_STRING *   ASN1_STRING_new(void);
-void            ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
-ASN1_STRING *   ASN1_STRING_type_new(int type );
-int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
-  /* Since this is used to store all sorts of things, via macros, for now, make
-     its data void * */
-int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
-                        long length);
-int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
-                        int length );
-int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-
-#ifndef OPENSSL_NO_BIO
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-                                BIT_STRING_BITNAME *tbl, int indent);
-#endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-                                BIT_STRING_BITNAME *tbl);
-
-int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int             d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-                        long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
-                        long length);
-ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
-int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
-int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
-int UTF8_putc(unsigned char *str, int len, unsigned long value);
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-
-int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
-                        int (*func)(), int ex_tag, int ex_class, int is_set);
-STACK *         d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-                        char *(*func)(), void (*free_func)(void *),
-                        int ex_tag, int ex_class);
-
-#ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-#endif
-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
-
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-        const char *sn, const char *ln);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
-
-/* General */
-/* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
-        long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
-                long length,int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
-        int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-        int tag, int xclass);
-int ASN1_object_size(int constructed, int length, int tag);
-
-/* Used to implement other functions */
-char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-#ifndef OPENSSL_NO_FP_API
-char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
-#endif
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-#ifndef OPENSSL_NO_BIO
-char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
-#endif
-const char *ASN1_tag2str(int tag);
-
-/* Used to load and write netscape format cert/key */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
-ASN1_HEADER *ASN1_HEADER_new(void );
-void ASN1_HEADER_free(ASN1_HEADER *a);
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
-/* Not used that much at this point, except for the first two */
-ASN1_METHOD *X509_asn1_meth(void);
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
-        unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
-        unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
-        unsigned char *data, int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
-        unsigned char *data, int max_len);
-
-STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-                                                 void (*free_func)(void *) ); 
-unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-                             int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
-
-void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(char *p);
-unsigned long ASN1_STRING_get_default_mask(void);
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-                                        int inform, unsigned long mask);
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-                                        int inform, unsigned long mask, 
-                                        long minsize, long maxsize);
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
-                const unsigned char *in, int inlen, int inform, int nid);
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
-void ASN1_STRING_TABLE_cleanup(void);
-
-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-
-void ASN1_add_oid_module(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ASN1_strings(void);
-
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT                           100
-#define ASN1_F_A2I_ASN1_ENUMERATED                       101
-#define ASN1_F_A2I_ASN1_INTEGER                          102
-#define ASN1_F_A2I_ASN1_STRING                           103
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT                   176
-#define ASN1_F_ASN1_CHECK_TLEN                           104
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
-#define ASN1_F_ASN1_COLLECT                              106
-#define ASN1_F_ASN1_D2I_BIO                              107
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
-#define ASN1_F_ASN1_D2I_FP                               109
-#define ASN1_F_ASN1_DIGEST                               177
-#define ASN1_F_ASN1_DO_ADB                               110
-#define ASN1_F_ASN1_DUP                                  111
-#define ASN1_F_ASN1_ENUMERATED_SET                       112
-#define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
-#define ASN1_F_ASN1_FIND_END                             182
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET                  178
-#define ASN1_F_ASN1_GET_OBJECT                           114
-#define ASN1_F_ASN1_HEADER_NEW                           115
-#define ASN1_F_ASN1_I2D_BIO                              116
-#define ASN1_F_ASN1_I2D_FP                               117
-#define ASN1_F_ASN1_INTEGER_SET                          118
-#define ASN1_F_ASN1_INTEGER_TO_BN                        119
-#define ASN1_F_ASN1_ITEM_EX_D2I                          120
-#define ASN1_F_ASN1_ITEM_NEW                             121
-#define ASN1_F_ASN1_MBSTRING_COPY                        122
-#define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_PACK_STRING                          124
-#define ASN1_F_ASN1_PBE_SET                              125
-#define ASN1_F_ASN1_SEQ_PACK                             126
-#define ASN1_F_ASN1_SEQ_UNPACK                           127
-#define ASN1_F_ASN1_SIGN                                 128
-#define ASN1_F_ASN1_STRING_SET                           179
-#define ASN1_F_ASN1_STRING_TABLE_ADD                     129
-#define ASN1_F_ASN1_STRING_TYPE_NEW                      130
-#define ASN1_F_ASN1_TEMPLATE_D2I                         131
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
-#define ASN1_F_ASN1_TEMPLATE_NEW                         133
-#define ASN1_F_ASN1_TIME_SET                             175
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
-#define ASN1_F_ASN1_UNPACK_STRING                        136
-#define ASN1_F_ASN1_UTCTIME_SET                          180
-#define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
-#define ASN1_F_BN_TO_ASN1_INTEGER                        139
-#define ASN1_F_COLLECT_DATA                              140
-#define ASN1_F_D2I_ASN1_BIT_STRING                       141
-#define ASN1_F_D2I_ASN1_BOOLEAN                          142
-#define ASN1_F_D2I_ASN1_BYTES                            143
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  144
-#define ASN1_F_D2I_ASN1_HEADER                           145
-#define ASN1_F_D2I_ASN1_INTEGER                          146
-#define ASN1_F_D2I_ASN1_OBJECT                           147
-#define ASN1_F_D2I_ASN1_SET                              148
-#define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
-#define ASN1_F_D2I_ASN1_UINTEGER                         150
-#define ASN1_F_D2I_ASN1_UTCTIME                          151
-#define ASN1_F_D2I_NETSCAPE_RSA                          152
-#define ASN1_F_D2I_NETSCAPE_RSA_2                        153
-#define ASN1_F_D2I_PRIVATEKEY                            154
-#define ASN1_F_D2I_PUBLICKEY                             155
-#define ASN1_F_D2I_X509                                  156
-#define ASN1_F_D2I_X509_CINF                             157
-#define ASN1_F_D2I_X509_NAME                             158
-#define ASN1_F_D2I_X509_PKEY                             159
-#define ASN1_F_I2D_ASN1_SET                              181
-#define ASN1_F_I2D_ASN1_TIME                             160
-#define ASN1_F_I2D_DSA_PUBKEY                            161
-#define ASN1_F_I2D_NETSCAPE_RSA                          162
-#define ASN1_F_I2D_PRIVATEKEY                            163
-#define ASN1_F_I2D_PUBLICKEY                             164
-#define ASN1_F_I2D_RSA_PUBKEY                            165
-#define ASN1_F_LONG_C2I                                  166
-#define ASN1_F_OID_MODULE_INIT                           174
-#define ASN1_F_PKCS5_PBE2_SET                            167
-#define ASN1_F_X509_CINF_NEW                             168
-#define ASN1_F_X509_CRL_ADD0_REVOKED                     169
-#define ASN1_F_X509_INFO_NEW                             170
-#define ASN1_F_X509_NAME_NEW                             171
-#define ASN1_F_X509_NEW                                  172
-#define ASN1_F_X509_PKEY_NEW                             173
-
-/* Reason codes. */
-#define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_AUX_ERROR                                 100
-#define ASN1_R_BAD_CLASS                                 101
-#define ASN1_R_BAD_OBJECT_HEADER                         102
-#define ASN1_R_BAD_PASSWORD_READ                         103
-#define ASN1_R_BAD_TAG                                   104
-#define ASN1_R_BN_LIB                                    105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
-#define ASN1_R_BUFFER_TOO_SMALL                          107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
-#define ASN1_R_DATA_IS_WRONG                             109
-#define ASN1_R_DECODE_ERROR                              110
-#define ASN1_R_DECODING_ERROR                            111
-#define ASN1_R_ENCODE_ERROR                              112
-#define ASN1_R_ERROR_GETTING_TIME                        173
-#define ASN1_R_ERROR_LOADING_SECTION                     172
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT                 113
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
-#define ASN1_R_EXPECTING_AN_INTEGER                      115
-#define ASN1_R_EXPECTING_AN_OBJECT                       116
-#define ASN1_R_EXPECTING_A_BOOLEAN                       117
-#define ASN1_R_EXPECTING_A_TIME                          118
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
-#define ASN1_R_FIELD_MISSING                             121
-#define ASN1_R_FIRST_NUM_TOO_LARGE                       122
-#define ASN1_R_HEADER_TOO_LONG                           123
-#define ASN1_R_ILLEGAL_CHARACTERS                        124
-#define ASN1_R_ILLEGAL_NULL                              125
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
-#define ASN1_R_ILLEGAL_TAGGED_ANY                        127
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
-#define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
-#define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_SEPARATOR                         131
-#define ASN1_R_INVALID_TIME_FORMAT                       132
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
-#define ASN1_R_INVALID_UTF8STRING                        134
-#define ASN1_R_IV_TOO_LARGE                              135
-#define ASN1_R_LENGTH_ERROR                              136
-#define ASN1_R_MISSING_EOC                               137
-#define ASN1_R_MISSING_SECOND_NUMBER                     138
-#define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
-#define ASN1_R_MSTRING_WRONG_TAG                         140
-#define ASN1_R_NESTED_ASN1_STRING                        174
-#define ASN1_R_NON_HEX_CHARACTERS                        141
-#define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NULL_IS_WRONG_LENGTH                      144
-#define ASN1_R_ODD_NUMBER_OF_CHARS                       145
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
-#define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_STRING_TOO_LONG                           151
-#define ASN1_R_STRING_TOO_SHORT                          152
-#define ASN1_R_TAG_VALUE_TOO_HIGH                        153
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TOO_LONG                                  155
-#define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
-#define ASN1_R_UNEXPECTED_EOC                            159
-#define ASN1_R_UNKNOWN_FORMAT                            160
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
-#define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
-#define ASN1_R_UNSUPPORTED_CIPHER                        165
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
-#define ASN1_R_WRONG_TAG                                 168
-#define ASN1_R_WRONG_TYPE                                169
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
deleted file mode 100644
index 315d0a0807..0000000000
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* crypto/asn1/asn1_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
-
-static ERR_STRING_DATA ASN1_str_functs[]=
-        {
-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),      "a2d_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),  "a2i_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),     "a2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),      "a2i_ASN1_STRING"},
-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),      "ASN1_BIT_STRING_set_bit"},
-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),      "ASN1_CHECK_TLEN"},
-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),       "ASN1_COLLATE_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),        "ASN1_D2I_EX_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_FP),  "ASN1_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_DIGEST),  "ASN1_digest"},
-{ERR_FUNC(ASN1_F_ASN1_DO_ADB),  "ASN1_DO_ADB"},
-{ERR_FUNC(ASN1_F_ASN1_DUP),     "ASN1_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),  "ASN1_ENUMERATED_set"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),   "ASN1_INTEGER_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),     "ASN1_ITEM_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW),        "ASN1_item_new"},
-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY),   "ASN1_mbstring_copy"},
-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_SIGN),    "ASN1_sign"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_SET),      "ASN1_STRING_set"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),        "ASN1_STRING_TABLE_add"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I),    "ASN1_TEMPLATE_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),  "D2I_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),        "d2i_PublicKey"},
-{ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
-{ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
-{ERR_FUNC(ASN1_F_D2I_X509_NAME),        "D2I_X509_NAME"},
-{ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA),     "i2d_Netscape_RSA"},
-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),       "i2d_PrivateKey"},
-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),        "i2d_PublicKey"},
-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),       "i2d_RSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
-{ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),        "X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),        "X509_INFO_new"},
-{ERR_FUNC(ASN1_F_X509_NAME_NEW),        "X509_NAME_NEW"},
-{ERR_FUNC(ASN1_F_X509_NEW),     "X509_NEW"},
-{ERR_FUNC(ASN1_F_X509_PKEY_NEW),        "X509_PKEY_new"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA ASN1_str_reasons[]=
-        {
-{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
-{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
-{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
-{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
-{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
-{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
-{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
-{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},
-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},
-{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},
-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
-{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
-{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
-{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
-{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
-{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
-{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
-{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
-{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
-{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
-{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
-{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
-{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
-{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_ASN1_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,ASN1_str_functs);
-                ERR_load_strings(0,ASN1_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
deleted file mode 100644
index 97b9b35f4b..0000000000
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ /dev/null
@@ -1,433 +0,0 @@
-/* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
-static void asn1_put_length(unsigned char **pp, int length);
-const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
-
-int ASN1_check_infinite_end(unsigned char **p, long len)
-        {
-        /* If there is 0 or 1 byte left, the length check should pick
-         * things up */
-        if (len <= 0)
-                return(1);
-        else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
-                {
-                (*p)+=2;
-                return(1);
-                }
-        return(0);
-        }
-
-
-int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
-             long omax)
-        {
-        int i,ret;
-        long l;
-        unsigned char *p= *pp;
-        int tag,xclass,inf;
-        long max=omax;
-
-        if (!max) goto err;
-        ret=(*p&V_ASN1_CONSTRUCTED);
-        xclass=(*p&V_ASN1_PRIVATE);
-        i= *p&V_ASN1_PRIMITIVE_TAG;
-        if (i == V_ASN1_PRIMITIVE_TAG)
-                {               /* high-tag */
-                p++;
-                if (--max == 0) goto err;
-                l=0;
-                while (*p&0x80)
-                        {
-                        l<<=7L;
-                        l|= *(p++)&0x7f;
-                        if (--max == 0) goto err;
-                        if (l > (INT_MAX >> 7L)) goto err;
-                        }
-                l<<=7L;
-                l|= *(p++)&0x7f;
-                tag=(int)l;
-                if (--max == 0) goto err;
-                }
-        else
-                { 
-                tag=i;
-                p++;
-                if (--max == 0) goto err;
-                }
-        *ptag=tag;
-        *pclass=xclass;
-        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
-
-#if 0
-        fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
-                (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
-                (int)(omax+ *pp));
-
-#endif
-        if (*plength > (omax - (p - *pp)))
-                {
-                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
-                /* Set this so that even if things are not long enough
-                 * the values are set correctly */
-                ret|=0x80;
-                }
-        *pp=p;
-        return(ret|inf);
-err:
-        ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
-        return(0x80);
-        }
-
-static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
-        {
-        unsigned char *p= *pp;
-        unsigned long ret=0;
-        int i;
-
-        if (max-- < 1) return(0);
-        if (*p == 0x80)
-                {
-                *inf=1;
-                ret=0;
-                p++;
-                }
-        else
-                {
-                *inf=0;
-                i= *p&0x7f;
-                if (*(p++) & 0x80)
-                        {
-                        if (i > sizeof(long))
-                                return 0;
-                        if (max-- == 0) return(0);
-                        while (i-- > 0)
-                                {
-                                ret<<=8L;
-                                ret|= *(p++);
-                                if (max-- == 0) return(0);
-                                }
-                        }
-                else
-                        ret=i;
-                }
-        if (ret > LONG_MAX)
-                return 0;
-        *pp=p;
-        *rl=(long)ret;
-        return(1);
-        }
-
-/* class 0 is constructed
- * constructed == 2 for indefinite length constructed */
-void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
-             int xclass)
-        {
-        unsigned char *p= *pp;
-        int i, ttag;
-
-        i=(constructed)?V_ASN1_CONSTRUCTED:0;
-        i|=(xclass&V_ASN1_PRIVATE);
-        if (tag < 31)
-                *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
-        else
-                {
-                *(p++)=i|V_ASN1_PRIMITIVE_TAG;
-                for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
-                ttag = i;
-                while(i-- > 0)
-                        {
-                        p[i] = tag & 0x7f;
-                        if(i != (ttag - 1)) p[i] |= 0x80;
-                        tag >>= 7;
-                        }
-                p += ttag;
-                }
-        if ((constructed == 2) && (length == 0))
-                *(p++)=0x80; /* der_put_length would output 0 instead */
-        else
-                asn1_put_length(&p,length);
-        *pp=p;
-        }
-
-static void asn1_put_length(unsigned char **pp, int length)
-        {
-        unsigned char *p= *pp;
-        int i,l;
-        if (length <= 127)
-                *(p++)=(unsigned char)length;
-        else
-                {
-                l=length;
-                for (i=0; l > 0; i++)
-                        l>>=8;
-                *(p++)=i|0x80;
-                l=i;
-                while (i-- > 0)
-                        {
-                        p[i]=length&0xff;
-                        length>>=8;
-                        }
-                p+=l;
-                }
-        *pp=p;
-        }
-
-int ASN1_object_size(int constructed, int length, int tag)
-        {
-        int ret;
-
-        ret=length;
-        ret++;
-        if (tag >= 31)
-                {
-                while (tag > 0)
-                        {
-                        tag>>=7;
-                        ret++;
-                        }
-                }
-        if ((length == 0) && (constructed == 2))
-                ret+=2;
-        ret++;
-        if (length > 127)
-                {
-                while (length > 0)
-                        {
-                        length>>=8;
-                        ret++;
-                        }
-                }
-        return(ret);
-        }
-
-int asn1_Finish(ASN1_CTX *c)
-        {
-        if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
-                {
-                if (!ASN1_check_infinite_end(&c->p,c->slen))
-                        {
-                        c->error=ERR_R_MISSING_ASN1_EOS;
-                        return(0);
-                        }
-                }
-        if (    ((c->slen != 0) && !(c->inf & 1)) ||
-                ((c->slen < 0) && (c->inf & 1)))
-                {
-                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-                return(0);
-                }
-        return(1);
-        }
-
-int asn1_GetSequence(ASN1_CTX *c, long *length)
-        {
-        unsigned char *q;
-
-        q=c->p;
-        c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
-                *length);
-        if (c->inf & 0x80)
-                {
-                c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
-                return(0);
-                }
-        if (c->tag != V_ASN1_SEQUENCE)
-                {
-                c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
-                return(0);
-                }
-        (*length)-=(c->p-q);
-        if (c->max && (*length < 0))
-                {
-                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-                return(0);
-                }
-        if (c->inf == (1|V_ASN1_CONSTRUCTED))
-                c->slen= *length+ *(c->pp)-c->p;
-        c->eos=0;
-        return(1);
-        }
-
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
-        {
-        ASN1_STRING *ret;
-
-        if (str == NULL) return(NULL);
-        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
-                return(NULL);
-        if (!ASN1_STRING_set(ret,str->data,str->length))
-                {
-                ASN1_STRING_free(ret);
-                return(NULL);
-                }
-        ret->flags = str->flags;
-        return(ret);
-        }
-
-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
-        {
-        unsigned char *c;
-        const char *data=_data;
-
-        if (len < 0)
-                {
-                if (data == NULL)
-                        return(0);
-                else
-                        len=strlen(data);
-                }
-        if ((str->length < len) || (str->data == NULL))
-                {
-                c=str->data;
-                if (c == NULL)
-                        str->data=OPENSSL_malloc(len+1);
-                else
-                        str->data=OPENSSL_realloc(c,len+1);
-
-                if (str->data == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
-                        str->data=c;
-                        return(0);
-                        }
-                }
-        str->length=len;
-        if (data != NULL)
-                {
-                memcpy(str->data,data,len);
-                /* an allowance for strings :-) */
-                str->data[len]='\0';
-                }
-        return(1);
-        }
-
-ASN1_STRING *ASN1_STRING_new(void)
-        {
-        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-        }
-
-
-ASN1_STRING *ASN1_STRING_type_new(int type)
-        {
-        ASN1_STRING *ret;
-
-        ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->length=0;
-        ret->type=type;
-        ret->data=NULL;
-        ret->flags=0;
-        return(ret);
-        }
-
-void ASN1_STRING_free(ASN1_STRING *a)
-        {
-        if (a == NULL) return;
-        if (a->data != NULL) OPENSSL_free(a->data);
-        OPENSSL_free(a);
-        }
-
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
-        {
-        int i;
-
-        i=(a->length-b->length);
-        if (i == 0)
-                {
-                i=memcmp(a->data,b->data,a->length);
-                if (i == 0)
-                        return(a->type-b->type);
-                else
-                        return(i);
-                }
-        else
-                return(i);
-        }
-
-void asn1_add_error(unsigned char *address, int offset)
-        {
-        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
-
-        BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
-        BIO_snprintf(buf2,sizeof buf2,"%d",offset);
-        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
-        }
-
-int ASN1_STRING_length(ASN1_STRING *x)
-{ return M_ASN1_STRING_length(x); }
-
-void ASN1_STRING_length_set(ASN1_STRING *x, int len)
-{ M_ASN1_STRING_length_set(x, len); return; }
-
-int ASN1_STRING_type(ASN1_STRING *x)
-{ return M_ASN1_STRING_type(x); }
-
-unsigned char * ASN1_STRING_data(ASN1_STRING *x)
-{ return M_ASN1_STRING_data(x); }
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
deleted file mode 100644
index a48649ceeb..0000000000
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ /dev/null
@@ -1,560 +0,0 @@
-/* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-#define HEADER_ASN1_MAC_H
-
-#include <openssl/asn1.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB        ERR_LIB_ASN1
-#endif 
-
-#define ASN1_MAC_H_err(f,r,line) \
-        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
-        ASN1_CTX c; \
-        type ret=NULL; \
-        \
-        c.pp=(unsigned char **)pp; \
-        c.q= *(unsigned char **)pp; \
-        c.error=ERR_R_NESTED_ASN1_ERROR; \
-        if ((a == NULL) || ((*a) == NULL)) \
-                { if ((ret=(type)func()) == NULL) \
-                        { c.line=__LINE__; goto err; } } \
-        else    ret=(*a);
-
-#define M_ASN1_D2I_Init() \
-        c.p= *(unsigned char **)pp; \
-        c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
-        if (!asn1_Finish(&c)) \
-                { c.line=__LINE__; goto err; } \
-        *(unsigned char **)pp=c.p; \
-        if (a != NULL) (*a)=ret; \
-        return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
-        M_ASN1_D2I_Finish_2(a); \
-err:\
-        ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-        return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
-        if (!asn1_GetSequence(&c,&length)) \
-                { c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
-        c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
-        *pp=c.p; \
-        if (a != NULL) (*a)=ret; \
-        return(ret); \
-err:\
-        ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*pp,(int)(c.q- *pp)); \
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-        return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
-        (((c.inf&1) == 0)?(c.slen <= 0): \
-                (c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b,func) \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) < 0) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
-        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-                == (V_ASN1_UNIVERSAL|(type)))) \
-                { \
-                M_ASN1_D2I_get(b,func); \
-                }
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
-        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
-        c.q=c.p; \
-        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
-        c.slen-=(c.p-c.q);\
-        M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
-        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
-                (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
-                { \
-                unsigned char _tmp = M_ASN1_next; \
-                M_ASN1_D2I_get_imp(b,func, type);\
-                }
-
-#define M_ASN1_D2I_get_set(r,func,free_func) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func, \
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-                { M_ASN1_D2I_get_set(r,func,free_func); }
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-                { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-        if ((a != NULL) && (sk_num(a) != 0)) \
-                M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
-        if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
-        if ((c.slen != 0) && \
-                (M_ASN1_next == \
-                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-                { \
-                M_ASN1_D2I_get_imp_set(b,func,free_func,\
-                        tag,V_ASN1_CONTEXT_SPECIFIC); \
-                }
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
-        if ((c.slen != 0) && \
-                (M_ASN1_next == \
-                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-                { \
-                M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
-                        tag,V_ASN1_CONTEXT_SPECIFIC); \
-                }
-
-#define M_ASN1_D2I_get_seq(r,func,free_func) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func,\
-                        V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-                                            V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-                { M_ASN1_D2I_get_seq(r,func,free_func); }
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
-        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-                { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
-                M_ASN1_D2I_get_imp_set(r,func,free_func,\
-                        x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
-                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-                        x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
-                (void (*)())free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
-                                   free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
-        c.q=c.p; \
-        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
-        if ((c.slen != 0L) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (func(&(r),&c.p,Tlen) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
-        if ((c.slen != 0) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
-                        (void (*)())free_func, \
-                        b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
-        if ((c.slen != 0) && (M_ASN1_next == \
-                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-                { \
-                int Tinf,Ttag,Tclass; \
-                long Tlen; \
-                \
-                c.q=c.p; \
-                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-                if (Tinf & 0x80) \
-                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-                                        Tlen = c.slen - (c.p - c.q) - 2; \
-                if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
-                        free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
-                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
-                }\
-                c.slen-=(c.p-c.q); \
-                }
-
-/* New macros */
-#define M_ASN1_New_Malloc(ret,type) \
-        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-                { c.line=__LINE__; goto err2; }
-
-#define M_ASN1_New(arg,func) \
-        if (((arg)=func()) == NULL) return(NULL)
-
-#define M_ASN1_New_Error(a) \
-/*      err:    ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
-                return(NULL);*/ \
-        err2:   ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
-                return(NULL)
-
-
-#define M_ASN1_next             (*c.p)
-#define M_ASN1_next_prev        (*c.q)
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a)      int r=0,ret=0; \
-                                unsigned char *p; \
-                                if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f)     ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f)     if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET(a,f) \
-                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
-                                            V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE(a,f) \
-                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-                                  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
-                                            V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
-                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
-                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                            V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                          IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                               V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
-                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                          IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-                                                    V_ASN1_CONTEXT_SPECIFIC, \
-                                                    IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
-                if (a != NULL)\
-                        { \
-                        v=f(a,NULL); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
-                                       IS_SEQUENCE); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0))\
-                        { \
-                        v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-                                                 V_ASN1_UNIVERSAL, \
-                                                 IS_SEQUENCE); \
-                        ret+=ASN1_object_size(1,v,mtag); \
-                        }
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f)     f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t)   \
-                if (a != NULL) \
-                        { \
-                        unsigned char *q=p; \
-                        f(a,&p); \
-                        *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
-                        }
-
-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-                        V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-                        V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-                        V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-                                             V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-                            IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                       IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-                                                 V_ASN1_CONTEXT_SPECIFIC, \
-                                                 IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-                                       IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-                                                 V_ASN1_CONTEXT_SPECIFIC, \
-                                                 IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
-                if (a != NULL) \
-                        { \
-                        ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
-                        f(a,&p); \
-                        }
-
-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-                        }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
-                        }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-                        { \
-                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-                        i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-                                               IS_SEQUENCE); \
-                        }
-
-#define M_ASN1_I2D_seq_total() \
-                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
-                if (pp == NULL) return(r); \
-                p= *pp; \
-                ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
-                *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
-                *(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish()     *pp=p; \
-                                return(r);
-
-int asn1_GetSequence(ASN1_CTX *c, long *length);
-void asn1_add_error(unsigned char *address,int offset);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
deleted file mode 100644
index 676d434f03..0000000000
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-
-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
-        int indent);
-static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
-        int offset, int depth, int indent, int dump);
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
-             int indent)
-        {
-        static const char fmt[]="%-18s";
-        static const char fmt2[]="%2d %-15s";
-        char str[128];
-        const char *p,*p2=NULL;
-
-        if (constructed & V_ASN1_CONSTRUCTED)
-                p="cons: ";
-        else
-                p="prim: ";
-        if (BIO_write(bp,p,6) < 6) goto err;
-        BIO_indent(bp,indent,128);
-
-        p=str;
-        if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-                BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
-        else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-                BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
-        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-                BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-        else p = ASN1_tag2str(tag);
-
-        if (p2 != NULL)
-                {
-                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
-                }
-        else
-                {
-                if (BIO_printf(bp,fmt,p) <= 0) goto err;
-                }
-        return(1);
-err:
-        return(0);
-        }
-
-int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
-        {
-        return(asn1_parse2(bp,&pp,len,0,0,indent,0));
-        }
-
-int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
-        {
-        return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
-        }
-
-static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
-             int depth, int indent, int dump)
-        {
-        unsigned char *p,*ep,*tot,*op,*opp;
-        long len;
-        int tag,xclass,ret=0;
-        int nl,hl,j,r;
-        ASN1_OBJECT *o=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        /* ASN1_BMPSTRING *bmp=NULL;*/
-        int dump_indent;
-
-#if 0
-        dump_indent = indent;
-#else
-        dump_indent = 6;        /* Because we know BIO_dump_indent() */
-#endif
-        p= *pp;
-        tot=p+length;
-        op=p-1;
-        while ((p < tot) && (op < p))
-                {
-                op=p;
-                j=ASN1_get_object(&p,&len,&tag,&xclass,length);
-#ifdef LINT
-                j=j;
-#endif
-                if (j & 0x80)
-                        {
-                        if (BIO_write(bp,"Error in encoding\n",18) <= 0)
-                                goto end;
-                        ret=0;
-                        goto end;
-                        }
-                hl=(p-op);
-                length-=hl;
-                /* if j == 0x21 it is a constructed indefinite length object */
-                if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
-                        <= 0) goto end;
-
-                if (j != (V_ASN1_CONSTRUCTED | 1))
-                        {
-                        if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
-                                depth,(long)hl,len) <= 0)
-                                goto end;
-                        }
-                else
-                        {
-                        if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
-                                depth,(long)hl) <= 0)
-                                goto end;
-                        }
-                if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
-                        goto end;
-                if (j & V_ASN1_CONSTRUCTED)
-                        {
-                        ep=p+len;
-                        if (BIO_write(bp,"\n",1) <= 0) goto end;
-                        if (len > length)
-                                {
-                                BIO_printf(bp,
-                                        "length is greater than %ld\n",length);
-                                ret=0;
-                                goto end;
-                                }
-                        if ((j == 0x21) && (len == 0))
-                                {
-                                for (;;)
-                                        {
-                                        r=asn1_parse2(bp,&p,(long)(tot-p),
-                                                offset+(p - *pp),depth+1,
-                                                indent,dump);
-                                        if (r == 0) { ret=0; goto end; }
-                                        if ((r == 2) || (p >= tot)) break;
-                                        }
-                                }
-                        else
-                                while (p < ep)
-                                        {
-                                        r=asn1_parse2(bp,&p,(long)len,
-                                                offset+(p - *pp),depth+1,
-                                                indent,dump);
-                                        if (r == 0) { ret=0; goto end; }
-                                        }
-                        }
-                else if (xclass != 0)
-                        {
-                        p+=len;
-                        if (BIO_write(bp,"\n",1) <= 0) goto end;
-                        }
-                else
-                        {
-                        nl=0;
-                        if (    (tag == V_ASN1_PRINTABLESTRING) ||
-                                (tag == V_ASN1_T61STRING) ||
-                                (tag == V_ASN1_IA5STRING) ||
-                                (tag == V_ASN1_VISIBLESTRING) ||
-                                (tag == V_ASN1_UTCTIME) ||
-                                (tag == V_ASN1_GENERALIZEDTIME))
-                                {
-                                if (BIO_write(bp,":",1) <= 0) goto end;
-                                if ((len > 0) &&
-                                        BIO_write(bp,(char *)p,(int)len)
-                                        != (int)len)
-                                        goto end;
-                                }
-                        else if (tag == V_ASN1_OBJECT)
-                                {
-                                opp=op;
-                                if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
-                                        {
-                                        if (BIO_write(bp,":",1) <= 0) goto end;
-                                        i2a_ASN1_OBJECT(bp,o);
-                                        }
-                                else
-                                        {
-                                        if (BIO_write(bp,":BAD OBJECT",11) <= 0)
-                                                goto end;
-                                        }
-                                }
-                        else if (tag == V_ASN1_BOOLEAN)
-                                {
-                                int ii;
-
-                                opp=op;
-                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
-                                if (ii < 0)
-                                        {
-                                        if (BIO_write(bp,"Bad boolean\n",12))
-                                                goto end;
-                                        }
-                                BIO_printf(bp,":%d",ii);
-                                }
-                        else if (tag == V_ASN1_BMPSTRING)
-                                {
-                                /* do the BMP thang */
-                                }
-                        else if (tag == V_ASN1_OCTET_STRING)
-                                {
-                                int i,printable=1;
-
-                                opp=op;
-                                os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-                                if (os != NULL)
-                                        {
-                                        opp=os->data;
-                                        for (i=0; i<os->length; i++)
-                                                {
-                                                if ((   (opp[i] < ' ') &&
-                                                        (opp[i] != '\n') &&
-                                                        (opp[i] != '\r') &&
-                                                        (opp[i] != '\t')) ||
-                                                        (opp[i] > '~'))
-                                                        {
-                                                        printable=0;
-                                                        break;
-                                                        }
-                                                }
-                                        if (printable && (os->length > 0))
-                                                {
-                                                if (BIO_write(bp,":",1) <= 0)
-                                                        goto end;
-                                                if (BIO_write(bp,(char *)opp,
-                                                        os->length) <= 0)
-                                                        goto end;
-                                                }
-                                        if (!printable && (os->length > 0)
-                                                && dump)
-                                                {
-                                                if (!nl) 
-                                                        {
-                                                        if (BIO_write(bp,"\n",1) <= 0)
-                                                                goto end;
-                                                        }
-                                                if (BIO_dump_indent(bp,(char *)opp,
-                                                        ((dump == -1 || dump > os->length)?os->length:dump),
-                                                        dump_indent) <= 0)
-                                                        goto end;
-                                                nl=1;
-                                                }
-                                        M_ASN1_OCTET_STRING_free(os);
-                                        os=NULL;
-                                        }
-                                }
-                        else if (tag == V_ASN1_INTEGER)
-                                {
-                                ASN1_INTEGER *bs;
-                                int i;
-
-                                opp=op;
-                                bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
-                                if (bs != NULL)
-                                        {
-                                        if (BIO_write(bp,":",1) <= 0) goto end;
-                                        if (bs->type == V_ASN1_NEG_INTEGER)
-                                                if (BIO_write(bp,"-",1) <= 0)
-                                                        goto end;
-                                        for (i=0; i<bs->length; i++)
-                                                {
-                                                if (BIO_printf(bp,"%02X",
-                                                        bs->data[i]) <= 0)
-                                                        goto end;
-                                                }
-                                        if (bs->length == 0)
-                                                {
-                                                if (BIO_write(bp,"00",2) <= 0)
-                                                        goto end;
-                                                }
-                                        }
-                                else
-                                        {
-                                        if (BIO_write(bp,"BAD INTEGER",11) <= 0)
-                                                goto end;
-                                        }
-                                M_ASN1_INTEGER_free(bs);
-                                }
-                        else if (tag == V_ASN1_ENUMERATED)
-                                {
-                                ASN1_ENUMERATED *bs;
-                                int i;
-
-                                opp=op;
-                                bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
-                                if (bs != NULL)
-                                        {
-                                        if (BIO_write(bp,":",1) <= 0) goto end;
-                                        if (bs->type == V_ASN1_NEG_ENUMERATED)
-                                                if (BIO_write(bp,"-",1) <= 0)
-                                                        goto end;
-                                        for (i=0; i<bs->length; i++)
-                                                {
-                                                if (BIO_printf(bp,"%02X",
-                                                        bs->data[i]) <= 0)
-                                                        goto end;
-                                                }
-                                        if (bs->length == 0)
-                                                {
-                                                if (BIO_write(bp,"00",2) <= 0)
-                                                        goto end;
-                                                }
-                                        }
-                                else
-                                        {
-                                        if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
-                                                goto end;
-                                        }
-                                M_ASN1_ENUMERATED_free(bs);
-                                }
-                        else if (len > 0 && dump)
-                                {
-                                if (!nl) 
-                                        {
-                                        if (BIO_write(bp,"\n",1) <= 0)
-                                                goto end;
-                                        }
-                                if (BIO_dump_indent(bp,(char *)p,
-                                        ((dump == -1 || dump > len)?len:dump),
-                                        dump_indent) <= 0)
-                                        goto end;
-                                nl=1;
-                                }
-
-                        if (!nl) 
-                                {
-                                if (BIO_write(bp,"\n",1) <= 0) goto end;
-                                }
-                        p+=len;
-                        if ((tag == V_ASN1_EOC) && (xclass == 0))
-                                {
-                                ret=2; /* End of sequence */
-                                goto end;
-                                }
-                        }
-                length-=len;
-                }
-        ret=1;
-end:
-        if (o != NULL) ASN1_OBJECT_free(o);
-        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-        *pp=p;
-        return(ret);
-        }
-
-const char *ASN1_tag2str(int tag)
-{
-        const static char *tag2str[] = {
-         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
-         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
-         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
-        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",                /* 15-17 */
-        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",            /* 18-20 */
-        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
-        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",          /* 25-27 */
-        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"                 /* 28-30 */
-        };
-
-        if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
-                                                        tag &= ~0x100;
-
-        if(tag < 0 || tag > 30) return "(unknown)";
-        return tag2str[tag];
-}
-
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
deleted file mode 100644
index ed372f8554..0000000000
--- a/src/lib/libcrypto/asn1/asn1t.h
+++ /dev/null
@@ -1,846 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ASN1T_H
-#define HEADER_ASN1T_H
-
-#include <stddef.h>
-#include <openssl/e_os2.h>
-#include <openssl/asn1.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* ASN1 template defines, structures and functions */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
-
-#define ASN1_ITEM_end(itname) \
-                };
-
-#else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-        const ASN1_ITEM * itname##_it(void) \
-        { \
-                static const ASN1_ITEM local_it = { \
-
-#define ASN1_ITEM_end(itname) \
-                }; \
-        return &local_it; \
-        }
-
-#endif
-
-
-/* Macros to aid ASN1 template writing */
-
-#define ASN1_ITEM_TEMPLATE(tname) \
-        const static ASN1_TEMPLATE tname##_item_tt 
-
-#define ASN1_ITEM_TEMPLATE_END(tname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_PRIMITIVE,\
-                -1,\
-                &tname##_item_tt,\
-                0,\
-                NULL,\
-                0,\
-                #tname \
-        ASN1_ITEM_end(tname)
-
-
-/* This is a ASN1 type which just embeds a template */
- 
-/* This pair helps declare a SEQUENCE. We can do:
- *
- *      ASN1_SEQUENCE(stname) = {
- *              ... SEQUENCE components ...
- *      } ASN1_SEQUENCE_END(stname)
- *
- *      This will produce an ASN1_ITEM called stname_it
- *      for a structure called stname.
- *
- *      If you want the same structure but a different
- *      name then use:
- *
- *      ASN1_SEQUENCE(itname) = {
- *              ... SEQUENCE components ...
- *      } ASN1_SEQUENCE_END_name(stname, itname)
- *
- *      This will create an item called itname_it using
- *      a structure called stname.
- */
-
-#define ASN1_SEQUENCE(tname) \
-        const static ASN1_TEMPLATE tname##_seq_tt[] 
-
-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-
-#define ASN1_SEQUENCE_END_name(stname, tname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_SEQUENCE,\
-                V_ASN1_SEQUENCE,\
-                tname##_seq_tt,\
-                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-                NULL,\
-                sizeof(stname),\
-                #stname \
-        ASN1_ITEM_end(tname)
-
-#define ASN1_SEQUENCE_cb(tname, cb) \
-        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-        ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE(tname) \
-        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
-        ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_ref(tname, cb, lck) \
-        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
-        ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
-        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
-        ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_SEQUENCE,\
-                V_ASN1_SEQUENCE,\
-                tname##_seq_tt,\
-                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-                &tname##_aux,\
-                sizeof(stname),\
-                #stname \
-        ASN1_ITEM_end(tname)
-
-
-/* This pair helps declare a CHOICE type. We can do:
- *
- *      ASN1_CHOICE(chname) = {
- *              ... CHOICE options ...
- *      ASN1_CHOICE_END(chname)
- *
- *      This will produce an ASN1_ITEM called chname_it
- *      for a structure called chname. The structure
- *      definition must look like this:
- *      typedef struct {
- *              int type;
- *              union {
- *                      ASN1_SOMETHING *opt1;
- *                      ASN1_SOMEOTHER *opt2;
- *              } value;
- *      } chname;
- *      
- *      the name of the selector must be 'type'.
- *      to use an alternative selector name use the
- *      ASN1_CHOICE_END_selector() version.
- */
-
-#define ASN1_CHOICE(tname) \
-        const static ASN1_TEMPLATE tname##_ch_tt[] 
-
-#define ASN1_CHOICE_cb(tname, cb) \
-        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-        ASN1_CHOICE(tname)
-
-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
-
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_CHOICE,\
-                offsetof(stname,selname) ,\
-                tname##_ch_tt,\
-                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-                NULL,\
-                sizeof(stname),\
-                #stname \
-        ASN1_ITEM_end(tname)
-
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_CHOICE,\
-                offsetof(stname,selname) ,\
-                tname##_ch_tt,\
-                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-                &tname##_aux,\
-                sizeof(stname),\
-                #stname \
-        ASN1_ITEM_end(tname)
-
-/* This helps with the template wrapper form of ASN1_ITEM */
-
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
-        (flags), (tag), 0,\
-        #name, ASN1_ITEM_ref(type) }
-
-/* These help with SEQUENCE or CHOICE components */
-
-/* used to declare other types */
-
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
-        (flags), (tag), offsetof(stname, field),\
-        #field, ASN1_ITEM_ref(type) }
-
-/* used when the structure is combined with the parent */
-
-#define ASN1_EX_COMBINE(flags, tag, type) { \
-        (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
-/* implicit and explicit helper macros */
-
-#define ASN1_IMP_EX(stname, field, type, tag, ex) \
-                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
-
-#define ASN1_EXP_EX(stname, field, type, tag, ex) \
-                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
-
-/* Any defined by macros: the field used is in the table itself */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#else
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-#endif
-/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
-
-/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
-
-/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* Same as above but EXPLICIT */
-
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* SEQUENCE OF type */
-#define ASN1_SEQUENCE_OF(stname, field, type) \
-                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
-
-/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
-                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Same as above but for SET OF */
-
-#define ASN1_SET_OF(stname, field, type) \
-                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
-
-#define ASN1_SET_OF_OPT(stname, field, type) \
-                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
-
-#define ASN1_IMP_SET_OF(stname, field, type, tag) \
-                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_EXP_SET_OF(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
-                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
-                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-/* Macros for the ASN1_ADB structure */
-
-#define ASN1_ADB(name) \
-        const static ASN1_ADB_TABLE name##_adbtbl[] 
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-        ;\
-        const static ASN1_ADB name##_adb = {\
-                flags,\
-                offsetof(name, field),\
-                app_table,\
-                name##_adbtbl,\
-                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-                def,\
-                none\
-        }
-
-#else
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-        ;\
-        const static ASN1_ITEM *name##_adb(void) \
-        { \
-        const static ASN1_ADB internal_adb = \
-                {\
-                flags,\
-                offsetof(name, field),\
-                app_table,\
-                name##_adbtbl,\
-                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-                def,\
-                none\
-                }; \
-                return (const ASN1_ITEM *) &internal_adb; \
-        } \
-        void dummy_function(void)
-
-#endif
-
-#define ADB_ENTRY(val, template) {val, template}
-
-#define ASN1_ADB_TEMPLATE(name) \
-        const static ASN1_TEMPLATE name##_tt 
-
-/* This is the ASN1 template structure that defines
- * a wrapper round the actual type. It determines the
- * actual position of the field in the value structure,
- * various flags such as OPTIONAL and the field name.
- */
-
-struct ASN1_TEMPLATE_st {
-unsigned long flags;            /* Various flags */
-long tag;                       /* tag, not used if no tagging */
-unsigned long offset;           /* Offset of this field in structure */
-#ifndef NO_ASN1_FIELD_NAMES
-char *field_name;               /* Field name */
-#endif
-ASN1_ITEM_EXP *item;            /* Relevant ASN1_ITEM or ASN1_ADB */
-};
-
-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
-
-#define ASN1_TEMPLATE_item(t) (t->item_ptr)
-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
-
-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
-typedef struct ASN1_ADB_st ASN1_ADB;
-
-struct ASN1_ADB_st {
-        unsigned long flags;    /* Various flags */
-        unsigned long offset;   /* Offset of selector field */
-        STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
-        const ASN1_ADB_TABLE *tbl;      /* Table of possible types */
-        long tblcount;          /* Number of entries in tbl */
-        const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
-        const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
-};
-
-struct ASN1_ADB_TABLE_st {
-        long value;             /* NID for an object or value for an int */
-        const ASN1_TEMPLATE tt;         /* item for this value */
-};
-
-/* template flags */
-
-/* Field is optional */
-#define ASN1_TFLG_OPTIONAL      (0x1)
-
-/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF        (0x1 << 1)
-
-/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
-
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER     (0x3 << 1)
-
-/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK       (0x3 << 1)
-
-/* These flags mean the tag should be taken from the
- * tag field. If EXPLICIT then the underlying type
- * is used for the inner tag.
- */
-
-/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG        (0x1 << 3)
-
-
-/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG        (0x2 << 3)
-
-#define ASN1_TFLG_TAG_MASK      (0x3 << 3)
-
-/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
-
-/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-
-/* If tagging is in force these determine the
- * type of tag to use. Otherwise the tag is
- * determined by the underlying type. These 
- * values reflect the actual octet format.
- */
-
-/* Universal tag */ 
-#define ASN1_TFLG_UNIVERSAL     (0x0<<6)
-/* Application tag */ 
-#define ASN1_TFLG_APPLICATION   (0x1<<6)
-/* Context specific tag */ 
-#define ASN1_TFLG_CONTEXT       (0x2<<6)
-/* Private tag */ 
-#define ASN1_TFLG_PRIVATE       (0x3<<6)
-
-#define ASN1_TFLG_TAG_CLASS     (0x3<<6)
-
-/* These are for ANY DEFINED BY type. In this case
- * the 'item' field points to an ASN1_ADB structure
- * which contains a table of values to decode the
- * relevant type
- */
-
-#define ASN1_TFLG_ADB_MASK      (0x3<<8)
-
-#define ASN1_TFLG_ADB_OID       (0x1<<8)
-
-#define ASN1_TFLG_ADB_INT       (0x1<<9)
-
-/* This flag means a parent structure is passed
- * instead of the field: this is useful is a
- * SEQUENCE is being combined with a CHOICE for
- * example. Since this means the structure and
- * item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-#define ASN1_TFLG_COMBINE       (0x1<<10)
-
-/* This is the actual ASN1 item itself */
-
-struct ASN1_ITEM_st {
-char itype;                     /* The item type, primitive, SEQUENCE, CHOICE or extern */
-long utype;                     /* underlying type */
-const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
-long tcount;                    /* Number of templates if SEQUENCE or CHOICE */
-const void *funcs;              /* functions that handle this type */
-long size;                      /* Structure size (usually)*/
-#ifndef NO_ASN1_FIELD_NAMES
-const char *sname;              /* Structure name */
-#endif
-};
-
-/* These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single 
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions. 
- *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- */
-
-#define ASN1_ITYPE_PRIMITIVE    0x0
-
-#define ASN1_ITYPE_SEQUENCE     0x1
-
-#define ASN1_ITYPE_CHOICE       0x2
-
-#define ASN1_ITYPE_COMPAT       0x3
-
-#define ASN1_ITYPE_EXTERN       0x4
-
-#define ASN1_ITYPE_MSTRING      0x5
-
-/* Cache for ASN1 tag and length, so we
- * don't keep re-reading it for things
- * like CHOICE
- */
-
-struct ASN1_TLC_st{
-        char valid;     /* Values below are valid */
-        int ret;        /* return value */
-        long plen;      /* length */
-        int ptag;       /* class value */
-        int pclass;     /* class value */
-        int hdrlen;     /* header length */
-};
-
-/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE * ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-typedef struct ASN1_COMPAT_FUNCS_st {
-        ASN1_new_func *asn1_new;
-        ASN1_free_func *asn1_free;
-        ASN1_d2i_func *asn1_d2i;
-        ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
-typedef struct ASN1_EXTERN_FUNCS_st {
-        void *app_data;
-        ASN1_ex_new_func *asn1_ex_new;
-        ASN1_ex_free_func *asn1_ex_free;
-        ASN1_ex_free_func *asn1_ex_clear;
-        ASN1_ex_d2i *asn1_ex_d2i;
-        ASN1_ex_i2d *asn1_ex_i2d;
-} ASN1_EXTERN_FUNCS;
-
-typedef struct ASN1_PRIMITIVE_FUNCS_st {
-        void *app_data;
-        unsigned long flags;
-        ASN1_ex_new_func *prim_new;
-        ASN1_ex_free_func *prim_free;
-        ASN1_ex_free_func *prim_clear;
-        ASN1_primitive_c2i *prim_c2i;
-        ASN1_primitive_i2c *prim_i2c;
-} ASN1_PRIMITIVE_FUNCS;
-
-/* This is the ASN1_AUX structure: it handles various
- * miscellaneous requirements. For example the use of
- * reference counts and an informational callback.
- *
- * The "informational callback" is called at various
- * points during the ASN1 encoding and decoding. It can
- * be used to provide minor customisation of the structures
- * used. This is most useful where the supplied routines
- * *almost* do the right thing but need some extra help
- * at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the 
- * main operation should be abandoned.
- *
- * If major changes in the default behaviour are required
- * then an external type is more appropriate.
- */
-
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
-
-typedef struct ASN1_AUX_st {
-        void *app_data;
-        int flags;
-        int ref_offset;         /* Offset of reference value */
-        int ref_lock;           /* Lock type to use */
-        ASN1_aux_cb *asn1_cb;
-        int enc_offset;         /* Offset of ASN1_ENCODING structure */
-} ASN1_AUX;
-
-/* Flags in ASN1_AUX */
-
-/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT      1
-/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING      2
-/* The Sequence length is invalid */
-#define ASN1_AFLG_BROKEN        4
-
-/* operation values for asn1_cb */
-
-#define ASN1_OP_NEW_PRE         0
-#define ASN1_OP_NEW_POST        1
-#define ASN1_OP_FREE_PRE        2
-#define ASN1_OP_FREE_POST       3
-#define ASN1_OP_D2I_PRE         4
-#define ASN1_OP_D2I_POST        5
-#define ASN1_OP_I2D_PRE         6
-#define ASN1_OP_I2D_POST        7
-
-/* Macro to implement a primitive type */
-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
-                                ASN1_ITEM_start(itname) \
-                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
-                                ASN1_ITEM_end(itname)
-
-/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
-                                ASN1_ITEM_start(itname) \
-                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
-                                ASN1_ITEM_end(itname)
-
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
-        static const ASN1_COMPAT_FUNCS sname##_ff = { \
-                (ASN1_new_func *)sname##_new, \
-                (ASN1_free_func *)sname##_free, \
-                (ASN1_d2i_func *)d2i_##sname, \
-                (ASN1_i2d_func *)i2d_##sname, \
-        }; \
-        ASN1_ITEM_start(sname) \
-                ASN1_ITYPE_COMPAT, \
-                tag, \
-                NULL, \
-                0, \
-                &sname##_ff, \
-                0, \
-                #sname \
-        ASN1_ITEM_end(sname)
-
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
-        ASN1_ITEM_start(sname) \
-                ASN1_ITYPE_EXTERN, \
-                tag, \
-                NULL, \
-                0, \
-                &fptrs, \
-                0, \
-                #sname \
-        ASN1_ITEM_end(sname)
-
-/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
-                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
-        stname *fname##_new(void) \
-        { \
-                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-        } \
-        void fname##_free(stname *a) \
-        { \
-                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-        }
-
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-        stname *d2i_##fname(stname **a, unsigned char **in, long len) \
-        { \
-                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-        } \
-        int i2d_##fname(stname *a, unsigned char **out) \
-        { \
-                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-        } 
-
-/* This includes evil casts to remove const: they will go away when full
- * ASN1 constification is done.
- */
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-        { \
-                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
-        } \
-        int i2d_##fname(const stname *a, unsigned char **out) \
-        { \
-                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-        } 
-
-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
-        stname * stname##_dup(stname *x) \
-        { \
-        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
-        }
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
-                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-/* external definitions for primitive types */
-
-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_ANY)
-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
-DECLARE_ASN1_ITEM(CBIGNUM)
-DECLARE_ASN1_ITEM(BIGNUM)
-DECLARE_ASN1_ITEM(LONG)
-DECLARE_ASN1_ITEM(ZLONG)
-
-DECLARE_STACK_OF(ASN1_VALUE)
-
-/* Functions used internally by the ASN1 code */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
-
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
deleted file mode 100644
index edb44c988f..0000000000
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* asn_moid.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-/* Simple ASN1 OID module: add all objects in a given section */
-
-static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
-        {
-        int i;
-        const char *oid_section;
-        STACK_OF(CONF_VALUE) *sktmp;
-        CONF_VALUE *oval;
-        oid_section = CONF_imodule_get_value(md);
-        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-                {
-                ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
-                return 0;
-                }
-        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-                {
-                oval = sk_CONF_VALUE_value(sktmp, i);
-                if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
-                        {
-                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
-                        return 0;
-                        }
-                }
-        return 1;
-        }
-
-static void oid_module_finish(CONF_IMODULE *md)
-        {
-        OBJ_cleanup();
-        }
-
-void ASN1_add_oid_module(void)
-        {
-        CONF_module_add("oid_section", oid_module_init, oid_module_finish);
-        }
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
deleted file mode 100644
index e6051db2dc..0000000000
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/* asn_pack.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_ASN1_OLD
-
-/* ASN1 packing and unpacking functions */
-
-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-
-STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-             void (*free_func)(void *))
-{
-    STACK *sk;
-    unsigned char *pbuf;
-    pbuf =  buf;
-    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
-                                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
-                 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
-    return sk;
-}
-
-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-             int *len)
-{
-        int safelen;
-        unsigned char *safe, *p;
-        if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
-                                              V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
-                ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
-                return NULL;
-        }
-        if (!(safe = OPENSSL_malloc (safelen))) {
-                ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        p = safe;
-        i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
-                                                                 IS_SEQUENCE);
-        if (len) *len = safelen;
-        if (buf) *buf = safe;
-        return safe;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
-{
-        unsigned char *p;
-        char *ret;
-
-        p = oct->data;
-        if(!(ret = d2i(NULL, &p, oct->length)))
-                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
-        return ret;
-}
-
-/* Pack an ASN1 object into an ASN1_STRING */
-
-ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
-{
-        unsigned char *p;
-        ASN1_STRING *octmp;
-
-        if (!oct || !*oct) {
-                if (!(octmp = ASN1_STRING_new ())) {
-                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                }
-                if (oct) *oct = octmp;
-        } else octmp = *oct;
-                
-        if (!(octmp->length = i2d(obj, NULL))) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-                return NULL;
-        }
-        if (!(p = OPENSSL_malloc (octmp->length))) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        octmp->data = p;
-        i2d (obj, &p);
-        return octmp;
-}
-
-#endif
-
-/* ASN1_ITEM versions of the above */
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
-{
-        ASN1_STRING *octmp;
-
-        if (!oct || !*oct) {
-                if (!(octmp = ASN1_STRING_new ())) {
-                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                }
-                if (oct) *oct = octmp;
-        } else octmp = *oct;
-
-        if(octmp->data) {
-                OPENSSL_free(octmp->data);
-                octmp->data = NULL;
-        }
-                
-        if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-                return NULL;
-        }
-        if (!octmp->data) {
-                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        return octmp;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
-{
-        unsigned char *p;
-        void *ret;
-
-        p = oct->data;
-        if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
-        return ret;
-}
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
deleted file mode 100644
index bd020a9562..0000000000
--- a/src/lib/libcrypto/asn1/charmap.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
- */
-
-static unsigned char char_type[] = {
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
-};
-
diff --git a/src/lib/libcrypto/asn1/charmap.pl b/src/lib/libcrypto/asn1/charmap.pl
deleted file mode 100644
index 2875c59867..0000000000
--- a/src/lib/libcrypto/asn1/charmap.pl
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/local/bin/perl -w
-
-use strict;
-
-my ($i, @arr);
-
-# Set up an array with the type of ASCII characters
-# Each set bit represents a character property.
-
-# RFC2253 character properties
-my $RFC2253_ESC = 1;    # Character escaped with \
-my $ESC_CTRL    = 2;    # Escaped control character
-# These are used with RFC1779 quoting using "
-my $NOESC_QUOTE = 8;    # Not escaped if quoted
-my $PSTRING_CHAR = 0x10;        # Valid PrintableString character
-my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
-my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
-
-for($i = 0; $i < 128; $i++) {
-        # Set the RFC2253 escape characters (control)
-        $arr[$i] = 0;
-        if(($i < 32) || ($i > 126)) {
-                $arr[$i] |= $ESC_CTRL;
-        }
-
-        # Some PrintableString characters
-        if(                ( ( $i >= ord("a")) && ( $i <= ord("z")) )
-                        || (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
-                        || (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
-                $arr[$i] |= $PSTRING_CHAR;
-        }
-}
-
-# Now setup the rest
-
-# Remaining RFC2253 escaped characters
-
-$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
-$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
-
-$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord("\"")] |= $RFC2253_ESC;
-$arr[ord("\\")] |= $RFC2253_ESC;
-$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
-
-# Remaining PrintableString characters
-
-$arr[ord(" ")] |= $PSTRING_CHAR;
-$arr[ord("'")] |= $PSTRING_CHAR;
-$arr[ord("(")] |= $PSTRING_CHAR;
-$arr[ord(")")] |= $PSTRING_CHAR;
-$arr[ord("+")] |= $PSTRING_CHAR;
-$arr[ord(",")] |= $PSTRING_CHAR;
-$arr[ord("-")] |= $PSTRING_CHAR;
-$arr[ord(".")] |= $PSTRING_CHAR;
-$arr[ord("/")] |= $PSTRING_CHAR;
-$arr[ord(":")] |= $PSTRING_CHAR;
-$arr[ord("=")] |= $PSTRING_CHAR;
-$arr[ord("?")] |= $PSTRING_CHAR;
-
-# Now generate the C code
-
-print <<EOF;
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
- */
-
-static unsigned char char_type[] = {
-EOF
-
-for($i = 0; $i < 128; $i++) {
-        print("\n") if($i && (($i % 16) == 0));
-        printf("%2d", $arr[$i]);
-        print(",") if ($i != 127);
-}
-print("\n};\n\n");
-
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
deleted file mode 100644
index 2e7d96af90..0000000000
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
-             long length)
-        {
-        EVP_PKEY *ret;
-
-        if ((a == NULL) || (*a == NULL))
-                {
-                if ((ret=EVP_PKEY_new()) == NULL)
-                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
-                        return(NULL);
-                        }
-                }
-        else    ret= *a;
-
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
-        if (a != NULL) (*a)=ret;
-        return(ret);
-err:
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-        return(NULL);
-        }
-
-/* This works like d2i_PrivateKey() except it automatically works out the type */
-
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
-             long length)
-{
-        STACK_OF(ASN1_TYPE) *inkey;
-        unsigned char *p;
-        int keytype;
-        p = *pp;
-        /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
-         * by analyzing it we can determine the passed structure: this
-         * assumes the input is surrounded by an ASN1 SEQUENCE.
-         */
-        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
-                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-        /* Since we only need to discern "traditional format" RSA and DSA
-         * keys we can just count the elements.
-         */
-        if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
-        else keytype = EVP_PKEY_RSA;
-        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-        return d2i_PrivateKey(keytype, a, pp, length);
-}
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
deleted file mode 100644
index 71f2eb361b..0000000000
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/asn1/d2i_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
-             long length)
-        {
-        EVP_PKEY *ret;
-
-        if ((a == NULL) || (*a == NULL))
-                {
-                if ((ret=EVP_PKEY_new()) == NULL)
-                        {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
-                        return(NULL);
-                        }
-                }
-        else    ret= *a;
-
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-                        {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-                        {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
-        if (a != NULL) (*a)=ret;
-        return(ret);
-err:
-        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-        return(NULL);
-        }
-
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c
deleted file mode 100644
index f92ce6cb5d..0000000000
--- a/src/lib/libcrypto/asn1/evp_asn1.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/* crypto/asn1/evp_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
-        {
-        ASN1_STRING *os;
-
-        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-        if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
-        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
-        return(1);
-        }
-
-/* int max_len:  for returned value    */
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
-             int max_len)
-        {
-        int ret,num;
-        unsigned char *p;
-
-        if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
-                {
-                ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-                return(-1);
-                }
-        p=M_ASN1_STRING_data(a->value.octet_string);
-        ret=M_ASN1_STRING_length(a->value.octet_string);
-        if (ret < max_len)
-                num=ret;
-        else
-                num=max_len;
-        memcpy(data,p,num);
-        return(ret);
-        }
-
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
-             int len)
-        {
-        int n,size;
-        ASN1_OCTET_STRING os,*osp;
-        ASN1_INTEGER in;
-        unsigned char *p;
-        unsigned char buf[32]; /* when they have 256bit longs, 
-                                * I'll be in trouble */
-        in.data=buf;
-        in.length=32;
-        os.data=data;
-        os.type=V_ASN1_OCTET_STRING;
-        os.length=len;
-        ASN1_INTEGER_set(&in,num);
-        n =  i2d_ASN1_INTEGER(&in,NULL);
-        n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
-
-        size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
-
-        if ((osp=ASN1_STRING_new()) == NULL) return(0);
-        /* Grow the 'string' */
-        if (!ASN1_STRING_set(osp,NULL,size))
-                {
-                ASN1_STRING_free(osp);
-                return(0);
-                }
-
-        M_ASN1_STRING_length_set(osp, size);
-        p=M_ASN1_STRING_data(osp);
-
-        ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-          i2d_ASN1_INTEGER(&in,&p);
-        M_i2d_ASN1_OCTET_STRING(&os,&p);
-
-        ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
-        return(1);
-        }
-
-/* we return the actual length..., num may be missing, in which
- * case, set it to zero */
-/* int max_len:  for returned value    */
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
-             int max_len)
-        {
-        int ret= -1,n;
-        ASN1_INTEGER *ai=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        unsigned char *p;
-        long length;
-        ASN1_CTX c;
-
-        if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
-                {
-                goto err;
-                }
-        p=M_ASN1_STRING_data(a->value.sequence);
-        length=M_ASN1_STRING_length(a->value.sequence);
-
-        c.pp= &p;
-        c.p=p;
-        c.max=p+length;
-        c.error=ASN1_R_DATA_IS_WRONG;
-
-        M_ASN1_D2I_start_sequence();
-        c.q=c.p;
-        if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-        c.q=c.p;
-        if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-        if (!M_ASN1_D2I_end_sequence()) goto err;
-
-        if (num != NULL)
-                *num=ASN1_INTEGER_get(ai);
-
-        ret=M_ASN1_STRING_length(os);
-        if (max_len > ret)
-                n=ret;
-        else
-                n=max_len;
-
-        if (data != NULL)
-                memcpy(data,M_ASN1_STRING_data(os),n);
-        if (0)
-                {
-err:
-                ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-                }
-        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-        if (ai != NULL) M_ASN1_INTEGER_free(ai);
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c
deleted file mode 100644
index 56e3cc8df2..0000000000
--- a/src/lib/libcrypto/asn1/f_enum.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-        {
-        int i,n=0;
-        static const char *h="0123456789ABCDEF";
-        char buf[2];
-
-        if (a == NULL) return(0);
-
-        if (a->length == 0)
-                {
-                if (BIO_write(bp,"00",2) != 2) goto err;
-                n=2;
-                }
-        else
-                {
-                for (i=0; i<a->length; i++)
-                        {
-                        if ((i != 0) && (i%35 == 0))
-                                {
-                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
-                                n+=2;
-                                }
-                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-                        if (BIO_write(bp,buf,2) != 2) goto err;
-                        n+=2;
-                        }
-                }
-        return(n);
-err:
-        return(-1);
-        }
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-        {
-        int ret=0;
-        int i,j,k,m,n,again,bufsize;
-        unsigned char *s=NULL,*sp;
-        unsigned char *bufp;
-        int num=0,slen=0,first=1;
-
-        bs->type=V_ASN1_ENUMERATED;
-
-        bufsize=BIO_gets(bp,buf,size);
-        for (;;)
-                {
-                if (bufsize < 1) goto err_sl;
-                i=bufsize;
-                if (buf[i-1] == '\n') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                if (buf[i-1] == '\r') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                again=(buf[i-1] == '\\');
-
-                for (j=0; j<i; j++)
-                        {
-                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
-                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-                                {
-                                i=j;
-                                break;
-                                }
-                        }
-                buf[i]='\0';
-                /* We have now cleared all the crap off the end of the
-                 * line */
-                if (i < 2) goto err_sl;
-
-                bufp=(unsigned char *)buf;
-                if (first)
-                        {
-                        first=0;
-                        if ((bufp[0] == '0') && (buf[1] == '0'))
-                                {
-                                bufp+=2;
-                                i-=2;
-                                }
-                        }
-                k=0;
-                i-=again;
-                if (i%2 != 0)
-                        {
-                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
-                        goto err;
-                        }
-                i/=2;
-                if (num+i > slen)
-                        {
-                        if (s == NULL)
-                                sp=(unsigned char *)OPENSSL_malloc(
-                                        (unsigned int)num+i*2);
-                        else
-                                sp=(unsigned char *)OPENSSL_realloc(s,
-                                        (unsigned int)num+i*2);
-                        if (sp == NULL)
-                                {
-                                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) OPENSSL_free(s);
-                                goto err;
-                                }
-                        s=sp;
-                        slen=num+i*2;
-                        }
-                for (j=0; j<i; j++,k+=2)
-                        {
-                        for (n=0; n<2; n++)
-                                {
-                                m=bufp[k+n];
-                                if ((m >= '0') && (m <= '9'))
-                                        m-='0';
-                                else if ((m >= 'a') && (m <= 'f'))
-                                        m=m-'a'+10;
-                                else if ((m >= 'A') && (m <= 'F'))
-                                        m=m-'A'+10;
-                                else
-                                        {
-                                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
-                                        goto err;
-                                        }
-                                s[num+j]<<=4;
-                                s[num+j]|=m;
-                                }
-                        }
-                num+=i;
-                if (again)
-                        bufsize=BIO_gets(bp,buf,size);
-                else
-                        break;
-                }
-        bs->length=num;
-        bs->data=s;
-        ret=1;
-err:
-        if (0)
-                {
-err_sl:
-                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
deleted file mode 100644
index 9494e597ab..0000000000
--- a/src/lib/libcrypto/asn1/f_int.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-        {
-        int i,n=0;
-        static const char *h="0123456789ABCDEF";
-        char buf[2];
-
-        if (a == NULL) return(0);
-
-        if (a->type & V_ASN1_NEG)
-                {
-                if (BIO_write(bp, "-", 1) != 1) goto err;
-                n = 1;
-                }
-
-        if (a->length == 0)
-                {
-                if (BIO_write(bp,"00",2) != 2) goto err;
-                n += 2;
-                }
-        else
-                {
-                for (i=0; i<a->length; i++)
-                        {
-                        if ((i != 0) && (i%35 == 0))
-                                {
-                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
-                                n+=2;
-                                }
-                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-                        if (BIO_write(bp,buf,2) != 2) goto err;
-                        n+=2;
-                        }
-                }
-        return(n);
-err:
-        return(-1);
-        }
-
-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
-        {
-        int ret=0;
-        int i,j,k,m,n,again,bufsize;
-        unsigned char *s=NULL,*sp;
-        unsigned char *bufp;
-        int num=0,slen=0,first=1;
-
-        bs->type=V_ASN1_INTEGER;
-
-        bufsize=BIO_gets(bp,buf,size);
-        for (;;)
-                {
-                if (bufsize < 1) goto err_sl;
-                i=bufsize;
-                if (buf[i-1] == '\n') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                if (buf[i-1] == '\r') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                again=(buf[i-1] == '\\');
-
-                for (j=0; j<i; j++)
-                        {
-#ifndef CHARSET_EBCDIC
-                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
-                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-                        /* This #ifdef is not strictly necessary, since
-                         * the characters A...F a...f 0...9 are contiguous
-                         * (yes, even in EBCDIC - but not the whole alphabet).
-                         * Nevertheless, isxdigit() is faster.
-                         */
-                        if (!isxdigit(buf[j]))
-#endif
-                                {
-                                i=j;
-                                break;
-                                }
-                        }
-                buf[i]='\0';
-                /* We have now cleared all the crap off the end of the
-                 * line */
-                if (i < 2) goto err_sl;
-
-                bufp=(unsigned char *)buf;
-                if (first)
-                        {
-                        first=0;
-                        if ((bufp[0] == '0') && (buf[1] == '0'))
-                                {
-                                bufp+=2;
-                                i-=2;
-                                }
-                        }
-                k=0;
-                i-=again;
-                if (i%2 != 0)
-                        {
-                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
-                        goto err;
-                        }
-                i/=2;
-                if (num+i > slen)
-                        {
-                        if (s == NULL)
-                                sp=(unsigned char *)OPENSSL_malloc(
-                                        (unsigned int)num+i*2);
-                        else
-                                sp=OPENSSL_realloc_clean(s,slen,num+i*2);
-                        if (sp == NULL)
-                                {
-                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) OPENSSL_free(s);
-                                goto err;
-                                }
-                        s=sp;
-                        slen=num+i*2;
-                        }
-                for (j=0; j<i; j++,k+=2)
-                        {
-                        for (n=0; n<2; n++)
-                                {
-                                m=bufp[k+n];
-                                if ((m >= '0') && (m <= '9'))
-                                        m-='0';
-                                else if ((m >= 'a') && (m <= 'f'))
-                                        m=m-'a'+10;
-                                else if ((m >= 'A') && (m <= 'F'))
-                                        m=m-'A'+10;
-                                else
-                                        {
-                                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
-                                        goto err;
-                                        }
-                                s[num+j]<<=4;
-                                s[num+j]|=m;
-                                }
-                        }
-                num+=i;
-                if (again)
-                        bufsize=BIO_gets(bp,buf,size);
-                else
-                        break;
-                }
-        bs->length=num;
-        bs->data=s;
-        ret=1;
-err:
-        if (0)
-                {
-err_sl:
-                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c
deleted file mode 100644
index 968698a798..0000000000
--- a/src/lib/libcrypto/asn1/f_string.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
-        {
-        int i,n=0;
-        static const char *h="0123456789ABCDEF";
-        char buf[2];
-
-        if (a == NULL) return(0);
-
-        if (a->length == 0)
-                {
-                if (BIO_write(bp,"0",1) != 1) goto err;
-                n=1;
-                }
-        else
-                {
-                for (i=0; i<a->length; i++)
-                        {
-                        if ((i != 0) && (i%35 == 0))
-                                {
-                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
-                                n+=2;
-                                }
-                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-                        if (BIO_write(bp,buf,2) != 2) goto err;
-                        n+=2;
-                        }
-                }
-        return(n);
-err:
-        return(-1);
-        }
-
-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
-        {
-        int ret=0;
-        int i,j,k,m,n,again,bufsize;
-        unsigned char *s=NULL,*sp;
-        unsigned char *bufp;
-        int num=0,slen=0,first=1;
-
-        bufsize=BIO_gets(bp,buf,size);
-        for (;;)
-                {
-                if (bufsize < 1)
-                        {
-                        if (first)
-                                break;
-                        else
-                                goto err_sl;
-                        }
-                first=0;
-
-                i=bufsize;
-                if (buf[i-1] == '\n') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                if (buf[i-1] == '\r') buf[--i]='\0';
-                if (i == 0) goto err_sl;
-                again=(buf[i-1] == '\\');
-
-                for (j=i-1; j>0; j--)
-                        {
-#ifndef CHARSET_EBCDIC
-                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
-                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-                        /* This #ifdef is not strictly necessary, since
-                         * the characters A...F a...f 0...9 are contiguous
-                         * (yes, even in EBCDIC - but not the whole alphabet).
-                         * Nevertheless, isxdigit() is faster.
-                         */
-                        if (!isxdigit(buf[j]))
-#endif
-                                {
-                                i=j;
-                                break;
-                                }
-                        }
-                buf[i]='\0';
-                /* We have now cleared all the crap off the end of the
-                 * line */
-                if (i < 2) goto err_sl;
-
-                bufp=(unsigned char *)buf;
-
-                k=0;
-                i-=again;
-                if (i%2 != 0)
-                        {
-                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
-                        goto err;
-                        }
-                i/=2;
-                if (num+i > slen)
-                        {
-                        if (s == NULL)
-                                sp=(unsigned char *)OPENSSL_malloc(
-                                        (unsigned int)num+i*2);
-                        else
-                                sp=(unsigned char *)OPENSSL_realloc(s,
-                                        (unsigned int)num+i*2);
-                        if (sp == NULL)
-                                {
-                                ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
-                                if (s != NULL) OPENSSL_free(s);
-                                goto err;
-                                }
-                        s=sp;
-                        slen=num+i*2;
-                        }
-                for (j=0; j<i; j++,k+=2)
-                        {
-                        for (n=0; n<2; n++)
-                                {
-                                m=bufp[k+n];
-                                if ((m >= '0') && (m <= '9'))
-                                        m-='0';
-                                else if ((m >= 'a') && (m <= 'f'))
-                                        m=m-'a'+10;
-                                else if ((m >= 'A') && (m <= 'F'))
-                                        m=m-'A'+10;
-                                else
-                                        {
-                                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
-                                        goto err;
-                                        }
-                                s[num+j]<<=4;
-                                s[num+j]|=m;
-                                }
-                        }
-                num+=i;
-                if (again)
-                        bufsize=BIO_gets(bp,buf,size);
-                else
-                        break;
-                }
-        bs->length=num;
-        bs->data=s;
-        ret=1;
-err:
-        if (0)
-                {
-err_sl:
-                ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
deleted file mode 100644
index 1e951ae01d..0000000000
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/asn1/i2d_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
-        {
-#ifndef OPENSSL_NO_RSA
-        if (a->type == EVP_PKEY_RSA)
-                {
-                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
-                }
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-        if (a->type == EVP_PKEY_DSA)
-                {
-                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
-                }
-#endif
-
-        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-        return(-1);
-        }
-
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
deleted file mode 100644
index 013d19bbf4..0000000000
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/asn1/i2d_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
-        {
-        switch (a->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-        default:
-                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-                return(-1);
-                }
-        }
-
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
deleted file mode 100644
index 766b51c538..0000000000
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/asn1/n_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-
-#ifndef OPENSSL_NO_RC4
-
-typedef struct netscape_pkey_st
-        {
-        long version;
-        X509_ALGOR *algor;
-        ASN1_OCTET_STRING *private_key;
-        } NETSCAPE_PKEY;
-
-typedef struct netscape_encrypted_pkey_st
-        {
-        ASN1_OCTET_STRING *os;
-        /* This is the same structure as DigestInfo so use it:
-         * although this isn't really anything to do with
-         * digests.
-         */
-        X509_SIG *enckey;
-        } NETSCAPE_ENCRYPTED_PKEY;
-
-
-ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
-        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-
-ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
-        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
-        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-             int (*cb)(), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
-{
-        return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
-        {
-        int i, j, ret = 0;
-        int rsalen, pkeylen, olen;
-        NETSCAPE_PKEY *pkey = NULL;
-        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        unsigned char buf[256],*zz;
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        EVP_CIPHER_CTX ctx;
-
-        if (a == NULL) return(0);
-
-        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
-        pkey->version = 0;
-
-        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        pkey->algor->parameter->type=V_ASN1_NULL;
-
-        rsalen = i2d_RSAPrivateKey(a, NULL);
-
-        /* Fake some octet strings just for the initial length
-         * calculation.
-         */
-
-        pkey->private_key->length=rsalen;
-
-        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-
-        enckey->enckey->digest->length = pkeylen;
-
-        enckey->os->length = 11;        /* "private-key" */
-
-        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
-        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
-
-        if (pp == NULL)
-                {
-                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-                NETSCAPE_PKEY_free(pkey);
-                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-                return olen;
-                }
-
-
-        /* Since its RC4 encrypted length is actual length */
-        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
-                {
-                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        pkey->private_key->data = zz;
-        /* Write out private key encoding */
-        i2d_RSAPrivateKey(a,&zz);
-
-        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
-                {
-                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
-                {
-                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        enckey->enckey->digest->data = zz;
-        i2d_NETSCAPE_PKEY(pkey,&zz);
-
-        /* Wipe the private key encoding */
-        OPENSSL_cleanse(pkey->private_key->data, rsalen);
-                
-        if (cb == NULL)
-                cb=EVP_read_pw_string;
-        i=cb(buf,256,"Enter Private Key password:",1);
-        if (i != 0)
-                {
-                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
-                goto err;
-                }
-        i = strlen((char *)buf);
-        /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey) {
-                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-                memcpy(buf + 16, "SGCKEYSALT", 10);
-                i = 26;
-        }
-
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-        OPENSSL_cleanse(buf,256);
-
-        /* Encrypt private key in place */
-        zz = enckey->enckey->digest->data;
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
-        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
-        EVP_CIPHER_CTX_cleanup(&ctx);
-
-        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-err:
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        NETSCAPE_PKEY_free(pkey);
-        return(ret);
-        }
-
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
-{
-        return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
-        {
-        RSA *ret=NULL;
-        const unsigned char *p, *kp;
-        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
-        p = *pp;
-
-        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        if(!enckey) {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
-                return NULL;
-        }
-
-        if ((enckey->os->length != 11) || (strncmp("private-key",
-                (char *)enckey->os->data,11) != 0))
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-                return NULL;
-                }
-        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-                goto err;
-        }
-        kp = enckey->enckey->digest->data;
-        if (cb == NULL)
-                cb=EVP_read_pw_string;
-        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
-
-        *pp = p;
-
-        err:
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return ret;
-
-        }
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-             int (*cb)(), int sgckey)
-        {
-        NETSCAPE_PKEY *pkey=NULL;
-        RSA *ret=NULL;
-        int i,j;
-        unsigned char buf[256];
-        const unsigned char *zz;
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        EVP_CIPHER_CTX ctx;
-
-        i=cb(buf,256,"Enter Private Key password:",0);
-        if (i != 0)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
-                goto err;
-                }
-
-        i = strlen((char *)buf);
-        if(sgckey){
-                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-                memcpy(buf + 16, "SGCKEYSALT", 10);
-                i = 26;
-        }
-                
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-        OPENSSL_cleanse(buf,256);
-
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
-        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        os->length=i+j;
-
-        zz=os->data;
-
-        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-                goto err;
-                }
-                
-        zz=pkey->private_key->data;
-        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-                goto err;
-                }
-err:
-        NETSCAPE_PKEY_free(pkey);
-        return(ret);
-        }
-
-#endif /* OPENSSL_NO_RC4 */
-
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
deleted file mode 100644
index 50e2d4d07a..0000000000
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* nsseq.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_NEW_POST) {
-                NETSCAPE_CERT_SEQUENCE *nsseq;
-                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
-                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-        }
-        return 1;
-}
-
-/* Netscape certificate sequence structure */
-
-ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
-        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
-        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
-} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
deleted file mode 100644
index ec788267e0..0000000000
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* p5_pbe.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 password based encryption structure */
-
-ASN1_SEQUENCE(PBEPARAM) = {
-        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
-             int saltlen)
-{
-        PBEPARAM *pbe=NULL;
-        ASN1_OBJECT *al;
-        X509_ALGOR *algor;
-        ASN1_TYPE *astype=NULL;
-
-        if (!(pbe = PBEPARAM_new ())) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!saltlen) saltlen = PKCS5_SALT_LEN;
-        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        pbe->salt->length = saltlen;
-        if (salt) memcpy (pbe->salt->data, salt, saltlen);
-        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
-                goto err;
-
-        if (!(astype = ASN1_TYPE_new())) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        astype->type = V_ASN1_SEQUENCE;
-        if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        PBEPARAM_free (pbe);
-        pbe = NULL;
-        
-        al = OBJ_nid2obj(alg); /* never need to free al */
-        if (!(algor = X509_ALGOR_new())) {
-                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ASN1_OBJECT_free(algor->algorithm);
-        algor->algorithm = al;
-        algor->parameter = astype;
-
-        return (algor);
-err:
-        if (pbe != NULL) PBEPARAM_free(pbe);
-        if (astype != NULL) ASN1_TYPE_free(astype);
-        return NULL;
-}
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
deleted file mode 100644
index e0dc0ec4ee..0000000000
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* p5_pbev2.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 v2.0 password based encryption structures */
-
-ASN1_SEQUENCE(PBE2PARAM) = {
-        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
-        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
-
-ASN1_SEQUENCE(PBKDF2PARAM) = {
-        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
-        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
-        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
-        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
- * yes I know this is horrible!
- */
-
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                                 unsigned char *salt, int saltlen)
-{
-        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-        int alg_nid;
-        EVP_CIPHER_CTX ctx;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        PBKDF2PARAM *kdf = NULL;
-        PBE2PARAM *pbe2 = NULL;
-        ASN1_OCTET_STRING *osalt = NULL;
-        ASN1_OBJECT *obj;
-
-        alg_nid = EVP_CIPHER_type(cipher);
-        if(alg_nid == NID_undef) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
-                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-                goto err;
-        }
-        obj = OBJ_nid2obj(alg_nid);
-
-        if(!(pbe2 = PBE2PARAM_new())) goto merr;
-
-        /* Setup the AlgorithmIdentifier for the encryption scheme */
-        scheme = pbe2->encryption;
-
-        scheme->algorithm = obj;
-        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
-
-        /* Create random IV */
-        if (EVP_CIPHER_iv_length(cipher) &&
-                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-                goto err;
-
-        EVP_CIPHER_CTX_init(&ctx);
-
-        /* Dummy cipherinit to just setup the IV */
-        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
-        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
-                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                goto err;
-        }
-        EVP_CIPHER_CTX_cleanup(&ctx);
-
-        if(!(kdf = PBKDF2PARAM_new())) goto merr;
-        if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
-
-        if (!saltlen) saltlen = PKCS5_SALT_LEN;
-        if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
-        osalt->length = saltlen;
-        if (salt) memcpy (osalt->data, salt, saltlen);
-        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
-
-        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
-
-        /* Now include salt in kdf structure */
-        kdf->salt->value.octet_string = osalt;
-        kdf->salt->type = V_ASN1_OCTET_STRING;
-        osalt = NULL;
-
-        /* If its RC2 then we'd better setup the key length */
-
-        if(alg_nid == NID_rc2_cbc) {
-                if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
-                if(!ASN1_INTEGER_set (kdf->keylength,
-                                 EVP_CIPHER_key_length(cipher))) goto merr;
-        }
-
-        /* prf can stay NULL because we are using hmacWithSHA1 */
-
-        /* Now setup the PBE2PARAM keyfunc structure */
-
-        pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
-        /* Encode PBKDF2PARAM into parameter of pbe2 */
-
-        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-
-        if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
-                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
-        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-        PBKDF2PARAM_free(kdf);
-        kdf = NULL;
-
-        /* Now set up top level AlgorithmIdentifier */
-
-        if(!(ret = X509_ALGOR_new())) goto merr;
-        if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
-
-        ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
-        /* Encode PBE2PARAM into parameter */
-
-        if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
-                                 &ret->parameter->value.sequence)) goto merr;
-        ret->parameter->type = V_ASN1_SEQUENCE;
-
-        PBE2PARAM_free(pbe2);
-        pbe2 = NULL;
-
-        return ret;
-
-        merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
-
-        err:
-        PBE2PARAM_free(pbe2);
-        /* Note 'scheme' is freed as part of pbe2 */
-        M_ASN1_OCTET_STRING_free(osalt);
-        PBKDF2PARAM_free(kdf);
-        X509_ALGOR_free(kalg);
-        X509_ALGOR_free(ret);
-
-        return NULL;
-
-}
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
deleted file mode 100644
index 24b409132f..0000000000
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* p8_pkey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
-        if(operation == ASN1_OP_FREE_PRE) {
-                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-                if (key->pkey->value.octet_string)
-                OPENSSL_cleanse(key->pkey->value.octet_string->data,
-                        key->pkey->value.octet_string->length);
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
-        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
-        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
-        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/asn1/t_bitst.c b/src/lib/libcrypto/asn1/t_bitst.c
deleted file mode 100644
index 397332d9b8..0000000000
--- a/src/lib/libcrypto/asn1/t_bitst.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* t_bitst.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-                                BIT_STRING_BITNAME *tbl, int indent)
-{
-        BIT_STRING_BITNAME *bnam;
-        char first = 1;
-        BIO_printf(out, "%*s", indent, "");
-        for(bnam = tbl; bnam->lname; bnam++) {
-                if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
-                        if(!first) BIO_puts(out, ", ");
-                        BIO_puts(out, bnam->lname);
-                        first = 0;
-                }
-        }
-        BIO_puts(out, "\n");
-        return 1;
-}
-
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-                                BIT_STRING_BITNAME *tbl)
-{
-        int bitnum;
-        bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
-        if(bitnum < 0) return 0;
-        if(bs) {
-                if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
-                        return 0;
-        }
-        return 1;
-}
-
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
-{
-        BIT_STRING_BITNAME *bnam;
-        for(bnam = tbl; bnam->lname; bnam++) {
-                if(!strcmp(bnam->sname, name) ||
-                        !strcmp(bnam->lname, name) ) return bnam->bitnum;
-        }
-        return -1;
-}
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
deleted file mode 100644
index 757c148df8..0000000000
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* t_crl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_CRL_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_CRL_print(BIO *out, X509_CRL *x)
-{
-        STACK_OF(X509_REVOKED) *rev;
-        X509_REVOKED *r;
-        long l;
-        int i, n;
-        char *p;
-
-        BIO_printf(out, "Certificate Revocation List (CRL):\n");
-        l = X509_CRL_get_version(x);
-        BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
-        i = OBJ_obj2nid(x->sig_alg->algorithm);
-        BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
-                                 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
-        p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
-        BIO_printf(out,"%8sIssuer: %s\n","",p);
-        OPENSSL_free(p);
-        BIO_printf(out,"%8sLast Update: ","");
-        ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
-        BIO_printf(out,"\n%8sNext Update: ","");
-        if (X509_CRL_get_nextUpdate(x))
-                 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
-        else BIO_printf(out,"NONE");
-        BIO_printf(out,"\n");
-
-        n=X509_CRL_get_ext_count(x);
-        X509V3_extensions_print(out, "CRL extensions",
-                                                x->crl->extensions, 0, 8);
-
-        rev = X509_CRL_get_REVOKED(x);
-
-        if(sk_X509_REVOKED_num(rev) > 0)
-            BIO_printf(out, "Revoked Certificates:\n");
-        else BIO_printf(out, "No Revoked Certificates.\n");
-
-        for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
-                r = sk_X509_REVOKED_value(rev, i);
-                BIO_printf(out,"    Serial Number: ");
-                i2a_ASN1_INTEGER(out,r->serialNumber);
-                BIO_printf(out,"\n        Revocation Date: ","");
-                ASN1_TIME_print(out,r->revocationDate);
-                BIO_printf(out,"\n");
-                X509V3_extensions_print(out, "CRL entry extensions",
-                                                r->extensions, 0, 8);
-        }
-        X509_signature_print(out, x->sig_alg, x->signature);
-
-        return 1;
-
-}
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
deleted file mode 100644
index d15006e654..0000000000
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-static int print(BIO *fp,const char *str,BIGNUM *num,
-                unsigned char *buf,int off);
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int RSA_print(BIO *bp, const RSA *x, int off)
-        {
-        char str[128];
-        const char *s;
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0, i;
-
-        if (x->n)
-                buf_len = (size_t)BN_num_bytes(x->n);
-        if (x->e)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-                        buf_len = i;
-        if (x->d)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-                        buf_len = i;
-        if (x->p)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-                        buf_len = i;
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->dmp1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-                        buf_len = i;
-        if (x->dmq1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-                        buf_len = i;
-        if (x->iqmp)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-                        buf_len = i;
-
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (x->d != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
-                        <= 0) goto err;
-                }
-
-        if (x->d == NULL)
-                BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
-        else
-                BUF_strlcpy(str,"modulus:",sizeof str);
-        if (!print(bp,str,x->n,m,off)) goto err;
-        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-        if (!print(bp,s,x->e,m,off)) goto err;
-        if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
-        if (!print(bp,"prime1:",x->p,m,off)) goto err;
-        if (!print(bp,"prime2:",x->q,m,off)) goto err;
-        if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
-        if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
-        if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_RSA */
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DSA_print(BIO *bp, const DSA *x, int off)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        if (x->priv_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-                        buf_len = i;
-        if (x->pub_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-                        buf_len = i;
-
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (x->priv_key != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
-                        <= 0) goto err;
-                }
-
-        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
-                goto err;
-        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
-        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
-        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-
-static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
-             int off)
-        {
-        int n,i;
-        const char *neg;
-
-        if (num == NULL) return(1);
-        neg=(num->neg)?"-":"";
-        if(!BIO_indent(bp,off,128))
-                return 0;
-
-        if (BN_num_bytes(num) <= BN_BYTES)
-                {
-                if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
-                        (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
-                        <= 0) return(0);
-                }
-        else
-                {
-                buf[0]=0;
-                if (BIO_printf(bp,"%s%s",number,
-                        (neg[0] == '-')?" (Negative)":"") <= 0)
-                        return(0);
-                n=BN_bn2bin(num,&buf[1]);
-        
-                if (buf[1] & 0x80)
-                        n++;
-                else    buf++;
-
-                for (i=0; i<n; i++)
-                        {
-                        if ((i%15) == 0)
-                                {
-                                if(BIO_puts(bp,"\n") <= 0
-                                   || !BIO_indent(bp,off+4,128))
-                                    return 0;
-                                }
-                        if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
-                                <= 0) return(0);
-                        }
-                if (BIO_write(bp,"\n",1) <= 0) return(0);
-                }
-        return(1);
-        }
-
-#ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DHparams_print(BIO *bp, const DH *x)
-        {
-        unsigned char *m=NULL;
-        int reason=ERR_R_BUF_LIB,ret=0;
-        size_t buf_len=0, i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"prime:",x->p,m,4)) goto err;
-        if (!print(bp,"generator:",x->g,m,4)) goto err;
-        if (x->length != 0)
-                {
-                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
-                        (int)x->length) <= 0) goto err;
-                }
-        ret=1;
-        if (0)
-                {
-err:
-                DHerr(DH_F_DHPARAMS_PRINT,reason);
-                }
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int DSAparams_print(BIO *bp, const DSA *x)
-        {
-        unsigned char *m=NULL;
-        int reason=ERR_R_BUF_LIB,ret=0;
-        size_t buf_len=0,i;
-
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"p:",x->p,m,4)) goto err;
-        if (!print(bp,"q:",x->q,m,4)) goto err;
-        if (!print(bp,"g:",x->g,m,4)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
-        return(ret);
-        }
-
-#endif /* !OPENSSL_NO_DSA */
-
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
deleted file mode 100644
index 740cee80c0..0000000000
--- a/src/lib/libcrypto/asn1/t_req.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/* crypto/asn1/t_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_REQ_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
-        {
-        unsigned long l;
-        int i;
-        const char *neg;
-        X509_REQ_INFO *ri;
-        EVP_PKEY *pkey;
-        STACK_OF(X509_ATTRIBUTE) *sk;
-        STACK_OF(X509_EXTENSION) *exts;
-        char mlch = ' ';
-        int nmindent = 0;
-
-        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-                mlch = '\n';
-                nmindent = 12;
-        }
-
-        if(nmflags == X509_FLAG_COMPAT)
-                nmindent = 16;
-
-
-        ri=x->req_info;
-        if(!(cflag & X509_FLAG_NO_HEADER))
-                {
-                if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
-                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_VERSION))
-                {
-                neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-                l=0;
-                for (i=0; i<ri->version->length; i++)
-                        { l<<=8; l+=ri->version->data[i]; }
-                if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
-                              l) <= 0)
-                    goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_SUBJECT))
-                {
-                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_PUBKEY))
-                {
-                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-                        goto err;
-                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-                        goto err;
-                if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
-                        goto err;
-                if (BIO_puts(bp, "\n") <= 0)
-                        goto err;
-
-                pkey=X509_REQ_get_pubkey(x);
-                if (pkey == NULL)
-                        {
-                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
-                        ERR_print_errors(bp);
-                        }
-                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
-                        }
-                else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-                EVP_PKEY_free(pkey);
-                }
-
-        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
-                {
-                /* may not be */
-                if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
-                    goto err;
-
-                sk=x->req_info->attributes;
-                if (sk_X509_ATTRIBUTE_num(sk) == 0)
-                        {
-                        if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
-                            goto err;
-                        }
-                else
-                        {
-                        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-                                {
-                                ASN1_TYPE *at;
-                                X509_ATTRIBUTE *a;
-                                ASN1_BIT_STRING *bs=NULL;
-                                ASN1_TYPE *t;
-                                int j,type=0,count=1,ii=0;
-
-                                a=sk_X509_ATTRIBUTE_value(sk,i);
-                                if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-                                                                        continue;
-                                if(BIO_printf(bp,"%12s","") <= 0)
-                                    goto err;
-                                if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
-                                {
-                                if (a->single)
-                                        {
-                                        t=a->value.single;
-                                        type=t->type;
-                                        bs=t->value.bit_string;
-                                        }
-                                else
-                                        {
-                                        ii=0;
-                                        count=sk_ASN1_TYPE_num(a->value.set);
-get_next:
-                                        at=sk_ASN1_TYPE_value(a->value.set,ii);
-                                        type=at->type;
-                                        bs=at->value.asn1_string;
-                                        }
-                                }
-                                for (j=25-j; j>0; j--)
-                                        if (BIO_write(bp," ",1) != 1) goto err;
-                                if (BIO_puts(bp,":") <= 0) goto err;
-                                if (    (type == V_ASN1_PRINTABLESTRING) ||
-                                        (type == V_ASN1_T61STRING) ||
-                                        (type == V_ASN1_IA5STRING))
-                                        {
-                                        if (BIO_write(bp,(char *)bs->data,bs->length)
-                                                != bs->length)
-                                                goto err;
-                                        BIO_puts(bp,"\n");
-                                        }
-                                else
-                                        {
-                                        BIO_puts(bp,"unable to print attribute\n");
-                                        }
-                                if (++ii < count) goto get_next;
-                                }
-                        }
-                }
-        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
-                {
-                exts = X509_REQ_get_extensions(x);
-                if(exts)
-                        {
-                        BIO_printf(bp,"%8sRequested Extensions:\n","");
-                        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-                                {
-                                ASN1_OBJECT *obj;
-                                X509_EXTENSION *ex;
-                                int j;
-                                ex=sk_X509_EXTENSION_value(exts, i);
-                                if (BIO_printf(bp,"%12s","") <= 0) goto err;
-                                obj=X509_EXTENSION_get_object(ex);
-                                i2a_ASN1_OBJECT(bp,obj);
-                                j=X509_EXTENSION_get_critical(ex);
-                                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-                                        goto err;
-                                if(!X509V3_EXT_print(bp, ex, 0, 16))
-                                        {
-                                        BIO_printf(bp, "%16s", "");
-                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
-                                        }
-                                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                                }
-                        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-                        }
-                }
-
-        if(!(cflag & X509_FLAG_NO_SIGDUMP))
-                {
-                if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
-                }
-
-        return(1);
-err:
-        X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
-        return(0);
-        }
-
-int X509_REQ_print(BIO *bp, X509_REQ *x)
-        {
-        return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-        }
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
deleted file mode 100644
index 5abfbc815e..0000000000
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* t_spki.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-/* Print out an SPKI */
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
-{
-        EVP_PKEY *pkey;
-        ASN1_IA5STRING *chal;
-        int i, n;
-        char *s;
-        BIO_printf(out, "Netscape SPKI:\n");
-        i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
-        BIO_printf(out,"  Public Key Algorithm: %s\n",
-                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-        pkey = X509_PUBKEY_get(spki->spkac->pubkey);
-        if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-        else {
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
-                                BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(out,pkey->pkey.rsa,2);
-                        }
-                else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                BIO_printf(out,"  DSA Public Key:\n");
-                DSA_print(out,pkey->pkey.dsa,2);
-                }
-                else
-#endif
-                        BIO_printf(out,"  Unknown Public Key:\n");
-                EVP_PKEY_free(pkey);
-        }
-        chal = spki->spkac->challenge;
-        if(chal->length)
-                BIO_printf(out, "  Challenge String: %s\n", chal->data);
-        i=OBJ_obj2nid(spki->sig_algor->algorithm);
-        BIO_printf(out,"  Signature Algorithm: %s",
-                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
-        n=spki->signature->length;
-        s=(char *)spki->signature->data;
-        for (i=0; i<n; i++)
-                {
-                if ((i%18) == 0) BIO_write(out,"\n      ",7);
-                BIO_printf(out,"%02x%s",(unsigned char)s[i],
-                                                ((i+1) == n)?"":":");
-                }
-        BIO_write(out,"\n",1);
-        return 1;
-}
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
deleted file mode 100644
index 30f68561b7..0000000000
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ /dev/null
@@ -1,505 +0,0 @@
-/* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_print_fp(FILE *fp, X509 *x)
-        {
-        return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-        }
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print_ex(b, x, nmflag, cflag);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_print(BIO *bp, X509 *x)
-{
-        return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
-        {
-        long l;
-        int ret=0,i;
-        char *m=NULL,mlch = ' ';
-        int nmindent = 0;
-        X509_CINF *ci;
-        ASN1_INTEGER *bs;
-        EVP_PKEY *pkey=NULL;
-        const char *neg;
-        ASN1_STRING *str=NULL;
-
-        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-                        mlch = '\n';
-                        nmindent = 12;
-        }
-
-        if(nmflags == X509_FLAG_COMPAT)
-                nmindent = 16;
-
-        ci=x->cert_info;
-        if(!(cflag & X509_FLAG_NO_HEADER))
-                {
-                if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_VERSION))
-                {
-                l=X509_get_version(x);
-                if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_SERIAL))
-                {
-
-                if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-                bs=X509_get_serialNumber(x);
-                if (bs->length <= 4)
-                        {
-                        l=ASN1_INTEGER_get(bs);
-                        if (l < 0)
-                                {
-                                l= -l;
-                                neg="-";
-                                }
-                        else
-                                neg="";
-                        if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-                                goto err;
-                        }
-                else
-                        {
-                        neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-                        if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
-                        for (i=0; i<bs->length; i++)
-                                {
-                                if (BIO_printf(bp,"%02x%c",bs->data[i],
-                                        ((i+1 == bs->length)?'\n':':')) <= 0)
-                                        goto err;
-                                }
-                        }
-
-                }
-
-        if(!(cflag & X509_FLAG_NO_SIGNAME))
-                {
-                if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
-                        goto err;
-                if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
-                        goto err;
-                if (BIO_puts(bp, "\n") <= 0)
-                        goto err;
-                }
-
-        if(!(cflag & X509_FLAG_NO_ISSUER))
-                {
-                if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-                if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_VALIDITY))
-                {
-                if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
-                if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-                if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-                if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-                if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_SUBJECT))
-                {
-                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-                if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_PUBKEY))
-                {
-                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-                        goto err;
-                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-                        goto err;
-                if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
-                        goto err;
-                if (BIO_puts(bp, "\n") <= 0)
-                        goto err;
-
-                pkey=X509_get_pubkey(x);
-                if (pkey == NULL)
-                        {
-                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
-                        ERR_print_errors(bp);
-                        }
-                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
-                        }
-                else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-                EVP_PKEY_free(pkey);
-                }
-
-        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
-                X509V3_extensions_print(bp, "X509v3 extensions",
-                                        ci->extensions, cflag, 8);
-
-        if(!(cflag & X509_FLAG_NO_SIGDUMP))
-                {
-                if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
-                }
-        if(!(cflag & X509_FLAG_NO_AUX))
-                {
-                if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
-                }
-        ret=1;
-err:
-        if (str != NULL) ASN1_STRING_free(str);
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-
-int X509_ocspid_print (BIO *bp, X509 *x)
-        {
-        unsigned char *der=NULL ;
-        unsigned char *dertmp;
-        int derlen;
-        int i;
-        unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-        /* display the hash of the subject as it would appear
-           in OCSP requests */
-        if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
-                goto err;
-        derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-        if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
-                goto err;
-        i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-        EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
-        for (i=0; i < SHA_DIGEST_LENGTH; i++)
-                {
-                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
-                }
-        OPENSSL_free (der);
-        der=NULL;
-
-        /* display the hash of the public key as it would appear
-           in OCSP requests */
-        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
-                goto err;
-
-        EVP_Digest(x->cert_info->key->public_key->data,
-                x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
-        for (i=0; i < SHA_DIGEST_LENGTH; i++)
-                {
-                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
-                        goto err;
-                }
-        BIO_printf(bp,"\n");
-
-        return (1);
-err:
-        if (der != NULL) OPENSSL_free(der);
-        return(0);
-        }
-
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
-{
-        unsigned char *s;
-        int i, n;
-        if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
-        if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
-
-        n=sig->length;
-        s=sig->data;
-        for (i=0; i<n; i++)
-                {
-                if ((i%18) == 0)
-                        if (BIO_write(bp,"\n        ",9) <= 0) return 0;
-                        if (BIO_printf(bp,"%02x%s",s[i],
-                                ((i+1) == n)?"":":") <= 0) return 0;
-                }
-        if (BIO_write(bp,"\n",1) != 1) return 0;
-        return 1;
-}
-
-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
-        {
-        int i,n;
-        char buf[80],*p;
-
-        if (v == NULL) return(0);
-        n=0;
-        p=(char *)v->data;
-        for (i=0; i<v->length; i++)
-                {
-                if ((p[i] > '~') || ((p[i] < ' ') &&
-                        (p[i] != '\n') && (p[i] != '\r')))
-                        buf[n]='.';
-                else
-                        buf[n]=p[i];
-                n++;
-                if (n >= 80)
-                        {
-                        if (BIO_write(bp,buf,n) <= 0)
-                                return(0);
-                        n=0;
-                        }
-                }
-        if (n > 0)
-                if (BIO_write(bp,buf,n) <= 0)
-                        return(0);
-        return(1);
-        }
-
-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
-{
-        if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
-        if(tm->type == V_ASN1_GENERALIZEDTIME)
-                                return ASN1_GENERALIZEDTIME_print(bp, tm);
-        BIO_write(bp,"Bad time value",14);
-        return(0);
-}
-
-static const char *mon[12]=
-    {
-    "Jan","Feb","Mar","Apr","May","Jun",
-    "Jul","Aug","Sep","Oct","Nov","Dec"
-    };
-
-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
-        {
-        char *v;
-        int gmt=0;
-        int i;
-        int y=0,M=0,d=0,h=0,m=0,s=0;
-
-        i=tm->length;
-        v=(char *)tm->data;
-
-        if (i < 12) goto err;
-        if (v[i-1] == 'Z') gmt=1;
-        for (i=0; i<12; i++)
-                if ((v[i] > '9') || (v[i] < '0')) goto err;
-        y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
-        M= (v[4]-'0')*10+(v[5]-'0');
-        if ((M > 12) || (M < 1)) goto err;
-        d= (v[6]-'0')*10+(v[7]-'0');
-        h= (v[8]-'0')*10+(v[9]-'0');
-        m=  (v[10]-'0')*10+(v[11]-'0');
-        if (    (v[12] >= '0') && (v[12] <= '9') &&
-                (v[13] >= '0') && (v[13] <= '9'))
-                s=  (v[12]-'0')*10+(v[13]-'0');
-
-        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
-                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
-                return(0);
-        else
-                return(1);
-err:
-        BIO_write(bp,"Bad time value",14);
-        return(0);
-        }
-
-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
-        {
-        char *v;
-        int gmt=0;
-        int i;
-        int y=0,M=0,d=0,h=0,m=0,s=0;
-
-        i=tm->length;
-        v=(char *)tm->data;
-
-        if (i < 10) goto err;
-        if (v[i-1] == 'Z') gmt=1;
-        for (i=0; i<10; i++)
-                if ((v[i] > '9') || (v[i] < '0')) goto err;
-        y= (v[0]-'0')*10+(v[1]-'0');
-        if (y < 50) y+=100;
-        M= (v[2]-'0')*10+(v[3]-'0');
-        if ((M > 12) || (M < 1)) goto err;
-        d= (v[4]-'0')*10+(v[5]-'0');
-        h= (v[6]-'0')*10+(v[7]-'0');
-        m=  (v[8]-'0')*10+(v[9]-'0');
-        if (    (v[10] >= '0') && (v[10] <= '9') &&
-                (v[11] >= '0') && (v[11] <= '9'))
-                s=  (v[10]-'0')*10+(v[11]-'0');
-
-        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
-                mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
-                return(0);
-        else
-                return(1);
-err:
-        BIO_write(bp,"Bad time value",14);
-        return(0);
-        }
-
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
-        {
-        char *s,*c,*b;
-        int ret=0,l,ll,i,first=1;
-
-        ll=80-2-obase;
-
-        b=s=X509_NAME_oneline(name,NULL,0);
-        if (!*s)
-                {
-                OPENSSL_free(b);
-                return 1;
-                }
-        s++; /* skip the first slash */
-
-        l=ll;
-        c=s;
-        for (;;)
-                {
-#ifndef CHARSET_EBCDIC
-                if (    ((*s == '/') &&
-                                ((s[1] >= 'A') && (s[1] <= 'Z') && (
-                                        (s[2] == '=') ||
-                                        ((s[2] >= 'A') && (s[2] <= 'Z') &&
-                                        (s[3] == '='))
-                                 ))) ||
-                        (*s == '\0'))
-#else
-                if (    ((*s == '/') &&
-                                (isupper(s[1]) && (
-                                        (s[2] == '=') ||
-                                        (isupper(s[2]) &&
-                                        (s[3] == '='))
-                                 ))) ||
-                        (*s == '\0'))
-#endif
-                        {
-                        if ((l <= 0) && !first)
-                                {
-                                first=0;
-                                if (BIO_write(bp,"\n",1) != 1) goto err;
-                                for (i=0; i<obase; i++)
-                                        {
-                                        if (BIO_write(bp," ",1) != 1) goto err;
-                                        }
-                                l=ll;
-                                }
-                        i=s-c;
-                        if (BIO_write(bp,c,i) != i) goto err;
-                        c+=i;
-                        c++;
-                        if (*s != '\0')
-                                {
-                                if (BIO_write(bp,", ",2) != 2) goto err;
-                                }
-                        l--;
-                        }
-                if (*s == '\0') break;
-                s++;
-                l--;
-                }
-        
-        ret=1;
-        if (0)
-                {
-err:
-                X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
-                }
-        OPENSSL_free(b);
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
deleted file mode 100644
index ffbbfb51f4..0000000000
--- a/src/lib/libcrypto/asn1/t_x509a.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* t_x509a.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
-        char oidstr[80], first;
-        int i;
-        if(!aux) return 1;
-        if(aux->trust) {
-                first = 1;
-                BIO_printf(out, "%*sTrusted Uses:\n%*s",
-                                                indent, "", indent + 2, "");
-                for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
-                        if(!first) BIO_puts(out, ", ");
-                        else first = 0;
-                        OBJ_obj2txt(oidstr, sizeof oidstr,
-                                sk_ASN1_OBJECT_value(aux->trust, i), 0);
-                        BIO_puts(out, oidstr);
-                }
-                BIO_puts(out, "\n");
-        } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
-        if(aux->reject) {
-                first = 1;
-                BIO_printf(out, "%*sRejected Uses:\n%*s",
-                                                indent, "", indent + 2, "");
-                for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
-                        if(!first) BIO_puts(out, ", ");
-                        else first = 0;
-                        OBJ_obj2txt(oidstr, sizeof oidstr,
-                                sk_ASN1_OBJECT_value(aux->reject, i), 0);
-                        BIO_puts(out, oidstr);
-                }
-                BIO_puts(out, "\n");
-        } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-        if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
-                                                        aux->alias->data);
-        if(aux->keyid) {
-                BIO_printf(out, "%*sKey Id: ", indent, "");
-                for(i = 0; i < aux->keyid->length; i++) 
-                        BIO_printf(out, "%s%02X", 
-                                i ? ":" : "",
-                                aux->keyid->data[i]);
-                BIO_write(out,"\n",1);
-        }
-        return 1;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
deleted file mode 100644
index b7e916ef36..0000000000
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ /dev/null
@@ -1,1023 +0,0 @@
-/* tasn_dec.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static int asn1_check_eoc(unsigned char **in, long len);
-static int asn1_find_end(unsigned char **in, long len, char inf);
-static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
-static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
-                        unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
-static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
-static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
-                                        const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-/* Table to convert tags to bit values, used for MSTRING type */
-static unsigned long tag2bit[32]={
-0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
-B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                        /* tags 23-24 */ 
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
-        };
-
-unsigned long ASN1_tag2bit(int tag)
-{
-        if((tag < 0) || (tag > 30)) return 0;
-        return tag2bit[tag];
-}
-
-/* Macro to initialize and invalidate the cache */
-
-#define asn1_tlc_clear(c)       if(c) (c)->valid = 0
-
-/* Decode an ASN1 item, this currently behaves just 
- * like a standard 'd2i' function. 'in' points to 
- * a buffer to read the data from, in future we will
- * have more advanced versions that can input data
- * a piece at a time and this will simply be a special
- * case.
- */
-
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
-{
-        ASN1_TLC c;
-        ASN1_VALUE *ptmpval = NULL;
-        if(!pval) pval = &ptmpval;
-        asn1_tlc_clear(&c);
-        if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
-                return *pval;
-        return NULL;
-}
-
-int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
-{
-        ASN1_TLC c;
-        asn1_tlc_clear(&c);
-        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-}
-
-
-/* Decode an item, taking care of IMPLICIT tagging, if any.
- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
- */
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-        const ASN1_TEMPLATE *tt, *errtt = NULL;
-        const ASN1_COMPAT_FUNCS *cf;
-        const ASN1_EXTERN_FUNCS *ef;
-        const ASN1_AUX *aux = it->funcs;
-        ASN1_aux_cb *asn1_cb;
-        unsigned char *p, *q, imphack = 0, oclass;
-        char seq_eoc, seq_nolen, cst, isopt;
-        long tmplen;
-        int i;
-        int otag;
-        int ret = 0;
-        ASN1_VALUE *pchval, **pchptr, *ptmpval;
-        if(!pval) return 0;
-        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-        else asn1_cb = 0;
-
-        switch(it->itype) {
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates) {
-                        /* tagging or OPTIONAL is currently illegal on an item template
-                         * because the flags can't get passed down. In practice this isn't
-                         * a problem: we include the relevant flags from the item template
-                         * in the template itself.
-                         */
-                        if ((tag != -1) || opt) {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
-                                goto err;
-                        }
-                        return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
-                }
-                return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                p = *in;
-                /* Just read in tag and class */
-                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        goto err;
-                } 
-                /* Must be UNIVERSAL class */
-                if(oclass != V_ASN1_UNIVERSAL) {
-                        /* If OPTIONAL, assume this is OK */
-                        if(opt) return -1;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
-                        goto err;
-                } 
-                /* Check tag matches bit map */
-                if(!(ASN1_tag2bit(otag) & it->utype)) {
-                        /* If OPTIONAL, assume this is OK */
-                        if(opt) return -1;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
-                        goto err;
-                } 
-                return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
-
-                case ASN1_ITYPE_EXTERN:
-                /* Use new style d2i */
-                ef = it->funcs;
-                return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
-
-                case ASN1_ITYPE_COMPAT:
-                /* we must resort to old style evil hackery */
-                cf = it->funcs;
-
-                /* If OPTIONAL see if it is there */
-                if(opt) {
-                        int exptag;
-                        p = *in;
-                        if(tag == -1) exptag = it->utype;
-                        else exptag = tag;
-                        /* Don't care about anything other than presence of expected tag */
-                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
-                        if(!ret) {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                goto err;
-                        }
-                        if(ret == -1) return -1;
-                }
-                /* This is the old style evil hack IMPLICIT handling:
-                 * since the underlying code is expecting a tag and
-                 * class other than the one present we change the
-                 * buffer temporarily then change it back afterwards.
-                 * This doesn't and never did work for tags > 30.
-                 *
-                 * Yes this is *horrible* but it is only needed for
-                 * old style d2i which will hopefully not be around
-                 * for much longer.
-                 * FIXME: should copy the buffer then modify it so
-                 * the input buffer can be const: we should *always*
-                 * copy because the old style d2i might modify the
-                 * buffer.
-                 */
-
-                if(tag != -1) {
-                        p = *in;
-                        imphack = *p;
-                        *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
-                }
-
-                ptmpval = cf->asn1_d2i(pval, in, len);
-
-                if(tag != -1) *p = imphack;
-
-                if(ptmpval) return 1;
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-
-
-                case ASN1_ITYPE_CHOICE:
-                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-                                goto auxerr;
-
-                /* Allocate structure */
-                if(!*pval) {
-                        if(!ASN1_item_ex_new(pval, it)) {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                goto err;
-                        }
-                }
-                /* CHOICE type, try each possibility in turn */
-                pchval = NULL;
-                p = *in;
-                for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
-                        pchptr = asn1_get_field_ptr(pval, tt);
-                        /* We mark field as OPTIONAL so its absence
-                         * can be recognised.
-                         */
-                        ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
-                        /* If field not present, try the next one */
-                        if(ret == -1) continue;
-                        /* If positive return, read OK, break loop */
-                        if(ret > 0) break;
-                        /* Otherwise must be an ASN1 parsing error */
-                        errtt = tt;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        goto err;
-                }
-                /* Did we fall off the end without reading anything? */
-                if(i == it->tcount) {
-                        /* If OPTIONAL, this is OK */
-                        if(opt) {
-                                /* Free and zero it */
-                                ASN1_item_ex_free(pval, it);
-                                return -1;
-                        }
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
-                        goto err;
-                }
-                asn1_set_choice_selector(pval, i, it);
-                *in = p;
-                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
-                                goto auxerr;
-                return 1;
-
-                case ASN1_ITYPE_SEQUENCE:
-                p = *in;
-                tmplen = len;
-
-                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-                if(tag == -1) {
-                        tag = V_ASN1_SEQUENCE;
-                        aclass = V_ASN1_UNIVERSAL;
-                }
-                /* Get SEQUENCE length and update len, p */
-                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        goto err;
-                } else if(ret == -1) return -1;
-                if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
-                        len = tmplen - (p - *in);
-                        seq_nolen = 1;
-                } else seq_nolen = seq_eoc;     /* If indefinite we don't do a length check */
-                if(!cst) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
-                        goto err;
-                }
-
-                if(!*pval) {
-                        if(!ASN1_item_ex_new(pval, it)) {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                goto err;
-                        }
-                }
-                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-                                goto auxerr;
-
-                /* Get each field entry */
-                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-                        const ASN1_TEMPLATE *seqtt;
-                        ASN1_VALUE **pseqval;
-                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if(!seqtt) goto err;
-                        pseqval = asn1_get_field_ptr(pval, seqtt);
-                        /* Have we ran out of data? */
-                        if(!len) break;
-                        q = p;
-                        if(asn1_check_eoc(&p, len)) {
-                                if(!seq_eoc) {
-                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
-                                        goto err;
-                                }
-                                len -= p - q;
-                                seq_eoc = 0;
-                                q = p;
-                                break;
-                        }
-                        /* This determines the OPTIONAL flag value. The field cannot
-                         * be omitted if it is the last of a SEQUENCE and there is
-                         * still data to be read. This isn't strictly necessary but
-                         * it increases efficiency in some cases.
-                         */
-                        if(i == (it->tcount - 1)) isopt = 0;
-                        else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
-                        /* attempt to read in field, allowing each to be OPTIONAL */
-                        ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
-                        if(!ret) {
-                                errtt = seqtt;
-                                goto err;
-                        } else if(ret == -1) {
-                                /* OPTIONAL component absent. Free and zero the field
-                                 */
-                                ASN1_template_free(pseqval, seqtt);
-                                continue;
-                        }
-                        /* Update length */
-                        len -= p - q;
-                }
-                /* Check for EOC if expecting one */
-                if(seq_eoc && !asn1_check_eoc(&p, len)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
-                        goto err;
-                }
-                /* Check all data read */
-                if(!seq_nolen && len) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
-                        goto err;
-                }
-
-                /* If we get here we've got no more data in the SEQUENCE,
-                 * however we may not have read all fields so check all
-                 * remaining are OPTIONAL and clear any that are.
-                 */
-                for(; i < it->tcount; tt++, i++) {
-                        const ASN1_TEMPLATE *seqtt;
-                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if(!seqtt) goto err;
-                        if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
-                                ASN1_VALUE **pseqval;
-                                pseqval = asn1_get_field_ptr(pval, seqtt);
-                                ASN1_template_free(pseqval, seqtt);
-                        } else {
-                                errtt = seqtt;
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
-                                goto err;
-                        }
-                }
-                /* Save encoding */
-                if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
-                *in = p;
-                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
-                                goto auxerr;
-                return 1;
-
-                default:
-                return 0;
-        }
-        auxerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
-        err:
-        ASN1_item_ex_free(pval, it);
-        if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
-        else ERR_add_error_data(2, "Type=", it->sname);
-        return 0;
-}
-
-/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
- * rest.
- */
-
-static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
-{
-        int flags, aclass;
-        int ret;
-        long len;
-        unsigned char *p, *q;
-        char exp_eoc;
-        if(!val) return 0;
-        flags = tt->flags;
-        aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-        p = *in;
-
-        /* Check if EXPLICIT tag expected */
-        if(flags & ASN1_TFLG_EXPTAG) {
-                char cst;
-                /* Need to work out amount of data available to the inner content and where it
-                 * starts: so read in EXPLICIT header to get the info.
-                 */
-                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
-                q = p;
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                } else if(ret == -1) return -1;
-                if(!cst) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
-                        return 0;
-                }
-                /* We've found the field so it can't be OPTIONAL now */
-                ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                }
-                /* We read the field in OK so update length */
-                len -= p - q;
-                if(exp_eoc) {
-                        /* If NDEF we must have an EOC here */
-                        if(!asn1_check_eoc(&p, len)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
-                                goto err;
-                        }
-                } else {
-                        /* Otherwise we must hit the EXPLICIT tag end or its an error */
-                        if(len) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-                                goto err;
-                        }
-                }
-        } else 
-                return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
-
-        *in = p;
-        return 1;
-
-        err:
-        ASN1_template_free(val, tt);
-        *val = NULL;
-        return 0;
-}
-
-static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
-{
-        int flags, aclass;
-        int ret;
-        unsigned char *p, *q;
-        if(!val) return 0;
-        flags = tt->flags;
-        aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-        p = *in;
-        q = p;
-
-        if(flags & ASN1_TFLG_SK_MASK) {
-                /* SET OF, SEQUENCE OF */
-                int sktag, skaclass;
-                char sk_eoc;
-                /* First work out expected inner tag value */
-                if(flags & ASN1_TFLG_IMPTAG) {
-                        sktag = tt->tag;
-                        skaclass = aclass;
-                } else {
-                        skaclass = V_ASN1_UNIVERSAL;
-                        if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
-                        else sktag = V_ASN1_SEQUENCE;
-                }
-                /* Get the tag */
-                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                } else if(ret == -1) return -1;
-                if(!*val) *val = (ASN1_VALUE *)sk_new_null();
-                else {
-                        /* We've got a valid STACK: free up any items present */
-                        STACK *sktmp = (STACK *)*val;
-                        ASN1_VALUE *vtmp;
-                        while(sk_num(sktmp) > 0) {
-                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
-                                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
-                        }
-                }
-                                
-                if(!*val) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                /* Read as many items as we can */
-                while(len > 0) {
-                        ASN1_VALUE *skfield;
-                        q = p;
-                        /* See if EOC found */
-                        if(asn1_check_eoc(&p, len)) {
-                                if(!sk_eoc) {
-                                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
-                                        goto err;
-                                }
-                                len -= p - q;
-                                sk_eoc = 0;
-                                break;
-                        }
-                        skfield = NULL;
-                        if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                goto err;
-                        }
-                        len -= p - q;
-                        if(!sk_push((STACK *)*val, (char *)skfield)) {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                }
-                if(sk_eoc) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
-                        goto err;
-                }
-        } else if(flags & ASN1_TFLG_IMPTAG) {
-                /* IMPLICIT tagging */
-                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        goto err;
-                } else if(ret == -1) return -1;
-        } else {
-                /* Nothing special */
-                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        goto err;
-                } else if(ret == -1) return -1;
-        }
-
-        *in = p;
-        return 1;
-
-        err:
-        ASN1_template_free(val, tt);
-        *val = NULL;
-        return 0;
-}
-
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
-                                                const ASN1_ITEM *it,
-                                                int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-        int ret = 0, utype;
-        long plen;
-        char cst, inf, free_cont = 0;
-        unsigned char *p;
-        BUF_MEM buf;
-        unsigned char *cont = NULL;
-        long len; 
-        if(!pval) {
-                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
-                return 0; /* Should never happen */
-        }
-
-        if(it->itype == ASN1_ITYPE_MSTRING) {
-                utype = tag;
-                tag = -1;
-        } else utype = it->utype;
-
-        if(utype == V_ASN1_ANY) {
-                /* If type is ANY need to figure out type from tag */
-                unsigned char oclass;
-                if(tag >= 0) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
-                        return 0;
-                }
-                if(opt) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
-                        return 0;
-                }
-                p = *in;
-                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
-                if(!ret) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                }
-                if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
-        }
-        if(tag == -1) {
-                tag = utype;
-                aclass = V_ASN1_UNIVERSAL;
-        }
-        p = *in;
-        /* Check header */
-        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
-        if(!ret) {
-                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-                return 0;
-        } else if(ret == -1) return -1;
-
-        ret = 0;
-        /* SEQUENCE, SET and "OTHER" are left in encoded form */
-        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
-                /* Clear context cache for type OTHER because the auto clear when
-                 * we have a exact match wont work
-                 */
-                if(utype == V_ASN1_OTHER) {
-                        asn1_tlc_clear(ctx);
-                /* SEQUENCE and SET must be constructed */
-                } else if(!cst) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
-                        return 0;
-                }
-
-                cont = *in;
-                /* If indefinite length constructed find the real end */
-                if(inf) {
-                        if(!asn1_find_end(&p, plen, inf)) goto err;
-                        len = p - cont;
-                } else {
-                        len = p - cont + plen;
-                        p += plen;
-                        buf.data = NULL;
-                }
-        } else if(cst) {
-                buf.length = 0;
-                buf.max = 0;
-                buf.data = NULL;
-                /* Should really check the internal tags are correct but
-                 * some things may get this wrong. The relevant specs
-                 * say that constructed string types should be OCTET STRINGs
-                 * internally irrespective of the type. So instead just check
-                 * for UNIVERSAL class and ignore the tag.
-                 */
-                if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
-                len = buf.length;
-                /* Append a final null to string */
-                if(!BUF_MEM_grow_clean(&buf, len + 1)) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                buf.data[len] = 0;
-                cont = (unsigned char *)buf.data;
-                free_cont = 1;
-        } else {
-                cont = p;
-                len = plen;
-                p += plen;
-        }
-
-        /* We now have content length and type: translate into a structure */
-        if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
-
-        *in = p;
-        ret = 1;
-        err:
-        if(free_cont && buf.data) OPENSSL_free(buf.data);
-        return ret;
-}
-
-/* Translate ASN1 content octets into a structure */
-
-int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-{
-        ASN1_VALUE **opval = NULL;
-        ASN1_STRING *stmp;
-        ASN1_TYPE *typ = NULL;
-        int ret = 0;
-        const ASN1_PRIMITIVE_FUNCS *pf;
-        ASN1_INTEGER **tint;
-        pf = it->funcs;
-        if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
-        /* If ANY type clear type and set pointer to internal value */
-        if(it->utype == V_ASN1_ANY) {
-                if(!*pval) {
-                        typ = ASN1_TYPE_new();
-                        *pval = (ASN1_VALUE *)typ;
-                } else typ = (ASN1_TYPE *)*pval;
-                if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
-                opval = pval;
-                pval = (ASN1_VALUE **)&typ->value.ptr;
-        }
-        switch(utype) {
-                case V_ASN1_OBJECT:
-                if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
-                break;
-
-                case V_ASN1_NULL:
-                if(len) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
-                        goto err;
-                }
-                *pval = (ASN1_VALUE *)1;
-                break;
-
-                case V_ASN1_BOOLEAN:
-                if(len != 1) {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-                        goto err;
-                } else {
-                        ASN1_BOOLEAN *tbool;
-                        tbool = (ASN1_BOOLEAN *)pval;
-                        *tbool = *cont;
-                }
-                break;
-
-                case V_ASN1_BIT_STRING:
-                if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
-                break;
-
-                case V_ASN1_INTEGER:
-                case V_ASN1_NEG_INTEGER:
-                case V_ASN1_ENUMERATED:
-                case V_ASN1_NEG_ENUMERATED:
-                tint = (ASN1_INTEGER **)pval;
-                if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
-                /* Fixup type to match the expected form */
-                (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
-                break;
-
-                case V_ASN1_OCTET_STRING:
-                case V_ASN1_NUMERICSTRING:
-                case V_ASN1_PRINTABLESTRING:
-                case V_ASN1_T61STRING:
-                case V_ASN1_VIDEOTEXSTRING:
-                case V_ASN1_IA5STRING:
-                case V_ASN1_UTCTIME:
-                case V_ASN1_GENERALIZEDTIME:
-                case V_ASN1_GRAPHICSTRING:
-                case V_ASN1_VISIBLESTRING:
-                case V_ASN1_GENERALSTRING:
-                case V_ASN1_UNIVERSALSTRING:
-                case V_ASN1_BMPSTRING:
-                case V_ASN1_UTF8STRING:
-                case V_ASN1_OTHER:
-                case V_ASN1_SET:
-                case V_ASN1_SEQUENCE:
-                default:
-                /* All based on ASN1_STRING and handled the same */
-                if(!*pval) {
-                        stmp = ASN1_STRING_type_new(utype);
-                        if(!stmp) {
-                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                        *pval = (ASN1_VALUE *)stmp;
-                } else {
-                        stmp = (ASN1_STRING *)*pval;
-                        stmp->type = utype;
-                }
-                /* If we've already allocated a buffer use it */
-                if(*free_cont) {
-                        if(stmp->data) OPENSSL_free(stmp->data);
-                        stmp->data = cont;
-                        stmp->length = len;
-                        *free_cont = 0;
-                } else {
-                        if(!ASN1_STRING_set(stmp, cont, len)) {
-                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                                ASN1_STRING_free(stmp); 
-                                *pval = NULL;
-                                goto err;
-                        }
-                }
-                break;
-        }
-        /* If ASN1_ANY and NULL type fix up value */
-        if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
-
-        ret = 1;
-        err:
-        if(!ret)
-                {
-                ASN1_TYPE_free(typ);
-                if (opval)
-                        *opval = NULL;
-                }
-        return ret;
-}
-
-/* This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content.
- * This is more efficient than calling asn1_collect because it does not
- * recurse on each indefinite length header.
- */
-
-static int asn1_find_end(unsigned char **in, long len, char inf)
-        {
-        int expected_eoc;
-        long plen;
-        unsigned char *p = *in, *q;
-        /* If not indefinite length constructed just add length */
-        if (inf == 0)
-                {
-                *in += len;
-                return 1;
-                }
-        expected_eoc = 1;
-        /* Indefinite length constructed form. Find the end when enough EOCs
-         * are found. If more indefinite length constructed headers
-         * are encountered increment the expected eoc count otherwise justi
-         * skip to the end of the data.
-         */
-        while (len > 0)
-                {
-                if(asn1_check_eoc(&p, len))
-                        {
-                        expected_eoc--;
-                        if (expected_eoc == 0)
-                                break;
-                        len -= 2;
-                        continue;
-                        }
-                q = p;
-                /* Just read in a header: only care about the length */
-                if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
-                                -1, 0, 0, NULL))
-                        {
-                        ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                        }
-                if (inf)
-                        expected_eoc++;
-                else
-                        p += plen;
-                len -= p - q;
-                }
-        if (expected_eoc)
-                {
-                ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
-                return 0;
-                }
-        *in = p;
-        return 1;
-        }
-
-/* This function collects the asn1 data from a constructred string
- * type into a buffer. The values of 'in' and 'len' should refer
- * to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length.
- */
-
-static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
-{
-        unsigned char *p, *q;
-        long plen;
-        char cst, ininf;
-        p = *in;
-        inf &= 1;
-        while(len > 0) {
-                q = p;
-                /* Check for EOC */
-                if(asn1_check_eoc(&p, len)) {
-                        /* EOC is illegal outside indefinite length constructed form */
-                        if(!inf) {
-                                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
-                                return 0;
-                        }
-                        inf = 0;
-                        break;
-                }
-                if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
-                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
-                        return 0;
-                }
-                /* If indefinite length constructed update max length */
-                if(cst) {
-#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
-                        if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
-                                return 0;
-#else
-                        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
-                        return 0;
-#endif
-                } else {
-                        if(plen && !collect_data(buf, &p, plen)) return 0;
-                }
-                len -= p - q;
-        }
-        if(inf) {
-                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
-                return 0;
-        }
-        *in = p;
-        return 1;
-}
-
-static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
-{
-                int len;
-                if(buf) {
-                        len = buf->length;
-                        if(!BUF_MEM_grow_clean(buf, len + plen)) {
-                                ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-                                return 0;
-                        }
-                        memcpy(buf->data + len, *p, plen);
-                }
-                *p += plen;
-                return 1;
-}
-
-/* Check for ASN1 EOC and swallow it if found */
-
-static int asn1_check_eoc(unsigned char **in, long len)
-{
-        unsigned char *p;
-        if(len < 2) return 0;
-        p = *in;
-        if(!p[0] && !p[1]) {
-                *in += 2;
-                return 1;
-        }
-        return 0;
-}
-
-/* Check an ASN1 tag and length: a bit like ASN1_get_object
- * but it sets the length for indefinite length constructed
- * form, we don't know the exact length but we can set an
- * upper bound to the amount of data available minus the
- * header length just read.
- */
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
-                unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
-{
-        int i;
-        int ptag, pclass;
-        long plen;
-        unsigned char *p, *q;
-        p = *in;
-        q = p;
-
-        if(ctx && ctx->valid) {
-                i = ctx->ret;
-                plen = ctx->plen;
-                pclass = ctx->pclass;
-                ptag = ctx->ptag;
-                p += ctx->hdrlen;
-        } else {
-                i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
-                if(ctx) {
-                        ctx->ret = i;
-                        ctx->plen = plen;
-                        ctx->pclass = pclass;
-                        ctx->ptag = ptag;
-                        ctx->hdrlen = p - q;
-                        ctx->valid = 1;
-                        /* If definite length, and no error, length +
-                         * header can't exceed total amount of data available. 
-                         */
-                        if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
-                                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
-                                asn1_tlc_clear(ctx);
-                                return 0;
-                        }
-                }
-        }
-
-        if(i & 0x80) {
-                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
-                asn1_tlc_clear(ctx);
-                return 0;
-        }
-        if(exptag >= 0) {
-                if((exptag != ptag) || (expclass != pclass)) {
-                        /* If type is OPTIONAL, not an error, but indicate missing
-                         * type.
-                         */
-                        if(opt) return -1;
-                        asn1_tlc_clear(ctx);
-                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
-                        return 0;
-                }
-                /* We have a tag and class match, so assume we are going to do something with it */
-                asn1_tlc_clear(ctx);
-        }
-
-        if(i & 1) plen = len - (p - q);
-
-        if(inf) *inf = i & 1;
-
-        if(cst) *cst = i & V_ASN1_CONSTRUCTED;
-
-        if(olen) *olen = plen;
-        if(oclass) *oclass = pclass;
-        if(otag) *otag = ptag;
-
-        *in = p;
-        return 1;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
deleted file mode 100644
index c675c3c832..0000000000
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ /dev/null
@@ -1,500 +0,0 @@
-/* tasn_enc.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
-
-/* Encode an ASN1 item, this is compatible with the
- * standard 'i2d' function. 'out' points to 
- * a buffer to output the data to, in future we will
- * have more advanced versions that can output data
- * a piece at a time and this will simply be a special
- * case.
- *
- * The new i2d has one additional feature. If the output
- * buffer is NULL (i.e. *out == NULL) then a buffer is
- * allocated and populated with the encoding.
- */
-
-
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-{
-        if(out && !*out) {
-                unsigned char *p, *buf;
-                int len;
-                len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
-                if(len <= 0) return len;
-                buf = OPENSSL_malloc(len);
-                if(!buf) return -1;
-                p = buf;
-                ASN1_item_ex_i2d(&val, &p, it, -1, 0);
-                *out = buf;
-                return len;
-        }
-                
-        return ASN1_item_ex_i2d(&val, out, it, -1, 0);
-}
-
-/* Encode an item, taking care of IMPLICIT tagging (if any).
- * This function performs the normal item handling: it can be
- * used in external types.
- */
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-{
-        const ASN1_TEMPLATE *tt = NULL;
-        unsigned char *p = NULL;
-        int i, seqcontlen, seqlen;
-        ASN1_STRING *strtmp;
-        const ASN1_COMPAT_FUNCS *cf;
-        const ASN1_EXTERN_FUNCS *ef;
-        const ASN1_AUX *aux = it->funcs;
-        ASN1_aux_cb *asn1_cb;
-        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
-        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-        else asn1_cb = 0;
-
-        switch(it->itype) {
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates)
-                        return ASN1_template_i2d(pval, out, it->templates);
-                return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                strtmp = (ASN1_STRING *)*pval;
-                return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
-
-                case ASN1_ITYPE_CHOICE:
-                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
-                                return 0;
-                i = asn1_get_choice_selector(pval, it);
-                if((i >= 0) && (i < it->tcount)) {
-                        ASN1_VALUE **pchval;
-                        const ASN1_TEMPLATE *chtt;
-                        chtt = it->templates + i;
-                        pchval = asn1_get_field_ptr(pval, chtt);
-                        return ASN1_template_i2d(pchval, out, chtt);
-                } 
-                /* Fixme: error condition if selector out of range */
-                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
-                                return 0;
-                break;
-
-                case ASN1_ITYPE_EXTERN:
-                /* If new style i2d it does all the work */
-                ef = it->funcs;
-                return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
-
-                case ASN1_ITYPE_COMPAT:
-                /* old style hackery... */
-                cf = it->funcs;
-                if(out) p = *out;
-                i = cf->asn1_i2d(*pval, out);
-                /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
-                 * but so did the old code. Tags > 30 are very rare anyway.
-                 */
-                if(out && (tag != -1))
-                        *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
-                return i;
-                
-                case ASN1_ITYPE_SEQUENCE:
-                i = asn1_enc_restore(&seqcontlen, out, pval, it);
-                /* An error occurred */
-                if(i < 0) return 0;
-                /* We have a valid cached encoding... */
-                if(i > 0) return seqcontlen;
-                /* Otherwise carry on */
-                seqcontlen = 0;
-                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-                if(tag == -1) {
-                        tag = V_ASN1_SEQUENCE;
-                        aclass = V_ASN1_UNIVERSAL;
-                }
-                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
-                                return 0;
-                /* First work out sequence content length */
-                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        const ASN1_TEMPLATE *seqtt;
-                        ASN1_VALUE **pseqval;
-                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if(!seqtt) return 0;
-                        pseqval = asn1_get_field_ptr(pval, seqtt);
-                        /* FIXME: check for errors in enhanced version */
-                        /* FIXME: special handling of indefinite length encoding */
-                        seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
-                }
-                seqlen = ASN1_object_size(1, seqcontlen, tag);
-                if(!out) return seqlen;
-                /* Output SEQUENCE header */
-                ASN1_put_object(out, 1, seqcontlen, tag, aclass);
-                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        const ASN1_TEMPLATE *seqtt;
-                        ASN1_VALUE **pseqval;
-                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if(!seqtt) return 0;
-                        pseqval = asn1_get_field_ptr(pval, seqtt);
-                        /* FIXME: check for errors in enhanced version */
-                        ASN1_template_i2d(pseqval, out, seqtt);
-                }
-                if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
-                                return 0;
-                return seqlen;
-
-                default:
-                return 0;
-        }
-        return 0;
-}
-
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
-{
-        int i, ret, flags, aclass;
-        flags = tt->flags;
-        aclass = flags & ASN1_TFLG_TAG_CLASS;
-        if(flags & ASN1_TFLG_SK_MASK) {
-                /* SET OF, SEQUENCE OF */
-                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-                int isset, sktag, skaclass;
-                int skcontlen, sklen;
-                ASN1_VALUE *skitem;
-                if(!*pval) return 0;
-                if(flags & ASN1_TFLG_SET_OF) {
-                        isset = 1;
-                        /* 2 means we reorder */
-                        if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
-                } else isset = 0;
-                /* First work out inner tag value */
-                if(flags & ASN1_TFLG_IMPTAG) {
-                        sktag = tt->tag;
-                        skaclass = aclass;
-                } else {
-                        skaclass = V_ASN1_UNIVERSAL;
-                        if(isset) sktag = V_ASN1_SET;
-                        else sktag = V_ASN1_SEQUENCE;
-                }
-                /* Now work out length of items */
-                skcontlen = 0;
-                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                        skitem = sk_ASN1_VALUE_value(sk, i);
-                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
-                }
-                sklen = ASN1_object_size(1, skcontlen, sktag);
-                /* If EXPLICIT need length of surrounding tag */
-                if(flags & ASN1_TFLG_EXPTAG)
-                        ret = ASN1_object_size(1, sklen, tt->tag);
-                else ret = sklen;
-
-                if(!out) return ret;
-
-                /* Now encode this lot... */
-                /* EXPLICIT tag */
-                if(flags & ASN1_TFLG_EXPTAG)
-                        ASN1_put_object(out, 1, sklen, tt->tag, aclass);
-                /* SET or SEQUENCE and IMPLICIT tag */
-                ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
-                /* And finally the stuff itself */
-                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
-
-                return ret;
-        }
-                        
-        if(flags & ASN1_TFLG_EXPTAG) {
-                /* EXPLICIT tagging */
-                /* Find length of tagged item */
-                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
-                if(!i) return 0;
-                /* Find length of EXPLICIT tag */
-                ret = ASN1_object_size(1, i, tt->tag);
-                if(out) {
-                        /* Output tag and item */
-                        ASN1_put_object(out, 1, i, tt->tag, aclass);
-                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
-                }
-                return ret;
-        }
-        if(flags & ASN1_TFLG_IMPTAG) {
-                /* IMPLICIT tagging */
-                return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
-        }
-        /* Nothing special: treat as normal */
-        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
-}
-
-/* Temporary structure used to hold DER encoding of items for SET OF */
-
-typedef struct {
-        unsigned char *data;
-        int length;
-        ASN1_VALUE *field;
-} DER_ENC;
-
-static int der_cmp(const void *a, const void *b)
-{
-        const DER_ENC *d1 = a, *d2 = b;
-        int cmplen, i;
-        cmplen = (d1->length < d2->length) ? d1->length : d2->length;
-        i = memcmp(d1->data, d2->data, cmplen);
-        if(i) return i;
-        return d1->length - d2->length;
-}
-
-/* Output the content octets of SET OF or SEQUENCE OF */
-
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
-{
-        int i;
-        ASN1_VALUE *skitem;
-        unsigned char *tmpdat = NULL, *p = NULL;
-        DER_ENC *derlst = NULL, *tder;
-        if(do_sort) {
-                /* Don't need to sort less than 2 items */
-                if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
-                else {
-                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
-                        tmpdat = OPENSSL_malloc(skcontlen);
-                        if(!derlst || !tmpdat) return 0;
-                }
-        }
-        /* If not sorting just output each item */
-        if(!do_sort) {
-                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                        skitem = sk_ASN1_VALUE_value(sk, i);
-                        ASN1_item_i2d(skitem, out, item);
-                }
-                return 1;
-        }
-        p = tmpdat;
-        /* Doing sort: build up a list of each member's DER encoding */
-        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-                skitem = sk_ASN1_VALUE_value(sk, i);
-                tder->data = p;
-                tder->length = ASN1_item_i2d(skitem, &p, item);
-                tder->field = skitem;
-        }
-        /* Now sort them */
-        qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
-        /* Output sorted DER encoding */        
-        p = *out;
-        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-                memcpy(p, tder->data, tder->length);
-                p += tder->length;
-        }
-        *out = p;
-        /* If do_sort is 2 then reorder the STACK */
-        if(do_sort == 2) {
-                for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-                        sk_ASN1_VALUE_set(sk, i, tder->field);
-        }
-        OPENSSL_free(derlst);
-        OPENSSL_free(tmpdat);
-        return 1;
-}
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-{
-        int len;
-        int utype;
-        int usetag;
-
-        utype = it->utype;
-
-        /* Get length of content octets and maybe find
-         * out the underlying type.
-         */
-
-        len = asn1_ex_i2c(pval, NULL, &utype, it);
-
-        /* If SEQUENCE, SET or OTHER then header is
-         * included in pseudo content octets so don't
-         * include tag+length. We need to check here
-         * because the call to asn1_ex_i2c() could change
-         * utype.
-         */
-        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
-           (utype == V_ASN1_OTHER))
-                usetag = 0;
-        else usetag = 1;
-
-        /* -1 means omit type */
-
-        if(len == -1) return 0;
-
-        /* If not implicitly tagged get tag from underlying type */
-        if(tag == -1) tag = utype;
-
-        /* Output tag+length followed by content octets */
-        if(out) {
-                if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
-                asn1_ex_i2c(pval, *out, &utype, it);
-                *out += len;
-        }
-
-        if(usetag) return ASN1_object_size(0, len, tag);
-        return len;
-}
-
-/* Produce content octets from a structure */
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
-{
-        ASN1_BOOLEAN *tbool = NULL;
-        ASN1_STRING *strtmp;
-        ASN1_OBJECT *otmp;
-        int utype;
-        unsigned char *cont, c;
-        int len;
-        const ASN1_PRIMITIVE_FUNCS *pf;
-        pf = it->funcs;
-        if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
-
-        /* Should type be omitted? */
-        if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
-                if(!*pval) return -1;
-        }
-
-        if(it->itype == ASN1_ITYPE_MSTRING) {
-                /* If MSTRING type set the underlying type */
-                strtmp = (ASN1_STRING *)*pval;
-                utype = strtmp->type;
-                *putype = utype;
-        } else if(it->utype == V_ASN1_ANY) {
-                /* If ANY set type and pointer to value */
-                ASN1_TYPE *typ;
-                typ = (ASN1_TYPE *)*pval;
-                utype = typ->type;
-                *putype = utype;
-                pval = (ASN1_VALUE **)&typ->value.ptr;
-        } else utype = *putype;
-
-        switch(utype) {
-                case V_ASN1_OBJECT:
-                otmp = (ASN1_OBJECT *)*pval;
-                cont = otmp->data;
-                len = otmp->length;
-                break;
-
-                case V_ASN1_NULL:
-                cont = NULL;
-                len = 0;
-                break;
-
-                case V_ASN1_BOOLEAN:
-                tbool = (ASN1_BOOLEAN *)pval;
-                if(*tbool == -1) return -1;
-                if (it->utype != V_ASN1_ANY)
-                        {
-                        /* Default handling if value == size field then omit */
-                        if(*tbool && (it->size > 0)) return -1;
-                        if(!*tbool && !it->size) return -1;
-                        }
-                c = (unsigned char)*tbool;
-                cont = &c;
-                len = 1;
-                break;
-
-                case V_ASN1_BIT_STRING:
-                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
-                break;
-
-                case V_ASN1_INTEGER:
-                case V_ASN1_NEG_INTEGER:
-                case V_ASN1_ENUMERATED:
-                case V_ASN1_NEG_ENUMERATED:
-                /* These are all have the same content format
-                 * as ASN1_INTEGER
-                 */
-                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
-                break;
-
-                case V_ASN1_OCTET_STRING:
-                case V_ASN1_NUMERICSTRING:
-                case V_ASN1_PRINTABLESTRING:
-                case V_ASN1_T61STRING:
-                case V_ASN1_VIDEOTEXSTRING:
-                case V_ASN1_IA5STRING:
-                case V_ASN1_UTCTIME:
-                case V_ASN1_GENERALIZEDTIME:
-                case V_ASN1_GRAPHICSTRING:
-                case V_ASN1_VISIBLESTRING:
-                case V_ASN1_GENERALSTRING:
-                case V_ASN1_UNIVERSALSTRING:
-                case V_ASN1_BMPSTRING:
-                case V_ASN1_UTF8STRING:
-                case V_ASN1_SEQUENCE:
-                case V_ASN1_SET:
-                default:
-                /* All based on ASN1_STRING and handled the same */
-                strtmp = (ASN1_STRING *)*pval;
-                cont = strtmp->data;
-                len = strtmp->length;
-
-                break;
-
-        }
-        if(cout && len) memcpy(cout, cont, len);
-        return len;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
deleted file mode 100644
index 2dd844159e..0000000000
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/* tasn_fre.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
-
-/* Free up an ASN1 structure */
-
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
-{
-        asn1_item_combine_free(&val, it, 0);
-}
-
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        asn1_item_combine_free(pval, it, 0);
-}
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-{
-        const ASN1_TEMPLATE *tt = NULL, *seqtt;
-        const ASN1_EXTERN_FUNCS *ef;
-        const ASN1_COMPAT_FUNCS *cf;
-        const ASN1_AUX *aux = it->funcs;
-        ASN1_aux_cb *asn1_cb;
-        int i;
-        if(!pval) return;
-        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
-        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-        else asn1_cb = 0;
-
-        switch(it->itype) {
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates) ASN1_template_free(pval, it->templates);
-                else ASN1_primitive_free(pval, it);
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                ASN1_primitive_free(pval, it);
-                break;
-
-                case ASN1_ITYPE_CHOICE:
-                if(asn1_cb) {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                        if(i == 2) return;
-                }
-                i = asn1_get_choice_selector(pval, it);
-                if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                if((i >= 0) && (i < it->tcount)) {
-                        ASN1_VALUE **pchval;
-                        tt = it->templates + i;
-                        pchval = asn1_get_field_ptr(pval, tt);
-                        ASN1_template_free(pchval, tt);
-                }
-                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
-                if(!combine) {
-                        OPENSSL_free(*pval);
-                        *pval = NULL;
-                }
-                break;
-
-                case ASN1_ITYPE_COMPAT:
-                cf = it->funcs;
-                if(cf && cf->asn1_free) cf->asn1_free(*pval);
-                break;
-
-                case ASN1_ITYPE_EXTERN:
-                ef = it->funcs;
-                if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
-                break;
-
-                case ASN1_ITYPE_SEQUENCE:
-                if(asn1_do_lock(pval, -1, it) > 0) return;
-                if(asn1_cb) {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                        if(i == 2) return;
-                }               
-                asn1_enc_free(pval, it);
-                /* If we free up as normal we will invalidate any
-                 * ANY DEFINED BY field and we wont be able to 
-                 * determine the type of the field it defines. So
-                 * free up in reverse order.
-                 */
-                tt = it->templates + it->tcount - 1;
-                for(i = 0; i < it->tcount; tt--, i++) {
-                        ASN1_VALUE **pseqval;
-                        seqtt = asn1_do_adb(pval, tt, 0);
-                        if(!seqtt) continue;
-                        pseqval = asn1_get_field_ptr(pval, seqtt);
-                        ASN1_template_free(pseqval, seqtt);
-                }
-                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
-                if(!combine) {
-                        OPENSSL_free(*pval);
-                        *pval = NULL;
-                }
-                break;
-        }
-}
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-{
-        int i;
-        if(tt->flags & ASN1_TFLG_SK_MASK) {
-                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                        ASN1_VALUE *vtmp;
-                        vtmp = sk_ASN1_VALUE_value(sk, i);
-                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
-                }
-                sk_ASN1_VALUE_free(sk);
-                *pval = NULL;
-        } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
-                                                tt->flags & ASN1_TFLG_COMBINE);
-}
-
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        int utype;
-        if(it) {
-                const ASN1_PRIMITIVE_FUNCS *pf;
-                pf = it->funcs;
-                if(pf && pf->prim_free) {
-                        pf->prim_free(pval, it);
-                        return;
-                }
-        }
-        /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
-        if(!it) {
-                ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
-                utype = typ->type;
-                pval = (ASN1_VALUE **)&typ->value.ptr;
-                if(!*pval) return;
-        } else if(it->itype == ASN1_ITYPE_MSTRING) {
-                utype = -1;
-                if(!*pval) return;
-        } else {
-                utype = it->utype;
-                if((utype != V_ASN1_BOOLEAN) && !*pval) return;
-        }
-
-        switch(utype) {
-                case V_ASN1_OBJECT:
-                ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
-                break;
-
-                case V_ASN1_BOOLEAN:
-                if (it)
-                        *(ASN1_BOOLEAN *)pval = it->size;
-                else
-                        *(ASN1_BOOLEAN *)pval = -1;
-                return;
-
-                case V_ASN1_NULL:
-                break;
-
-                case V_ASN1_ANY:
-                ASN1_primitive_free(pval, NULL);
-                OPENSSL_free(*pval);
-                break;
-
-                default:
-                ASN1_STRING_free((ASN1_STRING *)*pval);
-                *pval = NULL;
-                break;
-        }
-        *pval = NULL;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
deleted file mode 100644
index a0e3db574f..0000000000
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* tasn_new.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <string.h>
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
-{
-        ASN1_VALUE *ret = NULL;
-        if(ASN1_item_ex_new(&ret, it) > 0) return ret;
-        return NULL;
-}
-
-/* Allocate an ASN1 structure */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        return asn1_item_ex_combine_new(pval, it, 0);
-}
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-{
-        const ASN1_TEMPLATE *tt = NULL;
-        const ASN1_COMPAT_FUNCS *cf;
-        const ASN1_EXTERN_FUNCS *ef;
-        const ASN1_AUX *aux = it->funcs;
-        ASN1_aux_cb *asn1_cb;
-        ASN1_VALUE **pseqval;
-        int i;
-        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-        else asn1_cb = 0;
-
-        if(!combine) *pval = NULL;
-
-#ifdef CRYPTO_MDEBUG
-        if(it->sname) CRYPTO_push_info(it->sname);
-#endif
-
-        switch(it->itype) {
-
-                case ASN1_ITYPE_EXTERN:
-                ef = it->funcs;
-                if(ef && ef->asn1_ex_new) {
-                        if(!ef->asn1_ex_new(pval, it))
-                                goto memerr;
-                }
-                break;
-
-                case ASN1_ITYPE_COMPAT:
-                cf = it->funcs;
-                if(cf && cf->asn1_new) {
-                        *pval = cf->asn1_new();
-                        if(!*pval) goto memerr;
-                }
-                break;
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates) {
-                        if(!ASN1_template_new(pval, it->templates))
-                                goto memerr;
-                } else {
-                        if(!ASN1_primitive_new(pval, it))
-                                goto memerr;
-                }
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                if(!ASN1_primitive_new(pval, it))
-                                goto memerr;
-                break;
-
-                case ASN1_ITYPE_CHOICE:
-                if(asn1_cb) {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-                        if(!i) goto auxerr;
-                        if(i==2) {
-#ifdef CRYPTO_MDEBUG
-                                if(it->sname) CRYPTO_pop_info();
-#endif
-                                return 1;
-                        }
-                }
-                if(!combine) {
-                        *pval = OPENSSL_malloc(it->size);
-                        if(!*pval) goto memerr;
-                        memset(*pval, 0, it->size);
-                }
-                asn1_set_choice_selector(pval, -1, it);
-                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
-                                goto auxerr;
-                break;
-
-                case ASN1_ITYPE_SEQUENCE:
-                if(asn1_cb) {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-                        if(!i) goto auxerr;
-                        if(i==2) {
-#ifdef CRYPTO_MDEBUG
-                                if(it->sname) CRYPTO_pop_info();
-#endif
-                                return 1;
-                        }
-                }
-                if(!combine) {
-                        *pval = OPENSSL_malloc(it->size);
-                        if(!*pval) goto memerr;
-                        memset(*pval, 0, it->size);
-                        asn1_do_lock(pval, 0, it);
-                        asn1_enc_init(pval, it);
-                }
-                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        pseqval = asn1_get_field_ptr(pval, tt);
-                        if(!ASN1_template_new(pseqval, tt)) goto memerr;
-                }
-                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
-                                goto auxerr;
-                break;
-        }
-#ifdef CRYPTO_MDEBUG
-        if(it->sname) CRYPTO_pop_info();
-#endif
-        return 1;
-
-        memerr:
-        ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
-#ifdef CRYPTO_MDEBUG
-        if(it->sname) CRYPTO_pop_info();
-#endif
-        return 0;
-
-        auxerr:
-        ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
-        ASN1_item_ex_free(pval, it);
-#ifdef CRYPTO_MDEBUG
-        if(it->sname) CRYPTO_pop_info();
-#endif
-        return 0;
-
-}
-
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        const ASN1_EXTERN_FUNCS *ef;
-
-        switch(it->itype) {
-
-                case ASN1_ITYPE_EXTERN:
-                ef = it->funcs;
-                if(ef && ef->asn1_ex_clear) 
-                        ef->asn1_ex_clear(pval, it);
-                else *pval = NULL;
-                break;
-
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates) 
-                        asn1_template_clear(pval, it->templates);
-                else
-                        asn1_primitive_clear(pval, it);
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                asn1_primitive_clear(pval, it);
-                break;
-
-                case ASN1_ITYPE_COMPAT:
-                case ASN1_ITYPE_CHOICE:
-                case ASN1_ITYPE_SEQUENCE:
-                *pval = NULL;
-                break;
-        }
-}
-
-
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-{
-        const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
-        int ret;
-        if(tt->flags & ASN1_TFLG_OPTIONAL) {
-                asn1_template_clear(pval, tt);
-                return 1;
-        }
-        /* If ANY DEFINED BY nothing to do */
-
-        if(tt->flags & ASN1_TFLG_ADB_MASK) {
-                *pval = NULL;
-                return 1;
-        }
-#ifdef CRYPTO_MDEBUG
-        if(tt->field_name) CRYPTO_push_info(tt->field_name);
-#endif
-        /* If SET OF or SEQUENCE OF, its a STACK */
-        if(tt->flags & ASN1_TFLG_SK_MASK) {
-                STACK_OF(ASN1_VALUE) *skval;
-                skval = sk_ASN1_VALUE_new_null();
-                if(!skval) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
-                        ret = 0;
-                        goto done;
-                }
-                *pval = (ASN1_VALUE *)skval;
-                ret = 1;
-                goto done;
-        }
-        /* Otherwise pass it back to the item routine */
-        ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
-        done:
-#ifdef CRYPTO_MDEBUG
-        if(it->sname) CRYPTO_pop_info();
-#endif
-        return ret;
-}
-
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-{
-        /* If ADB or STACK just NULL the field */
-        if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
-                *pval = NULL;
-        else
-                asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
-}
-
-
-/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
- * functions.
- */
-
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        ASN1_TYPE *typ;
-        int utype;
-        const ASN1_PRIMITIVE_FUNCS *pf;
-        pf = it->funcs;
-        if(pf && pf->prim_new) return pf->prim_new(pval, it);
-        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
-        else utype = it->utype;
-        switch(utype) {
-                case V_ASN1_OBJECT:
-                *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
-                return 1;
-
-                case V_ASN1_BOOLEAN:
-                if (it)
-                        *(ASN1_BOOLEAN *)pval = it->size;
-                else
-                        *(ASN1_BOOLEAN *)pval = -1;
-                return 1;
-
-                case V_ASN1_NULL:
-                *pval = (ASN1_VALUE *)1;
-                return 1;
-
-                case V_ASN1_ANY:
-                typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
-                if(!typ) return 0;
-                typ->value.ptr = NULL;
-                typ->type = -1;
-                *pval = (ASN1_VALUE *)typ;
-                break;
-
-                default:
-                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
-                break;
-        }
-        if(*pval) return 1;
-        return 0;
-}
-
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        int utype;
-        const ASN1_PRIMITIVE_FUNCS *pf;
-        pf = it->funcs;
-        if(pf) {
-                if(pf->prim_clear)
-                        pf->prim_clear(pval, it);
-                else 
-                        *pval = NULL;
-                return;
-        }
-        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
-        else utype = it->utype;
-        if(utype == V_ASN1_BOOLEAN)
-                *(ASN1_BOOLEAN *)pval = it->size;
-        else *pval = NULL;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
deleted file mode 100644
index 719639b511..0000000000
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/* tasn_prn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/nasn.h>
-
-/* Print routines. Print out a whole structure from a template.
- */
-
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
-
-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
-{
-        return asn1_item_print_nm(out, fld, indent, it, it->sname);
-}
-
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
-{
-        ASN1_STRING *str;
-        const ASN1_TEMPLATE *tt;
-        void *tmpfld;
-        int i;
-        if(!fld) {
-                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
-                return 1;
-        }
-        switch(it->itype) {
-
-                case ASN1_ITYPE_PRIMITIVE:
-                if(it->templates)
-                        return ASN1_template_print(out, fld, indent, it->templates);
-                return asn1_primitive_print(out, fld, it->utype, indent, name);
-                break;
-
-                case ASN1_ITYPE_MSTRING:
-                str = fld;
-                return asn1_primitive_print(out, fld, str->type, indent, name);
-
-                case ASN1_ITYPE_EXTERN:
-                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
-                return 1;
-                case ASN1_ITYPE_COMPAT:
-                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
-                return 1;
-
-
-                case ASN1_ITYPE_CHOICE:
-                /* CHOICE type, get selector */
-                i = asn1_get_choice_selector(fld, it);
-                /* This should never happen... */
-                if((i < 0) || (i >= it->tcount)) {
-                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
-                        return 1;
-                }
-                tt = it->templates + i;
-                tmpfld = asn1_get_field(fld, tt);
-                return ASN1_template_print(out, tmpfld, indent, tt);
-
-                case ASN1_ITYPE_SEQUENCE:
-                BIO_printf(out, "%*s%s {\n", indent, "", name);
-                /* Get each field entry */
-                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-                        tmpfld = asn1_get_field(fld, tt);
-                        ASN1_template_print(out, tmpfld, indent + 2, tt);
-                }
-                BIO_printf(out, "%*s}\n", indent, "");
-                return 1;
-
-                default:
-                return 0;
-        }
-}
-
-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
-{
-        int i, flags;
-#if 0
-        if(!fld) return 0; 
-#endif
-        flags = tt->flags;
-        if(flags & ASN1_TFLG_SK_MASK) {
-                char *tname;
-                void *skitem;
-                /* SET OF, SEQUENCE OF */
-                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
-                else tname = "SEQUENCE";
-                if(fld) {
-                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
-                        for(i = 0; i < sk_num(fld); i++) {
-                                skitem = sk_value(fld, i);
-                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
-                        }
-                        BIO_printf(out, "%*s}\n", indent, "");
-                } else 
-                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
-                return 1;
-        }
-        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
-}
-
-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
-{
-        ASN1_STRING *str = fld;
-        if(fld) {
-                if(utype == V_ASN1_BOOLEAN) {
-                        int *bool = fld;
-if(*bool == -1) printf("BOOL MISSING\n");
-                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
-                } else if((utype == V_ASN1_INTEGER) 
-                          || (utype == V_ASN1_ENUMERATED)) {
-                        char *s, *nm;
-                        s = i2s_ASN1_INTEGER(NULL, fld);
-                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
-                        else nm = "ENUMERATED";
-                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
-                        OPENSSL_free(s);
-                } else if(utype == V_ASN1_NULL) {
-                        BIO_printf(out, "%*s%s", indent, "", "NULL");
-                } else if(utype == V_ASN1_UTCTIME) {
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
-                        ASN1_UTCTIME_print(out, str);
-                } else if(utype == V_ASN1_GENERALIZEDTIME) {
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
-                        ASN1_GENERALIZEDTIME_print(out, str);
-                } else if(utype == V_ASN1_OBJECT) {
-                        char objbuf[80], *ln;
-                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
-                        if(!ln) ln = "";
-                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
-                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
-                } else {
-                        BIO_printf(out, "%*s%s:", indent, "", name);
-                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
-                }
-                BIO_printf(out, "\n");
-        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
-        return 1;
-}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
deleted file mode 100644
index 804d2eeba2..0000000000
--- a/src/lib/libcrypto/asn1/tasn_typ.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* tasn_typ.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Declarations for string types */
-
-
-IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_NULL)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ANY)
-
-/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
-IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-/* Multistring types */
-
-IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-
-IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-
-/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
-IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
deleted file mode 100644
index 8996ce8c13..0000000000
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* tasn_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-
-/* Utility functions for manipulating fields and offsets */
-
-/* Add 'offset' to 'addr' */
-#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
-
-/* Given an ASN1_ITEM CHOICE type return
- * the selector value
- */
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        int *sel = offset2ptr(*pval, it->utype);
-        return *sel;
-}
-
-/* Given an ASN1_ITEM CHOICE type set
- * the selector value, return old value.
- */
-
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
-{       
-        int *sel, ret;
-        sel = offset2ptr(*pval, it->utype);
-        ret = *sel;
-        *sel = value;
-        return ret;
-}
-
-/* Do reference counting. The value 'op' decides what to do. 
- * if it is +1 then the count is incremented. If op is 0 count is
- * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
- */
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
-{
-        const ASN1_AUX *aux;
-        int *lck, ret;
-        if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
-        aux = it->funcs;
-        if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
-        lck = offset2ptr(*pval, aux->ref_offset);
-        if(op == 0) {
-                *lck = 1;
-                return 1;
-        }
-        ret = CRYPTO_add(lck, op, aux->ref_lock);
-#ifdef REF_PRINT
-        fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
-#endif
-#ifdef REF_CHECK
-        if(ret < 0) 
-                fprintf(stderr, "%s, bad reference count\n", it->sname);
-#endif
-        return ret;
-}
-
-static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        const ASN1_AUX *aux;
-        if(!pval || !*pval) return NULL;
-        aux = it->funcs;
-        if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
-        return offset2ptr(*pval, aux->enc_offset);
-}
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        ASN1_ENCODING *enc;
-        enc = asn1_get_enc_ptr(pval, it);
-        if(enc) {
-                enc->enc = NULL;
-                enc->len = 0;
-                enc->modified = 1;
-        }
-}
-
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        ASN1_ENCODING *enc;
-        enc = asn1_get_enc_ptr(pval, it);
-        if(enc) {
-                if(enc->enc) OPENSSL_free(enc->enc);
-                enc->enc = NULL;
-                enc->len = 0;
-                enc->modified = 1;
-        }
-}
-
-int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
-{
-        ASN1_ENCODING *enc;
-        enc = asn1_get_enc_ptr(pval, it);
-        if(!enc) return 1;
-
-        if(enc->enc) OPENSSL_free(enc->enc);
-        enc->enc = OPENSSL_malloc(inlen);
-        if(!enc->enc) return 0;
-        memcpy(enc->enc, in, inlen);
-        enc->len = inlen;
-        enc->modified = 0;
-
-        return 1;
-}
-                
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        ASN1_ENCODING *enc;
-        enc = asn1_get_enc_ptr(pval, it);
-        if(!enc || enc->modified) return 0;
-        if(out) {
-                memcpy(*out, enc->enc, enc->len);
-                *out += enc->len;
-        }
-        if(len) *len = enc->len;
-        return 1;
-}
-
-/* Given an ASN1_TEMPLATE get a pointer to a field */
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-{
-        ASN1_VALUE **pvaltmp;
-        if(tt->flags & ASN1_TFLG_COMBINE) return pval;
-        pvaltmp = offset2ptr(*pval, tt->offset);
-        /* NOTE for BOOLEAN types the field is just a plain
-         * int so we can't return int **, so settle for
-         * (int *).
-         */
-        return pvaltmp;
-}
-
-/* Handle ANY DEFINED BY template, find the selector, look up
- * the relevant ASN1_TEMPLATE in the table and return it.
- */
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
-{
-        const ASN1_ADB *adb;
-        const ASN1_ADB_TABLE *atbl;
-        long selector;
-        ASN1_VALUE **sfld;
-        int i;
-        if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
-
-        /* Else ANY DEFINED BY ... get the table */
-        adb = ASN1_ADB_ptr(tt->item);
-
-        /* Get the selector field */
-        sfld = offset2ptr(*pval, adb->offset);
-
-        /* Check if NULL */
-        if(!sfld) {
-                if(!adb->null_tt) goto err;
-                return adb->null_tt;
-        }
-
-        /* Convert type to a long:
-         * NB: don't check for NID_undef here because it
-         * might be a legitimate value in the table
-         */
-        if(tt->flags & ASN1_TFLG_ADB_OID) 
-                selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
-        else 
-                selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
-
-        /* Try to find matching entry in table
-         * Maybe should check application types first to
-         * allow application override? Might also be useful
-         * to have a flag which indicates table is sorted and
-         * we can do a binary search. For now stick to a
-         * linear search.
-         */
-
-        for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
-                if(atbl->value == selector) return &atbl->tt;
-
-        /* FIXME: need to search application table too */
-
-        /* No match, return default type */
-        if(!adb->default_tt) goto err;          
-        return adb->default_tt;
-        
-        err:
-        /* FIXME: should log the value or OID of unsupported type */
-        if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
-        return NULL;
-}
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
deleted file mode 100644
index 00b9ea54a1..0000000000
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* x_algor.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_ALGOR) = {
-        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
-        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
-} ASN1_SEQUENCE_END(X509_ALGOR)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
-
-IMPLEMENT_STACK_OF(X509_ALGOR)
-IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
deleted file mode 100644
index 1e3713f18f..0000000000
--- a/src/lib/libcrypto/asn1/x_attrib.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/asn1/x_attrib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_ATTRIBUTE: this has the following form:
- *
- * typedef struct x509_attributes_st
- *      {
- *      ASN1_OBJECT *object;
- *      int single;
- *      union   {
- *              char            *ptr;
- *              STACK_OF(ASN1_TYPE) *set;
- *              ASN1_TYPE       *single;
- *              } value;
- *      } X509_ATTRIBUTE;
- *
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
- */
-
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
-        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
-        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
-ASN1_SEQUENCE(X509_ATTRIBUTE) = {
-        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
-        /* CHOICE type merged with parent */
-        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
-} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
-        {
-        X509_ATTRIBUTE *ret=NULL;
-        ASN1_TYPE *val=NULL;
-
-        if ((ret=X509_ATTRIBUTE_new()) == NULL)
-                return(NULL);
-        ret->object=OBJ_nid2obj(nid);
-        ret->single=0;
-        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-        if ((val=ASN1_TYPE_new()) == NULL) goto err;
-        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
-
-        ASN1_TYPE_set(val,atrtype,value);
-        return(ret);
-err:
-        if (ret != NULL) X509_ATTRIBUTE_free(ret);
-        if (val != NULL) ASN1_TYPE_free(val);
-        return(NULL);
-        }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
deleted file mode 100644
index 848c7a0877..0000000000
--- a/src/lib/libcrypto/asn1/x_bignum.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* x_bignum.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
- * BIGNUMs used are non negative and anything that looks negative is normally due
- * to an encoding error.
- */
-
-#define BN_SENSITIVE    1
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-        NULL, 0,
-        bn_new,
-        bn_free,
-        0,
-        bn_c2i,
-        bn_i2c
-};
-
-ASN1_ITEM_start(BIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
-ASN1_ITEM_end(BIGNUM)
-
-ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
-ASN1_ITEM_end(CBIGNUM)
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
-        else return 0;
-}
-
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(!*pval) return;
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-        else BN_free((BIGNUM *)*pval);
-        *pval = NULL;
-}
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
-        BIGNUM *bn;
-        int pad;
-        if(!*pval) return -1;
-        bn = (BIGNUM *)*pval;
-        /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
-        else pad = 1;
-        if(cont) {
-                if(pad) *cont++ = 0;
-                BN_bn2bin(bn, cont);
-        }
-        return pad + BN_num_bytes(bn);
-}
-
-static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-{
-        BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
-        if(!BN_bin2bn(cont, len, bn)) {
-                bn_free(pval, it);
-                return 0;
-        }
-        return 1;
-}
-
-
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
deleted file mode 100644
index b99f8fc522..0000000000
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
-
-ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
-} ASN1_SEQUENCE_END(X509_REVOKED)
-
-/* The X509_CRL_INFO structure needs a bit of customisation.
- * Since we cache the original encoding the signature wont be affected by
- * reordering of the revoked field.
- */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-
-        if(!a || !a->revoked) return 1;
-        switch(operation) {
-                /* Just set cmp function here. We don't sort because that
-                 * would affect the output of X509_CRL_print().
-                 */
-                case ASN1_OP_D2I_POST:
-                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
-                break;
-        }
-        return 1;
-}
-
-
-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
-        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
-        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
-        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
-        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
-
-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
-        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
-        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                        const X509_REVOKED * const *b)
-        {
-        return(ASN1_STRING_cmp(
-                (ASN1_STRING *)(*a)->serialNumber,
-                (ASN1_STRING *)(*b)->serialNumber));
-        }
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
-        X509_CRL_INFO *inf;
-        inf = crl->crl;
-        if(!inf->revoked)
-                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
-                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        inf->enc.modified = 1;
-        return 1;
-}
-
-IMPLEMENT_STACK_OF(X509_REVOKED)
-IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
-IMPLEMENT_STACK_OF(X509_CRL)
-IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
deleted file mode 100644
index 702421b6c8..0000000000
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* x_exten.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
-        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
deleted file mode 100644
index d44f6cdb01..0000000000
--- a/src/lib/libcrypto/asn1/x_info.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/asn1/x_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-X509_INFO *X509_INFO_new(void)
-        {
-        X509_INFO *ret=NULL;
-
-        ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
-        if (ret == NULL)
-                {
-                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
- 
-        ret->enc_cipher.cipher=NULL;
-        ret->enc_len=0;
-        ret->enc_data=NULL;
- 
-        ret->references=1;
-        ret->x509=NULL;
-        ret->crl=NULL;
-        ret->x_pkey=NULL;
-        return(ret);
-        }
-
-void X509_INFO_free(X509_INFO *x)
-        {
-        int i;
-
-        if (x == NULL) return;
-
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
-#ifdef REF_PRINT
-        REF_PRINT("X509_INFO",x);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_INFO_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        if (x->x509 != NULL) X509_free(x->x509);
-        if (x->crl != NULL) X509_CRL_free(x->crl);
-        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-        if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
-        OPENSSL_free(x);
-        }
-
-IMPLEMENT_STACK_OF(X509_INFO)
-
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
deleted file mode 100644
index c5f25956cb..0000000000
--- a/src/lib/libcrypto/asn1/x_long.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* x_long.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
- * and a long directly.
- */
-
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-static ASN1_PRIMITIVE_FUNCS long_pf = {
-        NULL, 0,
-        long_new,
-        long_free,
-        long_free,      /* Clear should set to initial value */
-        long_c2i,
-        long_i2c
-};
-
-ASN1_ITEM_start(LONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
-ASN1_ITEM_end(LONG)
-
-ASN1_ITEM_start(ZLONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
-ASN1_ITEM_end(ZLONG)
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        *(long *)pval = it->size;
-        return 1;
-}
-
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        *(long *)pval = it->size;
-}
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
-        long ltmp;
-        unsigned long utmp;
-        int clen, pad, i;
-        /* this exists to bypass broken gcc optimization */
-        char *cp = (char *)pval;
-
-        /* use memcpy, because we may not be long aligned */
-        memcpy(&ltmp, cp, sizeof(long));
-
-        if(ltmp == it->size) return -1;
-        /* Convert the long to positive: we subtract one if negative so
-         * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set. 
-         */
-        if(ltmp < 0) utmp = -ltmp - 1;
-        else utmp = ltmp;
-        clen = BN_num_bits_word(utmp);
-        /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
-        else pad = 0;
-
-        /* Convert number of bits to number of octets */
-        clen = (clen + 7) >> 3;
-
-        if(cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-                for(i = clen - 1; i >= 0; i--) {
-                        cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
-                        utmp >>= 8;
-                }
-        }
-        return clen + pad;
-}
-
-static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-{
-        int neg, i;
-        long ltmp;
-        unsigned long utmp = 0;
-        char *cp = (char *)pval;
-        if(len > sizeof(long)) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-                return 0;
-        }
-        /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
-        else neg = 0;
-        utmp = 0;
-        for(i = 0; i < len; i++) {
-                utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
-                else utmp |= cont[i];
-        }
-        ltmp = (long)utmp;
-        if(neg) {
-                ltmp++;
-                ltmp = -ltmp;
-        }
-        if(ltmp == it->size) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-                return 0;
-        }
-        memcpy(cp, &ltmp, sizeof(long));
-        return 1;
-}
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
deleted file mode 100644
index 31f3377b64..0000000000
--- a/src/lib/libcrypto/asn1/x_name.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
-
-static int x509_name_encode(X509_NAME *a);
-
-ASN1_SEQUENCE(X509_NAME_ENTRY) = {
-        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
-        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
-
-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
- * so declare two template wrappers for this
- */
-
-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
-
-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
-
-/* Normally that's where it would end: we'd have two nested STACK structures
- * representing the ASN1. Unfortunately X509_NAME uses a completely different
- * form and caches encodings so we have to process the internal form and convert
- * to the external form.
- */
-
-const ASN1_EXTERN_FUNCS x509_name_ff = {
-        NULL,
-        x509_name_ex_new,
-        x509_name_ex_free,
-        0,      /* Default clear behaviour is OK */
-        x509_name_ex_d2i,
-        x509_name_ex_i2d
-};
-
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
-{
-        X509_NAME *ret = NULL;
-        ret = OPENSSL_malloc(sizeof(X509_NAME));
-        if(!ret) goto memerr;
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-                goto memerr;
-        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
-        ret->modified=1;
-        *val = (ASN1_VALUE *)ret;
-        return 1;
-
- memerr:
-        ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
-        if (ret)
-                {
-                if (ret->entries)
-                        sk_X509_NAME_ENTRY_free(ret->entries);
-                OPENSSL_free(ret);
-                }
-        return 0;
-}
-
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        X509_NAME *a;
-        if(!pval || !*pval)
-            return;
-        a = (X509_NAME *)*pval;
-
-        BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-        OPENSSL_free(a);
-        *pval = NULL;
-}
-
-/* Used with sk_pop_free() to free up the internal representation.
- * NB: we only free the STACK and not its contents because it is
- * already present in the X509_NAME structure.
- */
-
-static void sk_internal_free(void *a)
-{
-        sk_free(a);
-}
-
-static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-        unsigned char *p = *in, *q;
-        STACK *intname = NULL, **intname_pp = &intname;
-        int i, j, ret;
-        X509_NAME *nm = NULL, **nm_pp = &nm;
-        STACK_OF(X509_NAME_ENTRY) *entries;
-        X509_NAME_ENTRY *entry;
-        q = p;
-
-        /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
-                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-                               tag, aclass, opt, ctx);
-        
-        if(ret <= 0) return ret;
-
-        if(*val) x509_name_ex_free(val, NULL);
-        if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
-        /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
-        memcpy(nm->bytes->data, q, p - q);
-
-        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_num(intname); i++) {
-                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
-                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
-                        entry = sk_X509_NAME_ENTRY_value(entries, j);
-                        entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
-                                goto err;
-                }
-                sk_X509_NAME_ENTRY_free(entries);
-        }
-        sk_free(intname);
-        nm->modified = 0;
-        *val = (ASN1_VALUE *)nm;
-        *in = p;
-        return ret;
-        err:
-        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
-        return 0;
-}
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-{
-        int ret;
-        X509_NAME *a = (X509_NAME *)*val;
-        if(a->modified) {
-                ret = x509_name_encode((X509_NAME *)a);
-                if(ret < 0) return ret;
-        }
-        ret = a->bytes->length;
-        if(out != NULL) {
-                memcpy(*out,a->bytes->data,ret);
-                *out+=ret;
-        }
-        return ret;
-}
-
-static int x509_name_encode(X509_NAME *a)
-{
-        STACK *intname = NULL, **intname_pp = &intname;
-        int len;
-        unsigned char *p;
-        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-        X509_NAME_ENTRY *entry;
-        int i, set = -1;
-        intname = sk_new_null();
-        if(!intname) goto memerr;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
-                        entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries) goto memerr;
-                        if(!sk_push(intname, (char *)entries)) goto memerr;
-                        set = entry->set;
-                }
-                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
-        }
-        len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
-                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
-        p=(unsigned char *)a->bytes->data;
-        ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
-                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        sk_pop_free(intname, sk_internal_free);
-        a->modified = 0;
-        return len;
-        memerr:
-        sk_pop_free(intname, sk_internal_free);
-        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
-        return -1;
-}
-
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
-        {
-        X509_NAME *in;
-
-        if (!xn || !name) return(0);
-
-        if (*xn != name)
-                {
-                in=X509_NAME_dup(name);
-                if (in != NULL)
-                        {
-                        X509_NAME_free(*xn);
-                        *xn=in;
-                        }
-                }
-        return(*xn != NULL);
-        }
-        
-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
deleted file mode 100644
index f1c6221ac3..0000000000
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* crypto/asn1/x_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-/* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
-        {
-        return(0);
-        }
-
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
-        {
-        int i;
-        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
-
-        ret->cipher.cipher=EVP_get_cipherbyname(
-                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
-        if (ret->cipher.cipher == NULL)
-                {
-                c.error=ASN1_R_UNSUPPORTED_CIPHER;
-                c.line=__LINE__;
-                goto err;
-                }
-        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
-                {
-                i=ret->enc_algor->parameter->value.octet_string->length;
-                if (i > EVP_MAX_IV_LENGTH)
-                        {
-                        c.error=ASN1_R_IV_TOO_LARGE;
-                        c.line=__LINE__;
-                        goto err;
-                        }
-                memcpy(ret->cipher.iv,
-                        ret->enc_algor->parameter->value.octet_string->data,i);
-                }
-        else
-                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
-        }
-
-X509_PKEY *X509_PKEY_new(void)
-        {
-        X509_PKEY *ret=NULL;
-        ASN1_CTX c;
-
-        M_ASN1_New_Malloc(ret,X509_PKEY);
-        ret->version=0;
-        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
-        ret->dec_pkey=NULL;
-        ret->key_length=0;
-        ret->key_data=NULL;
-        ret->key_free=0;
-        ret->cipher.cipher=NULL;
-        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        ret->references=1;
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
-        }
-
-void X509_PKEY_free(X509_PKEY *x)
-        {
-        int i;
-
-        if (x == NULL) return;
-
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
-#ifdef REF_PRINT
-        REF_PRINT("X509_PKEY",x);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"X509_PKEY_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
-        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-        if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
-        OPENSSL_free(x);
-        }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
deleted file mode 100644
index 7d6d71af88..0000000000
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/* crypto/asn1/x_pubkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_FREE_POST) {
-                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
-                EVP_PKEY_free(pubkey->pkey);
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
-        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
-        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
-        {
-        X509_PUBKEY *pk=NULL;
-        X509_ALGOR *a;
-        ASN1_OBJECT *o;
-        unsigned char *s,*p = NULL;
-        int i;
-
-        if (x == NULL) return(0);
-
-        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
-        a=pk->algor;
-
-        /* set the algorithm id */
-        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
-        ASN1_OBJECT_free(a->algorithm);
-        a->algorithm=o;
-
-        /* Set the parameter list */
-        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
-                {
-                if ((a->parameter == NULL) ||
-                        (a->parameter->type != V_ASN1_NULL))
-                        {
-                        ASN1_TYPE_free(a->parameter);
-                        if (!(a->parameter=ASN1_TYPE_new()))
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                }
-        else
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                unsigned char *pp;
-                DSA *dsa;
-
-                dsa=pkey->pkey.dsa;
-                dsa->write_params=0;
-                ASN1_TYPE_free(a->parameter);
-                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
-                        goto err;
-                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                pp=p;
-                i2d_DSAparams(dsa,&pp);
-                if (!(a->parameter=ASN1_TYPE_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                a->parameter->type=V_ASN1_SEQUENCE;
-                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                OPENSSL_free(p);
-                }
-        else
-#endif
-                {
-                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-                goto err;
-                }
-
-        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=s;
-        i2d_PublicKey(pkey,&p);
-        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* Set number of unused bits to zero */
-        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
-        OPENSSL_free(s);
-
-#if 0
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        pk->pkey=pkey;
-#endif
-
-        if (*x != NULL)
-                X509_PUBKEY_free(*x);
-
-        *x=pk;
-
-        return 1;
-err:
-        if (pk != NULL) X509_PUBKEY_free(pk);
-        return 0;
-        }
-
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
-        {
-        EVP_PKEY *ret=NULL;
-        long j;
-        int type;
-        unsigned char *p;
-#ifndef OPENSSL_NO_DSA
-        const unsigned char *cp;
-        X509_ALGOR *a;
-#endif
-
-        if (key == NULL) goto err;
-
-        if (key->pkey != NULL)
-            {
-            CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-            return(key->pkey);
-            }
-
-        if (key->public_key == NULL) goto err;
-
-        type=OBJ_obj2nid(key->algor->algorithm);
-        p=key->public_key->data;
-        j=key->public_key->length;
-        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
-                {
-                X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
-                goto err;
-                }
-        ret->save_parameters=0;
-
-#ifndef OPENSSL_NO_DSA
-        a=key->algor;
-        if (ret->type == EVP_PKEY_DSA)
-                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-                        {
-                        ret->pkey.dsa->write_params=0;
-                        cp=p=a->parameter->value.sequence->data;
-                        j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
-                                goto err;
-                        }
-                ret->save_parameters=1;
-                }
-#endif
-        key->pkey=ret;
-        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
-        return(ret);
-err:
-        if (ret != NULL)
-                EVP_PKEY_free(ret);
-        return(NULL);
-        }
-
-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
- * and encode or decode as X509_PUBKEY
- */
-
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
-             long length)
-{
-        X509_PUBKEY *xpk;
-        EVP_PKEY *pktmp;
-        xpk = d2i_X509_PUBKEY(NULL, pp, length);
-        if(!xpk) return NULL;
-        pktmp = X509_PUBKEY_get(xpk);
-        X509_PUBKEY_free(xpk);
-        if(!pktmp) return NULL;
-        if(a) {
-                EVP_PKEY_free(*a);
-                *a = pktmp;
-        }
-        return pktmp;
-}
-
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-{
-        X509_PUBKEY *xpk=NULL;
-        int ret;
-        if(!a) return 0;
-        if(!X509_PUBKEY_set(&xpk, a)) return 0;
-        ret = i2d_X509_PUBKEY(xpk, pp);
-        X509_PUBKEY_free(xpk);
-        return ret;
-}
-
-/* The following are equivalents but which return RSA and DSA
- * keys
- */
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
-             long length)
-{
-        EVP_PKEY *pkey;
-        RSA *key;
-        unsigned char *q;
-        q = *pp;
-        pkey = d2i_PUBKEY(NULL, &q, length);
-        if(!pkey) return NULL;
-        key = EVP_PKEY_get1_RSA(pkey);
-        EVP_PKEY_free(pkey);
-        if(!key) return NULL;
-        *pp = q;
-        if(a) {
-                RSA_free(*a);
-                *a = key;
-        }
-        return key;
-}
-
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-{
-        EVP_PKEY *pktmp;
-        int ret;
-        if(!a) return 0;
-        pktmp = EVP_PKEY_new();
-        if(!pktmp) {
-                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        EVP_PKEY_set1_RSA(pktmp, a);
-        ret = i2d_PUBKEY(pktmp, pp);
-        EVP_PKEY_free(pktmp);
-        return ret;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
-             long length)
-{
-        EVP_PKEY *pkey;
-        DSA *key;
-        unsigned char *q;
-        q = *pp;
-        pkey = d2i_PUBKEY(NULL, &q, length);
-        if(!pkey) return NULL;
-        key = EVP_PKEY_get1_DSA(pkey);
-        EVP_PKEY_free(pkey);
-        if(!key) return NULL;
-        *pp = q;
-        if(a) {
-                DSA_free(*a);
-                *a = key;
-        }
-        return key;
-}
-
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-{
-        EVP_PKEY *pktmp;
-        int ret;
-        if(!a) return 0;
-        pktmp = EVP_PKEY_new();
-        if(!pktmp) {
-                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        EVP_PKEY_set1_DSA(pktmp, a);
-        ret = i2d_PUBKEY(pktmp, pp);
-        EVP_PKEY_free(pktmp);
-        return ret;
-}
-#endif
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
deleted file mode 100644
index b3f18ebc12..0000000000
--- a/src/lib/libcrypto/asn1/x_req.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/asn1/x_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_REQ_INFO is handled in an unusual way to get round
- * invalid encodings. Some broken certificate requests don't
- * encode the attributes field if it is empty. This is in
- * violation of PKCS#10 but we need to tolerate it. We do
- * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
- *
- * This means that the field will be correctly encoded unless
- * we NULL out the field.
- *
- * As a result we no longer need the req_kludge field because
- * the information is now contained in the attributes field:
- * 1. If it is NULL then it's the invalid omission.
- * 2. If it is empty it is the correct encoding.
- * 3. If it is not empty then some attributes are present.
- *
- */
-
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-
-        if(operation == ASN1_OP_NEW_POST) {
-                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-                if(!rinf->attributes) return 0;
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
-        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
-        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
-        /* This isn't really OPTIONAL but it gets round invalid
-         * encodings
-         */
-        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
-        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
-        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
deleted file mode 100644
index 42efa86c1c..0000000000
--- a/src/lib/libcrypto/asn1/x_sig.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_sig.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_SIG) = {
-        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
-        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_SIG)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
deleted file mode 100644
index 2aece077c5..0000000000
--- a/src/lib/libcrypto/asn1/x_spki.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/asn1/x_spki.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
- /* This module was send to me my Pat Richards <patr@x509.com> who
-  * wrote it.  It is under my Copyright with his permission
-  */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
-        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
-        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-
-ASN1_SEQUENCE(NETSCAPE_SPKI) = {
-        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
-        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
deleted file mode 100644
index dc17c67758..0000000000
--- a/src/lib/libcrypto/asn1/x_val.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_val.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_VAL) = {
-        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
-        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
-} ASN1_SEQUENCE_END(X509_VAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
deleted file mode 100644
index b50167ce43..0000000000
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(X509_CINF) = {
-        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
-        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
-        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
-        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
-        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
-        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
-        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
-/* X509 top level structure needs a bit of customisation */
-
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        X509 *ret = (X509 *)*pval;
-
-        switch(operation) {
-
-                case ASN1_OP_NEW_POST:
-                ret->valid=0;
-                ret->name = NULL;
-                ret->ex_flags = 0;
-                ret->ex_pathlen = -1;
-                ret->skid = NULL;
-                ret->akid = NULL;
-                ret->aux = NULL;
-                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-                break;
-
-                case ASN1_OP_D2I_POST:
-                if (ret->name != NULL) OPENSSL_free(ret->name);
-                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-                break;
-
-                case ASN1_OP_FREE_POST:
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-                X509_CERT_AUX_free(ret->aux);
-                ASN1_OCTET_STRING_free(ret->skid);
-                AUTHORITY_KEYID_free(ret->akid);
-
-                if (ret->name != NULL) OPENSSL_free(ret->name);
-                break;
-
-        }
-
-        return 1;
-
-}
-
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-        ASN1_SIMPLE(X509, cert_info, X509_CINF),
-        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509, X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-
-static ASN1_METHOD meth={
-        (int (*)())  i2d_X509,
-        (char *(*)())d2i_X509,
-        (char *(*)())X509_new,
-        (void (*)()) X509_free};
-
-ASN1_METHOD *X509_asn1_meth(void)
-        {
-        return(&meth);
-        }
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int X509_set_ex_data(X509 *r, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-        }
-
-void *X509_get_ex_data(X509 *r, int idx)
-        {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
-        }
-
-/* X509_AUX ASN1 routines. X509_AUX is the name given to
- * a certificate with extra info tagged on the end. Since these
- * functions set how a certificate is trusted they should only
- * be used when the certificate comes from a reliable source
- * such as local storage.
- *
- */
-
-X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length)
-{
-        unsigned char *q;
-        X509 *ret;
-        /* Save start position */
-        q = *pp;
-        ret = d2i_X509(a, pp, length);
-        /* If certificate unreadable then forget it */
-        if(!ret) return NULL;
-        /* update length */
-        length -= *pp - q;
-        if(!length) return ret;
-        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
-        return ret;
-        err:
-        X509_free(ret);
-        return NULL;
-}
-
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
-{
-        int length;
-        length = i2d_X509(a, pp);
-        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
-        return length;
-}
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
deleted file mode 100644
index f244768b7e..0000000000
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* a_x509a.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX routines. These are used to encode additional
- * user modifiable data about a certificate. This data is
- * appended to the X509 encoding when the *_X509_AUX routines
- * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
- */
-
-static X509_CERT_AUX *aux_get(X509 *x);
-
-ASN1_SEQUENCE(X509_CERT_AUX) = {
-        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
-        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
-        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
-        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
-} ASN1_SEQUENCE_END(X509_CERT_AUX)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-static X509_CERT_AUX *aux_get(X509 *x)
-{
-        if(!x) return NULL;
-        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
-        return x->aux;
-}
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
-{
-        X509_CERT_AUX *aux;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
-        return ASN1_STRING_set(aux->alias, name, len);
-}
-
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
-{
-        X509_CERT_AUX *aux;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
-        return ASN1_STRING_set(aux->keyid, id, len);
-}
-
-unsigned char *X509_alias_get0(X509 *x, int *len)
-{
-        if(!x->aux || !x->aux->alias) return NULL;
-        if(len) *len = x->aux->alias->length;
-        return x->aux->alias->data;
-}
-
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
-        X509_CERT_AUX *aux;
-        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->trust
-                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
-        return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
-
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
-{
-        X509_CERT_AUX *aux;
-        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->reject
-                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
-        return sk_ASN1_OBJECT_push(aux->reject, objtmp);
-}
-
-void X509_trust_clear(X509 *x)
-{
-        if(x->aux && x->aux->trust) {
-                sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
-                x->aux->trust = NULL;
-        }
-}
-
-void X509_reject_clear(X509 *x)
-{
-        if(x->aux && x->aux->reject) {
-                sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
-                x->aux->reject = NULL;
-        }
-}
-
diff --git a/src/lib/libcrypto/bf/COPYRIGHT b/src/lib/libcrypto/bf/COPYRIGHT
deleted file mode 100644
index 6857223506..0000000000
--- a/src/lib/libcrypto/bf/COPYRIGHT
+++ /dev/null
@@ -1,46 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an Blowfish implementation written
-by Eric Young (eay@cryptsoft.com).
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libcrypto/bf/INSTALL b/src/lib/libcrypto/bf/INSTALL
deleted file mode 100644
index 3b25923532..0000000000
--- a/src/lib/libcrypto/bf/INSTALL
+++ /dev/null
@@ -1,14 +0,0 @@
-This Eric Young's blowfish implementation, taken from his SSLeay library
-and made available as a separate library.
- 
-The version number (0.7.2m) is the SSLeay version that this library was
-taken from.
- 
-To build, just unpack and type make.
-If you are not using gcc, edit the Makefile.
-If you are compiling for an x86 box, try the assembler (it needs improving).
-There are also some compile time options that can improve performance,
-these are documented in the Makefile.
- 
-eric 15-Apr-1997
- 
diff --git a/src/lib/libcrypto/bf/README b/src/lib/libcrypto/bf/README
deleted file mode 100644
index f2712fd0e7..0000000000
--- a/src/lib/libcrypto/bf/README
+++ /dev/null
@@ -1,8 +0,0 @@
-This is a quick packaging up of my blowfish code into a library.
-It has been lifted from SSLeay.
-The copyright notices seem a little harsh because I have not spent the
-time to rewrite the conditions from the normal SSLeay ones.
-
-Basically if you just want to play with the library, not a problem.
-
-eric 15-Apr-1997
diff --git a/src/lib/libcrypto/bf/VERSION b/src/lib/libcrypto/bf/VERSION
deleted file mode 100644
index be995855e4..0000000000
--- a/src/lib/libcrypto/bf/VERSION
+++ /dev/null
@@ -1,6 +0,0 @@
-The version numbers will follow my SSL implementation
-
-0.7.2r - Some reasonable default compiler options from 
-        Peter Gutman <pgut001@cs.auckland.ac.nz>
-
-0.7.2m - the first release
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl
deleted file mode 100644
index b5a4760d09..0000000000
--- a/src/lib/libcrypto/bf/asm/bf-586.pl
+++ /dev/null
@@ -1,136 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-
-&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
-
-$BF_ROUNDS=16;
-$BF_OFF=($BF_ROUNDS+2)*4;
-$L="edi";
-$R="esi";
-$P="ebp";
-$tmp1="eax";
-$tmp2="ebx";
-$tmp3="ecx";
-$tmp4="edx";
-
-&BF_encrypt("BF_encrypt",1);
-&BF_encrypt("BF_decrypt",0);
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
-&asm_finish();
-
-sub BF_encrypt
-        {
-        local($name,$enc)=@_;
-
-        &function_begin_B($name,"");
-
-        &comment("");
-
-        &push("ebp");
-        &push("ebx");
-        &mov($tmp2,&wparam(0));
-        &mov($P,&wparam(1));
-        &push("esi");
-        &push("edi");
-
-        &comment("Load the 2 words");
-        &mov($L,&DWP(0,$tmp2,"",0));
-        &mov($R,&DWP(4,$tmp2,"",0));
-
-        &xor(   $tmp1,  $tmp1);
-
-        # encrypting part
-
-        if ($enc)
-                {
-                 &mov($tmp2,&DWP(0,$P,"",0));
-                &xor(   $tmp3,  $tmp3);
-
-                &xor($L,$tmp2);
-                for ($i=0; $i<$BF_ROUNDS; $i+=2)
-                        {
-                        &comment("");
-                        &comment("Round $i");
-                        &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
-
-                        &comment("");
-                        &comment("Round ".sprintf("%d",$i+1));
-                        &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
-                        }
-                # &mov($tmp1,&wparam(0)); In last loop
-                &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-                }
-        else
-                {
-                 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-                &xor(   $tmp3,  $tmp3);
-
-                &xor($L,$tmp2);
-                for ($i=$BF_ROUNDS; $i>0; $i-=2)
-                        {
-                        &comment("");
-                        &comment("Round $i");
-                        &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
-                        &comment("");
-                        &comment("Round ".sprintf("%d",$i-1));
-                        &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
-                        }
-                # &mov($tmp1,&wparam(0)); In last loop
-                &mov($tmp4,&DWP(0,$P,"",0));
-                }
-
-        &xor($R,$tmp4);
-        &mov(&DWP(4,$tmp1,"",0),$L);
-
-        &mov(&DWP(0,$tmp1,"",0),$R);
-        &function_end($name);
-        }
-
-sub BF_ENCRYPT
-        {
-        local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
-
-        &mov(   $tmp4,          &DWP(&n2a($i*4),$P,"",0)); # for next round
-
-        &mov(   $tmp2,          $R);
-        &xor(   $L,             $tmp4);
-
-        &shr(   $tmp2,          16);
-        &mov(   $tmp4,          $R);
-
-        &movb(  &LB($tmp1),     &HB($tmp2));    # A
-        &and(   $tmp2,          0xff);          # B
-
-        &movb(  &LB($tmp3),     &HB($tmp4));    # C
-        &and(   $tmp4,          0xff);          # D
-
-        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
-        &mov(   $tmp2,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
-
-        &add(   $tmp2,          $tmp1);
-        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
-
-        &xor(   $tmp2,          $tmp1);
-        &mov(   $tmp4,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
-
-        &add(   $tmp2,          $tmp4);
-        if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
-                { &xor( $tmp1,          $tmp1); }
-        else
-                {
-                &comment("Load parameter 0 ($i) enc=$enc");
-                &mov($tmp1,&wparam(0));
-                } # In last loop
-
-        &xor(   $L,             $tmp2);
-        # delay
-        }
-
-sub n2a
-        {
-        sprintf("%d",$_[0]);
-        }
-
diff --git a/src/lib/libcrypto/bf/bf_cbc.c b/src/lib/libcrypto/bf/bf_cbc.c
deleted file mode 100644
index f949629dc6..0000000000
--- a/src/lib/libcrypto/bf/bf_cbc.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* crypto/bf/bf_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-        {
-        register BF_LONG tin0,tin1;
-        register BF_LONG tout0,tout1,xor0,xor1;
-        register long l=length;
-        BF_LONG tin[2];
-
-        if (encrypt)
-                {
-                n2l(ivec,tout0);
-                n2l(ivec,tout1);
-                ivec-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_encrypt(tin,schedule);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        n2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_encrypt(tin,schedule);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                l2n(tout0,ivec);
-                l2n(tout1,ivec);
-                }
-        else
-                {
-                n2l(ivec,xor0);
-                n2l(ivec,xor1);
-                ivec-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_decrypt(tin,schedule);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_decrypt(tin,schedule);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2nn(tout0,tout1,out,l+8);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                l2n(xor0,ivec);
-                l2n(xor1,ivec);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/bf/bf_cfb64.c b/src/lib/libcrypto/bf/bf_cfb64.c
deleted file mode 100644
index 6451c8d407..0000000000
--- a/src/lib/libcrypto/bf/bf_cfb64.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/bf/bf_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-             const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
-        {
-        register BF_LONG v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        BF_LONG ti[2];
-        unsigned char *iv,c,cc;
-
-        iv=(unsigned char *)ivec;
-        if (encrypt)
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                n2l(iv,v0); ti[0]=v0;
-                                n2l(iv,v1); ti[1]=v1;
-                                BF_encrypt((BF_LONG *)ti,schedule);
-                                iv=(unsigned char *)ivec;
-                                t=ti[0]; l2n(t,iv);
-                                t=ti[1]; l2n(t,iv);
-                                iv=(unsigned char *)ivec;
-                                }
-                        c= *(in++)^iv[n];
-                        *(out++)=c;
-                        iv[n]=c;
-                        n=(n+1)&0x07;
-                        }
-                }
-        else
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                n2l(iv,v0); ti[0]=v0;
-                                n2l(iv,v1); ti[1]=v1;
-                                BF_encrypt((BF_LONG *)ti,schedule);
-                                iv=(unsigned char *)ivec;
-                                t=ti[0]; l2n(t,iv);
-                                t=ti[1]; l2n(t,iv);
-                                iv=(unsigned char *)ivec;
-                                }
-                        cc= *(in++);
-                        c=iv[n];
-                        iv[n]=cc;
-                        *(out++)=c^cc;
-                        n=(n+1)&0x07;
-                        }
-                }
-        v0=v1=ti[0]=ti[1]=t=c=cc=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/bf/bf_ecb.c b/src/lib/libcrypto/bf/bf_ecb.c
deleted file mode 100644
index 341991636f..0000000000
--- a/src/lib/libcrypto/bf/bf_ecb.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* crypto/bf/bf_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-#include <openssl/opensslv.h>
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
-
-const char *BF_options(void)
-        {
-#ifdef BF_PTR
-        return("blowfish(ptr)");
-#elif defined(BF_PTR2)
-        return("blowfish(ptr2)");
-#else
-        return("blowfish(idx)");
-#endif
-        }
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-             const BF_KEY *key, int encrypt)
-        {
-        BF_LONG l,d[2];
-
-        n2l(in,l); d[0]=l;
-        n2l(in,l); d[1]=l;
-        if (encrypt)
-                BF_encrypt(d,key);
-        else
-                BF_decrypt(d,key);
-        l=d[0]; l2n(l,out);
-        l=d[1]; l2n(l,out);
-        l=d[0]=d[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/bf/bf_enc.c b/src/lib/libcrypto/bf/bf_enc.c
deleted file mode 100644
index b380acf959..0000000000
--- a/src/lib/libcrypto/bf/bf_enc.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/* crypto/bf/bf_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
-to modify the code.
-#endif
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key)
-        {
-#ifndef BF_PTR2
-        register BF_LONG l,r;
-    const register BF_LONG *p,*s;
-
-        p=key->P;
-        s= &(key->S[0]);
-        l=data[0];
-        r=data[1];
-
-        l^=p[0];
-        BF_ENC(r,l,s,p[ 1]);
-        BF_ENC(l,r,s,p[ 2]);
-        BF_ENC(r,l,s,p[ 3]);
-        BF_ENC(l,r,s,p[ 4]);
-        BF_ENC(r,l,s,p[ 5]);
-        BF_ENC(l,r,s,p[ 6]);
-        BF_ENC(r,l,s,p[ 7]);
-        BF_ENC(l,r,s,p[ 8]);
-        BF_ENC(r,l,s,p[ 9]);
-        BF_ENC(l,r,s,p[10]);
-        BF_ENC(r,l,s,p[11]);
-        BF_ENC(l,r,s,p[12]);
-        BF_ENC(r,l,s,p[13]);
-        BF_ENC(l,r,s,p[14]);
-        BF_ENC(r,l,s,p[15]);
-        BF_ENC(l,r,s,p[16]);
-#if BF_ROUNDS == 20
-        BF_ENC(r,l,s,p[17]);
-        BF_ENC(l,r,s,p[18]);
-        BF_ENC(r,l,s,p[19]);
-        BF_ENC(l,r,s,p[20]);
-#endif
-        r^=p[BF_ROUNDS+1];
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-#else
-        register BF_LONG l,r,t,*k;
-
-        l=data[0];
-        r=data[1];
-        k=(BF_LONG*)key;
-
-        l^=k[0];
-        BF_ENC(r,l,k, 1);
-        BF_ENC(l,r,k, 2);
-        BF_ENC(r,l,k, 3);
-        BF_ENC(l,r,k, 4);
-        BF_ENC(r,l,k, 5);
-        BF_ENC(l,r,k, 6);
-        BF_ENC(r,l,k, 7);
-        BF_ENC(l,r,k, 8);
-        BF_ENC(r,l,k, 9);
-        BF_ENC(l,r,k,10);
-        BF_ENC(r,l,k,11);
-        BF_ENC(l,r,k,12);
-        BF_ENC(r,l,k,13);
-        BF_ENC(l,r,k,14);
-        BF_ENC(r,l,k,15);
-        BF_ENC(l,r,k,16);
-#if BF_ROUNDS == 20
-        BF_ENC(r,l,k,17);
-        BF_ENC(l,r,k,18);
-        BF_ENC(r,l,k,19);
-        BF_ENC(l,r,k,20);
-#endif
-        r^=k[BF_ROUNDS+1];
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-#endif
-        }
-
-#ifndef BF_DEFAULT_OPTIONS
-
-void BF_decrypt(BF_LONG *data, const BF_KEY *key)
-        {
-#ifndef BF_PTR2
-        register BF_LONG l,r;
-    const register BF_LONG *p,*s;
-
-        p=key->P;
-        s= &(key->S[0]);
-        l=data[0];
-        r=data[1];
-
-        l^=p[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-        BF_ENC(r,l,s,p[20]);
-        BF_ENC(l,r,s,p[19]);
-        BF_ENC(r,l,s,p[18]);
-        BF_ENC(l,r,s,p[17]);
-#endif
-        BF_ENC(r,l,s,p[16]);
-        BF_ENC(l,r,s,p[15]);
-        BF_ENC(r,l,s,p[14]);
-        BF_ENC(l,r,s,p[13]);
-        BF_ENC(r,l,s,p[12]);
-        BF_ENC(l,r,s,p[11]);
-        BF_ENC(r,l,s,p[10]);
-        BF_ENC(l,r,s,p[ 9]);
-        BF_ENC(r,l,s,p[ 8]);
-        BF_ENC(l,r,s,p[ 7]);
-        BF_ENC(r,l,s,p[ 6]);
-        BF_ENC(l,r,s,p[ 5]);
-        BF_ENC(r,l,s,p[ 4]);
-        BF_ENC(l,r,s,p[ 3]);
-        BF_ENC(r,l,s,p[ 2]);
-        BF_ENC(l,r,s,p[ 1]);
-        r^=p[0];
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-#else
-        register BF_LONG l,r,t,*k;
-
-        l=data[0];
-        r=data[1];
-        k=(BF_LONG *)key;
-
-        l^=k[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-        BF_ENC(r,l,k,20);
-        BF_ENC(l,r,k,19);
-        BF_ENC(r,l,k,18);
-        BF_ENC(l,r,k,17);
-#endif
-        BF_ENC(r,l,k,16);
-        BF_ENC(l,r,k,15);
-        BF_ENC(r,l,k,14);
-        BF_ENC(l,r,k,13);
-        BF_ENC(r,l,k,12);
-        BF_ENC(l,r,k,11);
-        BF_ENC(r,l,k,10);
-        BF_ENC(l,r,k, 9);
-        BF_ENC(r,l,k, 8);
-        BF_ENC(l,r,k, 7);
-        BF_ENC(r,l,k, 6);
-        BF_ENC(l,r,k, 5);
-        BF_ENC(r,l,k, 4);
-        BF_ENC(l,r,k, 3);
-        BF_ENC(r,l,k, 2);
-        BF_ENC(l,r,k, 1);
-        r^=k[0];
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-#endif
-        }
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-        {
-        register BF_LONG tin0,tin1;
-        register BF_LONG tout0,tout1,xor0,xor1;
-        register long l=length;
-        BF_LONG tin[2];
-
-        if (encrypt)
-                {
-                n2l(ivec,tout0);
-                n2l(ivec,tout1);
-                ivec-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_encrypt(tin,schedule);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        n2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_encrypt(tin,schedule);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                l2n(tout0,ivec);
-                l2n(tout1,ivec);
-                }
-        else
-                {
-                n2l(ivec,xor0);
-                n2l(ivec,xor1);
-                ivec-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_decrypt(tin,schedule);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        BF_decrypt(tin,schedule);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2nn(tout0,tout1,out,l+8);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                l2n(xor0,ivec);
-                l2n(xor1,ivec);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/bf/bf_locl.h b/src/lib/libcrypto/bf/bf_locl.h
deleted file mode 100644
index cc7c3ec992..0000000000
--- a/src/lib/libcrypto/bf/bf_locl.h
+++ /dev/null
@@ -1,219 +0,0 @@
-/* crypto/bf/bf_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BF_LOCL_H
-#define HEADER_BF_LOCL_H
-#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
-
-#undef c2l
-#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                                } \
-                        }
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* This is actually a big endian algorithm, the most significant byte
- * is used to lookup array 0 */
-
-#if defined(BF_PTR2)
-
-/*
- * This is basically a special Intel version. Point is that Intel
- * doesn't have many registers, but offers a reach choice of addressing
- * modes. So we spare some registers by directly traversing BF_KEY
- * structure and hiring the most decorated addressing mode. The code
- * generated by EGCS is *perfectly* competitive with assembler
- * implementation!
- */
-#define BF_ENC(LL,R,KEY,Pi) (\
-        LL^=KEY[Pi], \
-        t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
-        t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
-        t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
-        t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
-        LL^=t \
-        )
-
-#elif defined(BF_PTR)
-
-#ifndef BF_LONG_LOG2
-#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
-#endif
-#define BF_M  (0xFF<<BF_LONG_LOG2)
-#define BF_0  (24-BF_LONG_LOG2)
-#define BF_1  (16-BF_LONG_LOG2)
-#define BF_2  ( 8-BF_LONG_LOG2)
-#define BF_3  BF_LONG_LOG2 /* left shift */
-
-/*
- * This is normally very good on RISC platforms where normally you
- * have to explicitly "multiply" array index by sizeof(BF_LONG)
- * in order to calculate the effective address. This implementation
- * excuses CPU from this extra work. Power[PC] uses should have most
- * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
- * rlwinm. So let'em double-check if their compiler does it.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
-        LL^=P, \
-        LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
-                *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
-                *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-                *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
-        )
-#else
-
-/*
- * This is a *generic* version. Seem to perform best on platforms that
- * offer explicit support for extraction of 8-bit nibbles preferably
- * complemented with "multiplying" of array index by sizeof(BF_LONG).
- * For the moment of this writing the list comprises Alpha CPU featuring
- * extbl and s[48]addq instructions.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
-        LL^=P, \
-        LL^=((( S[       ((int)(R>>24)&0xff)] + \
-                S[0x0100+((int)(R>>16)&0xff)])^ \
-                S[0x0200+((int)(R>> 8)&0xff)])+ \
-                S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
-        )
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/bf/bf_ofb64.c b/src/lib/libcrypto/bf/bf_ofb64.c
deleted file mode 100644
index f2a9ff6e41..0000000000
--- a/src/lib/libcrypto/bf/bf_ofb64.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/bf/bf_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-             const BF_KEY *schedule, unsigned char *ivec, int *num)
-        {
-        register BF_LONG v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        unsigned char d[8];
-        register char *dp;
-        BF_LONG ti[2];
-        unsigned char *iv;
-        int save=0;
-
-        iv=(unsigned char *)ivec;
-        n2l(iv,v0);
-        n2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        dp=(char *)d;
-        l2n(v0,dp);
-        l2n(v1,dp);
-        while (l--)
-                {
-                if (n == 0)
-                        {
-                        BF_encrypt((BF_LONG *)ti,schedule);
-                        dp=(char *)d;
-                        t=ti[0]; l2n(t,dp);
-                        t=ti[1]; l2n(t,dp);
-                        save++;
-                        }
-                *(out++)= *(in++)^d[n];
-                n=(n+1)&0x07;
-                }
-        if (save)
-                {
-                v0=ti[0];
-                v1=ti[1];
-                iv=(unsigned char *)ivec;
-                l2n(v0,iv);
-                l2n(v1,iv);
-                }
-        t=v0=v1=ti[0]=ti[1]=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/bf/bf_pi.h b/src/lib/libcrypto/bf/bf_pi.h
deleted file mode 100644
index 9949513c68..0000000000
--- a/src/lib/libcrypto/bf/bf_pi.h
+++ /dev/null
@@ -1,325 +0,0 @@
-/* crypto/bf/bf_pi.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const BF_KEY bf_init= {
-        {
-        0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
-        0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
-        0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
-        0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
-        0x9216d5d9L, 0x8979fb1b
-        },{
-        0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
-        0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
-        0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
-        0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
-        0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
-        0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
-        0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
-        0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
-        0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
-        0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
-        0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
-        0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
-        0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
-        0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
-        0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
-        0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
-        0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
-        0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
-        0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
-        0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
-        0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
-        0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
-        0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
-        0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
-        0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
-        0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
-        0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
-        0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
-        0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
-        0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
-        0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
-        0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
-        0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
-        0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
-        0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
-        0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
-        0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
-        0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
-        0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
-        0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
-        0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
-        0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
-        0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
-        0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
-        0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
-        0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
-        0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
-        0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
-        0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
-        0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
-        0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
-        0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
-        0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
-        0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
-        0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
-        0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
-        0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
-        0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
-        0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
-        0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
-        0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
-        0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
-        0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
-        0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
-        0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
-        0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
-        0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
-        0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
-        0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
-        0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
-        0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
-        0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
-        0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
-        0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
-        0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
-        0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
-        0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
-        0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
-        0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
-        0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
-        0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
-        0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
-        0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
-        0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
-        0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
-        0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
-        0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
-        0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
-        0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
-        0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
-        0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
-        0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
-        0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
-        0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
-        0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
-        0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
-        0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
-        0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
-        0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
-        0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
-        0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
-        0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
-        0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
-        0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
-        0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
-        0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
-        0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
-        0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
-        0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
-        0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
-        0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
-        0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
-        0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
-        0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
-        0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
-        0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
-        0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
-        0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
-        0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
-        0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
-        0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
-        0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
-        0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
-        0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
-        0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
-        0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
-        0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
-        0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
-        0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
-        0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
-        0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
-        0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
-        0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
-        0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
-        0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
-        0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
-        0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
-        0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
-        0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
-        0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
-        0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
-        0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
-        0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
-        0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
-        0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
-        0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
-        0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
-        0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
-        0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
-        0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
-        0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
-        0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
-        0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
-        0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
-        0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
-        0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
-        0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
-        0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
-        0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
-        0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
-        0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
-        0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
-        0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
-        0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
-        0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
-        0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
-        0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
-        0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
-        0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
-        0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
-        0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
-        0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
-        0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
-        0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
-        0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
-        0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
-        0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
-        0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
-        0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
-        0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
-        0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
-        0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
-        0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
-        0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
-        0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
-        0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
-        0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
-        0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
-        0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
-        0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
-        0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
-        0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
-        0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
-        0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
-        0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
-        0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
-        0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
-        0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
-        0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
-        0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
-        0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
-        0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
-        0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
-        0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
-        0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
-        0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
-        0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
-        0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
-        0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
-        0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
-        0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
-        0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
-        0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
-        0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
-        0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
-        0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
-        0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
-        0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
-        0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
-        0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
-        0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
-        0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
-        0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
-        0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
-        0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
-        0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
-        0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
-        0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
-        0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
-        0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
-        0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
-        0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
-        0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
-        0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
-        0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
-        0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
-        0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
-        0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
-        0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
-        0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
-        0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
-        0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
-        0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
-        0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
-        0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
-        0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
-        0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
-        0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
-        0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
-        0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
-        0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
-        0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
-        0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
-        0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
-        0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
-        0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
-        }
-        };
-
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
deleted file mode 100644
index 1931aba83f..0000000000
--- a/src/lib/libcrypto/bf/bf_skey.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/bf/bf_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/blowfish.h>
-#include <openssl/fips.h>
-#include "bf_locl.h"
-#include "bf_pi.h"
-
-FIPS_NON_FIPS_VCIPHER_Init(BF)
-        {
-        int i;
-        BF_LONG *p,ri,in[2];
-        const unsigned char *d,*end;
-
-
-        memcpy(key,&bf_init,sizeof(BF_KEY));
-        p=key->P;
-
-        if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
-
-        d=data;
-        end= &(data[len]);
-        for (i=0; i<(BF_ROUNDS+2); i++)
-                {
-                ri= *(d++);
-                if (d >= end) d=data;
-
-                ri<<=8;
-                ri|= *(d++);
-                if (d >= end) d=data;
-
-                ri<<=8;
-                ri|= *(d++);
-                if (d >= end) d=data;
-
-                ri<<=8;
-                ri|= *(d++);
-                if (d >= end) d=data;
-
-                p[i]^=ri;
-                }
-
-        in[0]=0L;
-        in[1]=0L;
-        for (i=0; i<(BF_ROUNDS+2); i+=2)
-                {
-                BF_encrypt(in,key);
-                p[i  ]=in[0];
-                p[i+1]=in[1];
-                }
-
-        p=key->S;
-        for (i=0; i<4*256; i+=2)
-                {
-                BF_encrypt(in,key);
-                p[i  ]=in[0];
-                p[i+1]=in[1];
-                }
-        }
-
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h
deleted file mode 100644
index b4d8774961..0000000000
--- a/src/lib/libcrypto/bf/blowfish.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BLOWFISH_H
-#define HEADER_BLOWFISH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_BF
-#error BF is disabled.
-#endif
-
-#define BF_ENCRYPT      1
-#define BF_DECRYPT      0
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! BF_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define BF_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define BF_LONG unsigned long
-#define BF_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-#else
-#define BF_LONG unsigned int
-#endif
-
-#define BF_ROUNDS       16
-#define BF_BLOCK        8
-
-typedef struct bf_key_st
-        {
-        BF_LONG P[BF_ROUNDS+2];
-        BF_LONG S[4*256];
-        } BF_KEY;
-
-
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-        const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-        const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-        const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-        const BF_KEY *schedule, unsigned char *ivec, int *num);
-const char *BF_options(void);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
deleted file mode 100644
index f671e722fa..0000000000
--- a/src/lib/libcrypto/bio/b_dump.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/* crypto/bio/b_dump.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#define TRUNCATE
-#define DUMP_WIDTH      16
-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
-
-int BIO_dump(BIO *bio, const char *s, int len)
-        {
-        return BIO_dump_indent(bio, s, len, 0);
-        }
-
-int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
-        {
-        int ret=0;
-        char buf[288+1],tmp[20],str[128+1];
-        int i,j,rows,trunc;
-        unsigned char ch;
-        int dump_width;
-        
-        trunc=0;
-        
-#ifdef TRUNCATE
-        for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
-                trunc++;
-#endif
-
-        if (indent < 0)
-                indent = 0;
-        if (indent)
-                {
-                if (indent > 128) indent=128;
-                memset(str,' ',indent);
-                }
-        str[indent]='\0';
-        
-        dump_width=DUMP_WIDTH_LESS_INDENT(indent);
-        rows=(len/dump_width);
-        if ((rows*dump_width)<len)
-                rows++;
-        for(i=0;i<rows;i++)
-                {
-                buf[0]='\0';    /* start with empty string */
-                BUF_strlcpy(buf,str,sizeof buf);
-                BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
-                BUF_strlcat(buf,tmp,sizeof buf);
-                for(j=0;j<dump_width;j++)
-                        {
-                        if (((i*dump_width)+j)>=len)
-                                {
-                                BUF_strlcat(buf,"   ",sizeof buf);
-                                }
-                        else
-                                {
-                                ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-                                BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-                                         j==7?'-':' ');
-                                BUF_strlcat(buf,tmp,sizeof buf);
-                                }
-                        }
-                BUF_strlcat(buf,"  ",sizeof buf);
-                for(j=0;j<dump_width;j++)
-                        {
-                        if (((i*dump_width)+j)>=len)
-                                break;
-                        ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-#ifndef CHARSET_EBCDIC
-                        BIO_snprintf(tmp,sizeof tmp,"%c",
-                                 ((ch>=' ')&&(ch<='~'))?ch:'.');
-#else
-                        BIO_snprintf(tmp,sizeof tmp,"%c",
-                                 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-                                 ? os_toebcdic[ch]
-                                 : '.');
-#endif
-                        BUF_strlcat(buf,tmp,sizeof buf);
-                        }
-                BUF_strlcat(buf,"\n",sizeof buf);
-                /* if this is the last call then update the ddt_dump thing so that
-                 * we will move the selection point in the debug window 
-                 */
-                ret+=BIO_write(bio,(char *)buf,strlen(buf));
-                }
-#ifdef TRUNCATE
-        if (trunc > 0)
-                {
-                BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-                         len+trunc);
-                ret+=BIO_write(bio,(char *)buf,strlen(buf));
-                }
-#endif
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
deleted file mode 100644
index f2bd91d5a0..0000000000
--- a/src/lib/libcrypto/bio/b_print.c
+++ /dev/null
@@ -1,841 +0,0 @@
-/* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-/* 
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include "cryptlib.h"
-#ifndef NO_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
-#include <openssl/bio.h>
-
-#ifdef BN_LLONG
-# ifndef HAVE_LONG_LONG
-#  define HAVE_LONG_LONG 1
-# endif
-#endif
-
-/***************************************************************************/
-
-/*
- * Copyright Patrick Powell 1995
- * This code is based on code written by Patrick Powell <papowell@astart.com>
- * It may be used for any purpose as long as this notice remains intact
- * on all source code distributions.
- */
-
-/*
- * This code contains numerious changes and enhancements which were
- * made by lots of contributors over the last years to Patrick Powell's
- * original code:
- *
- * o Patrick Powell <papowell@astart.com>      (1995)
- * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
- * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
- * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
- * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
- * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
- * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
- * o ...                                       (for OpenSSL)
- */
-
-#ifdef HAVE_LONG_DOUBLE
-#define LDOUBLE long double
-#else
-#define LDOUBLE double
-#endif
-
-#if HAVE_LONG_LONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define LLONG _int64
-# else
-# define LLONG long long
-# endif
-#else
-#define LLONG long
-#endif
-
-static void fmtstr     (char **, char **, size_t *, size_t *,
-                        const char *, int, int, int);
-static void fmtint     (char **, char **, size_t *, size_t *,
-                        LLONG, int, int, int, int);
-static void fmtfp      (char **, char **, size_t *, size_t *,
-                        LDOUBLE, int, int, int);
-static void doapr_outch (char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-                  size_t *maxlen, size_t *retlen, int *truncated,
-                  const char *format, va_list args);
-
-/* format read states */
-#define DP_S_DEFAULT    0
-#define DP_S_FLAGS      1
-#define DP_S_MIN        2
-#define DP_S_DOT        3
-#define DP_S_MAX        4
-#define DP_S_MOD        5
-#define DP_S_CONV       6
-#define DP_S_DONE       7
-
-/* format flags - Bits */
-#define DP_F_MINUS      (1 << 0)
-#define DP_F_PLUS       (1 << 1)
-#define DP_F_SPACE      (1 << 2)
-#define DP_F_NUM        (1 << 3)
-#define DP_F_ZERO       (1 << 4)
-#define DP_F_UP         (1 << 5)
-#define DP_F_UNSIGNED   (1 << 6)
-
-/* conversion flags */
-#define DP_C_SHORT      1
-#define DP_C_LONG       2
-#define DP_C_LDOUBLE    3
-#define DP_C_LLONG      4
-
-/* some handy macros */
-#define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-
-static void
-_dopr(
-    char **sbuffer,
-    char **buffer,
-    size_t *maxlen,
-    size_t *retlen,
-    int *truncated,
-    const char *format,
-    va_list args)
-{
-    char ch;
-    LLONG value;
-    LDOUBLE fvalue;
-    char *strvalue;
-    int min;
-    int max;
-    int state;
-    int flags;
-    int cflags;
-    size_t currlen;
-
-    state = DP_S_DEFAULT;
-    flags = currlen = cflags = min = 0;
-    max = -1;
-    ch = *format++;
-
-    while (state != DP_S_DONE) {
-        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
-            state = DP_S_DONE;
-
-        switch (state) {
-        case DP_S_DEFAULT:
-            if (ch == '%')
-                state = DP_S_FLAGS;
-            else
-                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
-            ch = *format++;
-            break;
-        case DP_S_FLAGS:
-            switch (ch) {
-            case '-':
-                flags |= DP_F_MINUS;
-                ch = *format++;
-                break;
-            case '+':
-                flags |= DP_F_PLUS;
-                ch = *format++;
-                break;
-            case ' ':
-                flags |= DP_F_SPACE;
-                ch = *format++;
-                break;
-            case '#':
-                flags |= DP_F_NUM;
-                ch = *format++;
-                break;
-            case '0':
-                flags |= DP_F_ZERO;
-                ch = *format++;
-                break;
-            default:
-                state = DP_S_MIN;
-                break;
-            }
-            break;
-        case DP_S_MIN:
-            if (isdigit((unsigned char)ch)) {
-                min = 10 * min + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                min = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_DOT;
-            } else
-                state = DP_S_DOT;
-            break;
-        case DP_S_DOT:
-            if (ch == '.') {
-                state = DP_S_MAX;
-                ch = *format++;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MAX:
-            if (isdigit((unsigned char)ch)) {
-                if (max < 0)
-                    max = 0;
-                max = 10 * max + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                max = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_MOD;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MOD:
-            switch (ch) {
-            case 'h':
-                cflags = DP_C_SHORT;
-                ch = *format++;
-                break;
-            case 'l':
-                if (*format == 'l') {
-                    cflags = DP_C_LLONG;
-                    format++;
-                } else
-                    cflags = DP_C_LONG;
-                ch = *format++;
-                break;
-            case 'q':
-                cflags = DP_C_LLONG;
-                ch = *format++;
-                break;
-            case 'L':
-                cflags = DP_C_LDOUBLE;
-                ch = *format++;
-                break;
-            default:
-                break;
-            }
-            state = DP_S_CONV;
-            break;
-        case DP_S_CONV:
-            switch (ch) {
-            case 'd':
-            case 'i':
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (short int)va_arg(args, int);
-                    break;
-                case DP_C_LONG:
-                    value = va_arg(args, long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, LLONG);
-                    break;
-                default:
-                    value = va_arg(args, int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 10, min, max, flags);
-                break;
-            case 'X':
-                flags |= DP_F_UP;
-                /* FALLTHROUGH */
-            case 'x':
-            case 'o':
-            case 'u':
-                flags |= DP_F_UNSIGNED;
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (unsigned short int)va_arg(args, unsigned int);
-                    break;
-                case DP_C_LONG:
-                    value = (LLONG) va_arg(args,
-                        unsigned long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, unsigned LLONG);
-                    break;
-                default:
-                    value = (LLONG) va_arg(args,
-                        unsigned int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                       min, max, flags);
-                break;
-            case 'f':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                fmtfp(sbuffer, buffer, &currlen, maxlen,
-                      fvalue, min, max, flags);
-                break;
-            case 'E':
-                flags |= DP_F_UP;
-            case 'e':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'G':
-                flags |= DP_F_UP;
-            case 'g':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'c':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                    va_arg(args, int));
-                break;
-            case 's':
-                strvalue = va_arg(args, char *);
-                if (max < 0) {
-                    if (buffer)
-                        max = INT_MAX;
-                    else
-                        max = *maxlen;
-                }
-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
-                break;
-            case 'p':
-                value = (long)va_arg(args, void *);
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                    value, 16, min, max, flags|DP_F_NUM);
-                break;
-            case 'n': /* XXX */
-                if (cflags == DP_C_SHORT) {
-                    short int *num;
-                    num = va_arg(args, short int *);
-                    *num = currlen;
-                } else if (cflags == DP_C_LONG) { /* XXX */
-                    long int *num;
-                    num = va_arg(args, long int *);
-                    *num = (long int) currlen;
-                } else if (cflags == DP_C_LLONG) { /* XXX */
-                    LLONG *num;
-                    num = va_arg(args, LLONG *);
-                    *num = (LLONG) currlen;
-                } else {
-                    int    *num;
-                    num = va_arg(args, int *);
-                    *num = currlen;
-                }
-                break;
-            case '%':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
-                break;
-            case 'w':
-                /* not supported yet, treat as next char */
-                ch = *format++;
-                break;
-            default:
-                /* unknown, skip */
-                break;
-            }
-            ch = *format++;
-            state = DP_S_DEFAULT;
-            flags = cflags = min = 0;
-            max = -1;
-            break;
-        case DP_S_DONE:
-            break;
-        default:
-            break;
-        }
-    }
-    *truncated = (currlen > *maxlen - 1);
-    if (*truncated)
-        currlen = *maxlen - 1;
-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
-    *retlen = currlen - 1;
-    return;
-}
-
-static void
-fmtstr(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    const char *value,
-    int flags,
-    int min,
-    int max)
-{
-    int padlen, strln;
-    int cnt = 0;
-
-    if (value == 0)
-        value = "<NULL>";
-    for (strln = 0; value[strln]; ++strln)
-        ;
-    padlen = min - strln;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    while ((padlen > 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-        ++cnt;
-    }
-    while (*value && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
-        ++cnt;
-    }
-    while ((padlen < 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-        ++cnt;
-    }
-}
-
-static void
-fmtint(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    LLONG value,
-    int base,
-    int min,
-    int max,
-    int flags)
-{
-    int signvalue = 0;
-    char *prefix = "";
-    unsigned LLONG uvalue;
-    char convert[DECIMAL_SIZE(value)+3];
-    int place = 0;
-    int spadlen = 0;
-    int zpadlen = 0;
-    int caps = 0;
-
-    if (max < 0)
-        max = 0;
-    uvalue = value;
-    if (!(flags & DP_F_UNSIGNED)) {
-        if (value < 0) {
-            signvalue = '-';
-            uvalue = -value;
-        } else if (flags & DP_F_PLUS)
-            signvalue = '+';
-        else if (flags & DP_F_SPACE)
-            signvalue = ' ';
-    }
-    if (flags & DP_F_NUM) {
-        if (base == 8) prefix = "0";
-        if (base == 16) prefix = "0x";
-    }
-    if (flags & DP_F_UP)
-        caps = 1;
-    do {
-        convert[place++] =
-            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
-            [uvalue % (unsigned) base];
-        uvalue = (uvalue / (unsigned) base);
-    } while (uvalue && (place < sizeof convert));
-    if (place == sizeof convert)
-        place--;
-    convert[place] = 0;
-
-    zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (spadlen < 0)
-        spadlen = 0;
-    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
-        spadlen = 0;
-    }
-    if (flags & DP_F_MINUS)
-        spadlen = -spadlen;
-
-    /* spaces */
-    while (spadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --spadlen;
-    }
-
-    /* sign */
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    /* prefix */
-    while (*prefix) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
-        prefix++;
-    }
-
-    /* zeros */
-    if (zpadlen > 0) {
-        while (zpadlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --zpadlen;
-        }
-    }
-    /* digits */
-    while (place > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
-
-    /* left justified spaces */
-    while (spadlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++spadlen;
-    }
-    return;
-}
-
-static LDOUBLE
-abs_val(LDOUBLE value)
-{
-    LDOUBLE result = value;
-    if (value < 0)
-        result = -value;
-    return result;
-}
-
-static LDOUBLE
-pow_10(int in_exp)
-{
-    LDOUBLE result = 1;
-    while (in_exp) {
-        result *= 10;
-        in_exp--;
-    }
-    return result;
-}
-
-static long
-roundv(LDOUBLE value)
-{
-    long intpart;
-    intpart = (long) value;
-    value = value - intpart;
-    if (value >= 0.5)
-        intpart++;
-    return intpart;
-}
-
-static void
-fmtfp(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    LDOUBLE fvalue,
-    int min,
-    int max,
-    int flags)
-{
-    int signvalue = 0;
-    LDOUBLE ufvalue;
-    char iconvert[20];
-    char fconvert[20];
-    int iplace = 0;
-    int fplace = 0;
-    int padlen = 0;
-    int zpadlen = 0;
-    int caps = 0;
-    long intpart;
-    long fracpart;
-
-    if (max < 0)
-        max = 6;
-    ufvalue = abs_val(fvalue);
-    if (fvalue < 0)
-        signvalue = '-';
-    else if (flags & DP_F_PLUS)
-        signvalue = '+';
-    else if (flags & DP_F_SPACE)
-        signvalue = ' ';
-
-    intpart = (long)ufvalue;
-
-    /* sorry, we only support 9 digits past the decimal because of our
-       conversion method */
-    if (max > 9)
-        max = 9;
-
-    /* we "cheat" by converting the fractional part to integer by
-       multiplying by a factor of 10 */
-    fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
-
-    if (fracpart >= (long)pow_10(max)) {
-        intpart++;
-        fracpart -= (long)pow_10(max);
-    }
-
-    /* convert integer part */
-    do {
-        iconvert[iplace++] =
-            (caps ? "0123456789ABCDEF"
-              : "0123456789abcdef")[intpart % 10];
-        intpart = (intpart / 10);
-    } while (intpart && (iplace < sizeof iconvert));
-    if (iplace == sizeof iconvert)
-        iplace--;
-    iconvert[iplace] = 0;
-
-    /* convert fractional part */
-    do {
-        fconvert[fplace++] =
-            (caps ? "0123456789ABCDEF"
-              : "0123456789abcdef")[fracpart % 10];
-        fracpart = (fracpart / 10);
-    } while (fplace < max);
-    if (fplace == sizeof fconvert)
-        fplace--;
-    fconvert[fplace] = 0;
-
-    /* -1 for decimal point, another -1 if we are printing a sign */
-    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
-    zpadlen = max - fplace;
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    if ((flags & DP_F_ZERO) && (padlen > 0)) {
-        if (signvalue) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-            --padlen;
-            signvalue = 0;
-        }
-        while (padlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --padlen;
-        }
-    }
-    while (padlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-    }
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    while (iplace > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
-
-    /*
-     * Decimal point. This should probably use locale to find the correct
-     * char to print out.
-     */
-    if (max > 0 || (flags & DP_F_NUM)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
-
-        while (fplace > 0)
-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
-    }
-    while (zpadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-        --zpadlen;
-    }
-
-    while (padlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-    }
-}
-
-static void
-doapr_outch(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    int c)
-{
-    /* If we haven't at least one buffer, someone has doe a big booboo */
-    assert(*sbuffer != NULL || buffer != NULL);
-
-    if (buffer) {
-        while (*currlen >= *maxlen) {
-            if (*buffer == NULL) {
-                if (*maxlen == 0)
-                    *maxlen = 1024;
-                *buffer = OPENSSL_malloc(*maxlen);
-                if (*currlen > 0) {
-                    assert(*sbuffer != NULL);
-                    memcpy(*buffer, *sbuffer, *currlen);
-                }
-                *sbuffer = NULL;
-            } else {
-                *maxlen += 1024;
-                *buffer = OPENSSL_realloc(*buffer, *maxlen);
-            }
-        }
-        /* What to do if *buffer is NULL? */
-        assert(*sbuffer != NULL || *buffer != NULL);
-    }
-
-    if (*currlen < *maxlen) {
-        if (*sbuffer)
-            (*sbuffer)[(*currlen)++] = (char)c;
-        else
-            (*buffer)[(*currlen)++] = (char)c;
-    }
-
-    return;
-}
-
-/***************************************************************************/
-
-int BIO_printf (BIO *bio, const char *format, ...)
-        {
-        va_list args;
-        int ret;
-
-        va_start(args, format);
-
-        ret = BIO_vprintf(bio, format, args);
-
-        va_end(args);
-        return(ret);
-        }
-
-int BIO_vprintf (BIO *bio, const char *format, va_list args)
-        {
-        int ret;
-        size_t retlen;
-        char hugebuf[1024*2];   /* Was previously 10k, which is unreasonable
-                                   in small-stack environments, like threads
-                                   or DOS programs. */
-        char *hugebufp = hugebuf;
-        size_t hugebufsize = sizeof(hugebuf);
-        char *dynbuf = NULL;
-        int ignored;
-
-        dynbuf = NULL;
-        CRYPTO_push_info("doapr()");
-        _dopr(&hugebufp, &dynbuf, &hugebufsize,
-                &retlen, &ignored, format, args);
-        if (dynbuf)
-                {
-                ret=BIO_write(bio, dynbuf, (int)retlen);
-                OPENSSL_free(dynbuf);
-                }
-        else
-                {
-                ret=BIO_write(bio, hugebuf, (int)retlen);
-                }
-        CRYPTO_pop_info();
-        return(ret);
-        }
-
-/* As snprintf is not available everywhere, we provide our own implementation.
- * In case of overflow or error, this returns -1.
- * This function has nothing to do with BIOs, but it's closely related
- * to BIO_printf, and we need *some* name prefix ...
- * (XXX  the function should be renamed, but to what?) */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-        {
-        va_list args;
-        int ret;
-
-        va_start(args, format);
-
-        ret = BIO_vsnprintf(buf, n, format, args);
-
-        va_end(args);
-        return(ret);
-        }
-
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-        {
-        size_t retlen;
-        int truncated;
-
-        _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
-
-        if (truncated)
-                /* In case of truncation, return -1 unlike traditional snprintf.
-                 * (Current drafts for ISO/IEC 9899 say snprintf should return
-                 * the number of characters that would have been written,
-                 * had the buffer been large enough, as it did historically.) */
-                return -1;
-        else
-                return (retlen <= INT_MAX) ? (int)retlen : -1;
-        }
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
deleted file mode 100644
index c851298d1e..0000000000
--- a/src/lib/libcrypto/bio/b_sock.c
+++ /dev/null
@@ -1,752 +0,0 @@
-/* crypto/bio/b_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#ifdef SO_MAXCONN
-#define MAX_LISTEN  SO_MAXCONN
-#elif defined(SOMAXCONN)
-#define MAX_LISTEN  SOMAXCONN
-#else
-#define MAX_LISTEN  32
-#endif
-
-#ifdef OPENSSL_SYS_WINDOWS
-static int wsa_init_done=0;
-#endif
-
-#if 0
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-
-#define GHBN_NUM        4
-static struct ghbn_cache_st
-        {
-        char name[129];
-        struct hostent *ent;
-        unsigned long order;
-        } ghbn_cache[GHBN_NUM];
-#endif
-
-static int get_ip(const char *str,unsigned char *ip);
-#if 0
-static void ghbn_free(struct hostent *a);
-static struct hostent *ghbn_dup(struct hostent *a);
-#endif
-int BIO_get_host_ip(const char *str, unsigned char *ip)
-        {
-        int i;
-        int err = 1;
-        int locked = 0;
-        struct hostent *he;
-
-        i=get_ip(str,ip);
-        if (i < 0)
-                {
-                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
-                goto err;
-                }
-
-        /* At this point, we have something that is most probably correct
-           in some way, so let's init the socket. */
-        if (BIO_sock_init() != 1)
-                return 0; /* don't generate another error code here */
-
-        /* If the string actually contained an IP address, we need not do
-           anything more */
-        if (i > 0) return(1);
-
-        /* do a gethostbyname */
-        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-        locked = 1;
-        he=BIO_gethostbyname(str);
-        if (he == NULL)
-                {
-                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
-                goto err;
-                }
-
-        /* cast to short because of win16 winsock definition */
-        if ((short)he->h_addrtype != AF_INET)
-                {
-                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-                goto err;
-                }
-        for (i=0; i<4; i++)
-                ip[i]=he->h_addr_list[0][i];
-        err = 0;
-
- err:
-        if (locked)
-                CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-        if (err)
-                {
-                ERR_add_error_data(2,"host=",str);
-                return 0;
-                }
-        else
-                return 1;
-        }
-
-int BIO_get_port(const char *str, unsigned short *port_ptr)
-        {
-        int i;
-        struct servent *s;
-
-        if (str == NULL)
-                {
-                BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
-                return(0);
-                }
-        i=atoi(str);
-        if (i != 0)
-                *port_ptr=(unsigned short)i;
-        else
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
-                /* Note: under VMS with SOCKETSHR, it seems like the first
-                 * parameter is 'char *', instead of 'const char *'
-                 */
-                s=getservbyname(
-#ifndef CONST_STRICT
-                    (char *)
-#endif
-                    str,"tcp");
-                if(s != NULL)
-                        *port_ptr=ntohs((unsigned short)s->s_port);
-                CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
-                if(s == NULL)
-                        {
-                        if (strcmp(str,"http") == 0)
-                                *port_ptr=80;
-                        else if (strcmp(str,"telnet") == 0)
-                                *port_ptr=23;
-                        else if (strcmp(str,"socks") == 0)
-                                *port_ptr=1080;
-                        else if (strcmp(str,"https") == 0)
-                                *port_ptr=443;
-                        else if (strcmp(str,"ssl") == 0)
-                                *port_ptr=443;
-                        else if (strcmp(str,"ftp") == 0)
-                                *port_ptr=21;
-                        else if (strcmp(str,"gopher") == 0)
-                                *port_ptr=70;
-#if 0
-                        else if (strcmp(str,"wais") == 0)
-                                *port_ptr=21;
-#endif
-                        else
-                                {
-                                SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
-                                ERR_add_error_data(3,"service='",str,"'");
-                                return(0);
-                                }
-                        }
-                }
-        return(1);
-        }
-
-int BIO_sock_error(int sock)
-        {
-        int j,i;
-        int size;
-                 
-        size=sizeof(int);
-        /* Note: under Windows the third parameter is of type (char *)
-         * whereas under other systems it is (void *) if you don't have
-         * a cast it will choke the compiler: if you do have a cast then
-         * you can either go for (char *) or (void *).
-         */
-        i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
-        if (i < 0)
-                return(1);
-        else
-                return(j);
-        }
-
-#if 0
-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
-        {
-        int i;
-        char **p;
-
-        switch (cmd)
-                {
-        case BIO_GHBN_CTRL_HITS:
-                return(BIO_ghbn_hits);
-                /* break; */
-        case BIO_GHBN_CTRL_MISSES:
-                return(BIO_ghbn_miss);
-                /* break; */
-        case BIO_GHBN_CTRL_CACHE_SIZE:
-                return(GHBN_NUM);
-                /* break; */
-        case BIO_GHBN_CTRL_GET_ENTRY:
-                if ((iarg >= 0) && (iarg <GHBN_NUM) &&
-                        (ghbn_cache[iarg].order > 0))
-                        {
-                        p=(char **)parg;
-                        if (p == NULL) return(0);
-                        *p=ghbn_cache[iarg].name;
-                        ghbn_cache[iarg].name[128]='\0';
-                        return(1);
-                        }
-                return(0);
-                /* break; */
-        case BIO_GHBN_CTRL_FLUSH:
-                for (i=0; i<GHBN_NUM; i++)
-                        ghbn_cache[i].order=0;
-                break;
-        default:
-                return(0);
-                }
-        return(1);
-        }
-#endif
-
-#if 0
-static struct hostent *ghbn_dup(struct hostent *a)
-        {
-        struct hostent *ret;
-        int i,j;
-
-        MemCheck_off();
-        ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
-        if (ret == NULL) return(NULL);
-        memset(ret,0,sizeof(struct hostent));
-
-        for (i=0; a->h_aliases[i] != NULL; i++)
-                ;
-        i++;
-        ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
-        if (ret->h_aliases == NULL)
-                goto err;
-        memset(ret->h_aliases, 0, i*sizeof(char *));
-
-        for (i=0; a->h_addr_list[i] != NULL; i++)
-                ;
-        i++;
-        ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
-        if (ret->h_addr_list == NULL)
-                goto err;
-        memset(ret->h_addr_list, 0, i*sizeof(char *));
-
-        j=strlen(a->h_name)+1;
-        if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
-        memcpy((char *)ret->h_name,a->h_name,j);
-        for (i=0; a->h_aliases[i] != NULL; i++)
-                {
-                j=strlen(a->h_aliases[i])+1;
-                if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
-                memcpy(ret->h_aliases[i],a->h_aliases[i],j);
-                }
-        ret->h_length=a->h_length;
-        ret->h_addrtype=a->h_addrtype;
-        for (i=0; a->h_addr_list[i] != NULL; i++)
-                {
-                if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
-                        goto err;
-                memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
-                }
-        if (0)
-                {
-err:    
-                if (ret != NULL)
-                        ghbn_free(ret);
-                ret=NULL;
-                }
-        MemCheck_on();
-        return(ret);
-        }
-
-static void ghbn_free(struct hostent *a)
-        {
-        int i;
-
-        if(a == NULL)
-            return;
-
-        if (a->h_aliases != NULL)
-                {
-                for (i=0; a->h_aliases[i] != NULL; i++)
-                        OPENSSL_free(a->h_aliases[i]);
-                OPENSSL_free(a->h_aliases);
-                }
-        if (a->h_addr_list != NULL)
-                {
-                for (i=0; a->h_addr_list[i] != NULL; i++)
-                        OPENSSL_free(a->h_addr_list[i]);
-                OPENSSL_free(a->h_addr_list);
-                }
-        if (a->h_name != NULL) OPENSSL_free(a->h_name);
-        OPENSSL_free(a);
-        }
-
-#endif
-
-struct hostent *BIO_gethostbyname(const char *name)
-        {
-#if 1
-        /* Caching gethostbyname() results forever is wrong,
-         * so we have to let the true gethostbyname() worry about this */
-        return gethostbyname(name);
-#else
-        struct hostent *ret;
-        int i,lowi=0,j;
-        unsigned long low= (unsigned long)-1;
-
-
-#  if 0
-        /* It doesn't make sense to use locking here: The function interface
-         * is not thread-safe, because threads can never be sure when
-         * some other thread destroys the data they were given a pointer to.
-         */
-        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-        j=strlen(name);
-        if (j < 128)
-                {
-                for (i=0; i<GHBN_NUM; i++)
-                        {
-                        if (low > ghbn_cache[i].order)
-                                {
-                                low=ghbn_cache[i].order;
-                                lowi=i;
-                                }
-                        if (ghbn_cache[i].order > 0)
-                                {
-                                if (strncmp(name,ghbn_cache[i].name,128) == 0)
-                                        break;
-                                }
-                        }
-                }
-        else
-                i=GHBN_NUM;
-
-        if (i == GHBN_NUM) /* no hit*/
-                {
-                BIO_ghbn_miss++;
-                /* Note: under VMS with SOCKETSHR, it seems like the first
-                 * parameter is 'char *', instead of 'const char *'
-                 */
-                ret=gethostbyname(
-#  ifndef CONST_STRICT
-                    (char *)
-#  endif
-                    name);
-
-                if (ret == NULL)
-                        goto end;
-                if (j > 128) /* too big to cache */
-                        {
-#  if 0
-                        /* If we were trying to make this function thread-safe (which
-                         * is bound to fail), we'd have to give up in this case
-                         * (or allocate more memory). */
-                        ret = NULL;
-#  endif
-                        goto end;
-                        }
-
-                /* else add to cache */
-                if (ghbn_cache[lowi].ent != NULL)
-                        ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
-                ghbn_cache[lowi].name[0] = '\0';
-
-                if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
-                        {
-                        BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
-                        goto end;
-                        }
-                strncpy(ghbn_cache[lowi].name,name,128);
-                ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
-                }
-        else
-                {
-                BIO_ghbn_hits++;
-                ret= ghbn_cache[i].ent;
-                ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
-                }
-end:
-#  if 0
-        CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-        return(ret);
-#endif
-        }
-
-
-int BIO_sock_init(void)
-        {
-#ifdef OPENSSL_SYS_WINDOWS
-        static struct WSAData wsa_state;
-
-        if (!wsa_init_done)
-                {
-                int err;
-          
-#ifdef SIGINT
-                signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
-#endif
-                wsa_init_done=1;
-                memset(&wsa_state,0,sizeof(wsa_state));
-                if (WSAStartup(0x0101,&wsa_state)!=0)
-                        {
-                        err=WSAGetLastError();
-                        SYSerr(SYS_F_WSASTARTUP,err);
-                        BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
-                        return(-1);
-                        }
-                }
-#endif /* OPENSSL_SYS_WINDOWS */
-#ifdef WATT32
-        extern int _watt_do_exit;
-        _watt_do_exit = 0;    /* don't make sock_init() call exit() */
-        if (sock_init())
-                return (-1);
-#endif
-        return(1);
-        }
-
-void BIO_sock_cleanup(void)
-        {
-#ifdef OPENSSL_SYS_WINDOWS
-        if (wsa_init_done)
-                {
-                wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
-                WSACancelBlockingCall();
-#endif
-                WSACleanup();
-                }
-#endif
-        }
-
-#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
-
-int BIO_socket_ioctl(int fd, long type, void *arg)
-        {
-        int i;
-
-#ifdef __DJGPP__
-        i=ioctlsocket(fd,type,(char *)arg);
-#else
-        i=ioctlsocket(fd,type,arg);
-#endif /* __DJGPP__ */
-        if (i < 0)
-                SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
-        return(i);
-        }
-#endif /* __VMS_VER */
-
-/* The reason I have implemented this instead of using sscanf is because
- * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
-static int get_ip(const char *str, unsigned char ip[4])
-        {
-        unsigned int tmp[4];
-        int num=0,c,ok=0;
-
-        tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-
-        for (;;)
-                {
-                c= *(str++);
-                if ((c >= '0') && (c <= '9'))
-                        {
-                        ok=1;
-                        tmp[num]=tmp[num]*10+c-'0';
-                        if (tmp[num] > 255) return(0);
-                        }
-                else if (c == '.')
-                        {
-                        if (!ok) return(-1);
-                        if (num == 3) return(0);
-                        num++;
-                        ok=0;
-                        }
-                else if (c == '\0' && (num == 3) && ok)
-                        break;
-                else
-                        return(0);
-                }
-        ip[0]=tmp[0];
-        ip[1]=tmp[1];
-        ip[2]=tmp[2];
-        ip[3]=tmp[3];
-        return(1);
-        }
-
-int BIO_get_accept_socket(char *host, int bind_mode)
-        {
-        int ret=0;
-        struct sockaddr_in server,client;
-        int s=INVALID_SOCKET,cs;
-        unsigned char ip[4];
-        unsigned short port;
-        char *str=NULL,*e;
-        const char *h,*p;
-        unsigned long l;
-        int err_num;
-
-        if (BIO_sock_init() != 1) return(INVALID_SOCKET);
-
-        if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
-
-        h=p=NULL;
-        h=str;
-        for (e=str; *e; e++)
-                {
-                if (*e == ':')
-                        {
-                        p= &(e[1]);
-                        *e='\0';
-                        }
-                else if (*e == '/')
-                        {
-                        *e='\0';
-                        break;
-                        }
-                }
-
-        if (p == NULL)
-                {
-                p=h;
-                h="*";
-                }
-
-        if (!BIO_get_port(p,&port)) goto err;
-
-        memset((char *)&server,0,sizeof(server));
-        server.sin_family=AF_INET;
-        server.sin_port=htons(port);
-
-        if (strcmp(h,"*") == 0)
-                server.sin_addr.s_addr=INADDR_ANY;
-        else
-                {
-                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
-                l=(unsigned long)
-                        ((unsigned long)ip[0]<<24L)|
-                        ((unsigned long)ip[1]<<16L)|
-                        ((unsigned long)ip[2]<< 8L)|
-                        ((unsigned long)ip[3]);
-                server.sin_addr.s_addr=htonl(l);
-                }
-
-again:
-        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-        if (s == INVALID_SOCKET)
-                {
-                SYSerr(SYS_F_SOCKET,get_last_socket_error());
-                ERR_add_error_data(3,"port='",host,"'");
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
-                goto err;
-                }
-
-#ifdef SO_REUSEADDR
-        if (bind_mode == BIO_BIND_REUSEADDR)
-                {
-                int i=1;
-
-                ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
-                bind_mode=BIO_BIND_NORMAL;
-                }
-#endif
-        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-                {
-#ifdef SO_REUSEADDR
-                err_num=get_last_socket_error();
-                if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
-                        (err_num == EADDRINUSE))
-                        {
-                        memcpy((char *)&client,(char *)&server,sizeof(server));
-                        if (strcmp(h,"*") == 0)
-                                client.sin_addr.s_addr=htonl(0x7F000001);
-                        cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-                        if (cs != INVALID_SOCKET)
-                                {
-                                int ii;
-                                ii=connect(cs,(struct sockaddr *)&client,
-                                        sizeof(client));
-                                closesocket(cs);
-                                if (ii == INVALID_SOCKET)
-                                        {
-                                        bind_mode=BIO_BIND_REUSEADDR;
-                                        closesocket(s);
-                                        goto again;
-                                        }
-                                /* else error */
-                                }
-                        /* else error */
-                        }
-#endif
-                SYSerr(SYS_F_BIND,err_num);
-                ERR_add_error_data(3,"port='",host,"'");
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
-                goto err;
-                }
-        if (listen(s,MAX_LISTEN) == -1)
-                {
-                SYSerr(SYS_F_BIND,get_last_socket_error());
-                ERR_add_error_data(3,"port='",host,"'");
-                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
-                goto err;
-                }
-        ret=1;
-err:
-        if (str != NULL) OPENSSL_free(str);
-        if ((ret == 0) && (s != INVALID_SOCKET))
-                {
-                closesocket(s);
-                s= INVALID_SOCKET;
-                }
-        return(s);
-        }
-
-int BIO_accept(int sock, char **addr)
-        {
-        int ret=INVALID_SOCKET;
-        static struct sockaddr_in from;
-        unsigned long l;
-        unsigned short port;
-        int len;
-        char *p;
-
-        memset((char *)&from,0,sizeof(from));
-        len=sizeof(from);
-        /* Note: under VMS with SOCKETSHR the fourth parameter is currently
-         * of type (int *) whereas under other systems it is (void *) if
-         * you don't have a cast it will choke the compiler: if you do
-         * have a cast then you can either go for (int *) or (void *).
-         */
-        ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
-        if (ret == INVALID_SOCKET)
-                {
-                if(BIO_sock_should_retry(ret)) return -2;
-                SYSerr(SYS_F_ACCEPT,get_last_socket_error());
-                BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
-                goto end;
-                }
-
-        if (addr == NULL) goto end;
-
-        l=ntohl(from.sin_addr.s_addr);
-        port=ntohs(from.sin_port);
-        if (*addr == NULL)
-                {
-                if ((p=OPENSSL_malloc(24)) == NULL)
-                        {
-                        BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
-                        goto end;
-                        }
-                *addr=p;
-                }
-        BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
-                     (unsigned char)(l>>24L)&0xff,
-                     (unsigned char)(l>>16L)&0xff,
-                     (unsigned char)(l>> 8L)&0xff,
-                     (unsigned char)(l     )&0xff,
-                     port);
-end:
-        return(ret);
-        }
-
-int BIO_set_tcp_ndelay(int s, int on)
-        {
-        int ret=0;
-#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
-        int opt;
-
-#ifdef SOL_TCP
-        opt=SOL_TCP;
-#else
-#ifdef IPPROTO_TCP
-        opt=IPPROTO_TCP;
-#endif
-#endif
-        
-        ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
-#endif
-        return(ret == 0);
-        }
-#endif
-
-int BIO_socket_nbio(int s, int mode)
-        {
-        int ret= -1;
-        int l;
-
-        l=mode;
-#ifdef FIONBIO
-        ret=BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
-        return(ret == 0);
-        }
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
deleted file mode 100644
index c1fd75aaad..0000000000
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ /dev/null
@@ -1,511 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int buffer_write(BIO *h, const char *buf,int num);
-static int buffer_read(BIO *h, char *buf, int size);
-static int buffer_puts(BIO *h, const char *str);
-static int buffer_gets(BIO *h, char *str, int size);
-static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int buffer_new(BIO *h);
-static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE     4096
-
-static BIO_METHOD methods_buffer=
-        {
-        BIO_TYPE_BUFFER,
-        "buffer",
-        buffer_write,
-        buffer_read,
-        buffer_puts,
-        buffer_gets,
-        buffer_ctrl,
-        buffer_new,
-        buffer_free,
-        buffer_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_buffer(void)
-        {
-        return(&methods_buffer);
-        }
-
-static int buffer_new(BIO *bi)
-        {
-        BIO_F_BUFFER_CTX *ctx;
-
-        ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
-        if (ctx == NULL) return(0);
-        ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-        if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
-        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-        if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
-        ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
-        ctx->obuf_size=DEFAULT_BUFFER_SIZE;
-        ctx->ibuf_len=0;
-        ctx->ibuf_off=0;
-        ctx->obuf_len=0;
-        ctx->obuf_off=0;
-
-        bi->init=1;
-        bi->ptr=(char *)ctx;
-        bi->flags=0;
-        return(1);
-        }
-
-static int buffer_free(BIO *a)
-        {
-        BIO_F_BUFFER_CTX *b;
-
-        if (a == NULL) return(0);
-        b=(BIO_F_BUFFER_CTX *)a->ptr;
-        if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
-        if (b->obuf != NULL) OPENSSL_free(b->obuf);
-        OPENSSL_free(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int buffer_read(BIO *b, char *out, int outl)
-        {
-        int i,num=0;
-        BIO_F_BUFFER_CTX *ctx;
-
-        if (out == NULL) return(0);
-        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-        num=0;
-        BIO_clear_retry_flags(b);
-
-start:
-        i=ctx->ibuf_len;
-        /* If there is stuff left over, grab it */
-        if (i != 0)
-                {
-                if (i > outl) i=outl;
-                memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
-                ctx->ibuf_off+=i;
-                ctx->ibuf_len-=i;
-                num+=i;
-                if (outl == i)  return(num);
-                outl-=i;
-                out+=i;
-                }
-
-        /* We may have done a partial read. try to do more.
-         * We have nothing in the buffer.
-         * If we get an error and have read some data, just return it
-         * and let them retry to get the error again.
-         * copy direct to parent address space */
-        if (outl > ctx->ibuf_size)
-                {
-                for (;;)
-                        {
-                        i=BIO_read(b->next_bio,out,outl);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-                                if (i < 0) return((num > 0)?num:i);
-                                if (i == 0) return(num);
-                                }
-                        num+=i;
-                        if (outl == i) return(num);
-                        out+=i;
-                        outl-=i;
-                        }
-                }
-        /* else */
-
-        /* we are going to be doing some buffering */
-        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-        if (i <= 0)
-                {
-                BIO_copy_next_retry(b);
-                if (i < 0) return((num > 0)?num:i);
-                if (i == 0) return(num);
-                }
-        ctx->ibuf_off=0;
-        ctx->ibuf_len=i;
-
-        /* Lets re-read using ourselves :-) */
-        goto start;
-        }
-
-static int buffer_write(BIO *b, const char *in, int inl)
-        {
-        int i,num=0;
-        BIO_F_BUFFER_CTX *ctx;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-        BIO_clear_retry_flags(b);
-start:
-        i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
-        /* add to buffer and return */
-        if (i >= inl)
-                {
-                memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
-                ctx->obuf_len+=inl;
-                return(num+inl);
-                }
-        /* else */
-        /* stuff already in buffer, so add to it first, then flush */
-        if (ctx->obuf_len != 0)
-                {
-                if (i > 0) /* lets fill it up if we can */
-                        {
-                        memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
-                        in+=i;
-                        inl-=i;
-                        num+=i;
-                        ctx->obuf_len+=i;
-                        }
-                /* we now have a full buffer needing flushing */
-                for (;;)
-                        {
-                        i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
-                                ctx->obuf_len);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-
-                                if (i < 0) return((num > 0)?num:i);
-                                if (i == 0) return(num);
-                                }
-                        ctx->obuf_off+=i;
-                        ctx->obuf_len-=i;
-                        if (ctx->obuf_len == 0) break;
-                        }
-                }
-        /* we only get here if the buffer has been flushed and we
-         * still have stuff to write */
-        ctx->obuf_off=0;
-
-        /* we now have inl bytes to write */
-        while (inl >= ctx->obuf_size)
-                {
-                i=BIO_write(b->next_bio,in,inl);
-                if (i <= 0)
-                        {
-                        BIO_copy_next_retry(b);
-                        if (i < 0) return((num > 0)?num:i);
-                        if (i == 0) return(num);
-                        }
-                num+=i;
-                in+=i;
-                inl-=i;
-                if (inl == 0) return(num);
-                }
-
-        /* copy the rest into the buffer since we have only a small 
-         * amount left */
-        goto start;
-        }
-
-static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO *dbio;
-        BIO_F_BUFFER_CTX *ctx;
-        long ret=1;
-        char *p1,*p2;
-        int r,i,*ip;
-        int ibs,obs;
-
-        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ctx->ibuf_off=0;
-                ctx->ibuf_len=0;
-                ctx->obuf_off=0;
-                ctx->obuf_len=0;
-                if (b->next_bio == NULL) return(0);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_INFO:
-                ret=(long)ctx->obuf_len;
-                break;
-        case BIO_C_GET_BUFF_NUM_LINES:
-                ret=0;
-                p1=ctx->ibuf;
-                for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
-                        {
-                        if (p1[i] == '\n') ret++;
-                        }
-                break;
-        case BIO_CTRL_WPENDING:
-                ret=(long)ctx->obuf_len;
-                if (ret == 0)
-                        {
-                        if (b->next_bio == NULL) return(0);
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                        }
-                break;
-        case BIO_CTRL_PENDING:
-                ret=(long)ctx->ibuf_len;
-                if (ret == 0)
-                        {
-                        if (b->next_bio == NULL) return(0);
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                        }
-                break;
-        case BIO_C_SET_BUFF_READ_DATA:
-                if (num > ctx->ibuf_size)
-                        {
-                        p1=OPENSSL_malloc((int)num);
-                        if (p1 == NULL) goto malloc_error;
-                        if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
-                        ctx->ibuf=p1;
-                        }
-                ctx->ibuf_off=0;
-                ctx->ibuf_len=(int)num;
-                memcpy(ctx->ibuf,ptr,(int)num);
-                ret=1;
-                break;
-        case BIO_C_SET_BUFF_SIZE:
-                if (ptr != NULL)
-                        {
-                        ip=(int *)ptr;
-                        if (*ip == 0)
-                                {
-                                ibs=(int)num;
-                                obs=ctx->obuf_size;
-                                }
-                        else /* if (*ip == 1) */
-                                {
-                                ibs=ctx->ibuf_size;
-                                obs=(int)num;
-                                }
-                        }
-                else
-                        {
-                        ibs=(int)num;
-                        obs=(int)num;
-                        }
-                p1=ctx->ibuf;
-                p2=ctx->obuf;
-                if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
-                        {
-                        p1=(char *)OPENSSL_malloc((int)num);
-                        if (p1 == NULL) goto malloc_error;
-                        }
-                if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
-                        {
-                        p2=(char *)OPENSSL_malloc((int)num);
-                        if (p2 == NULL)
-                                {
-                                if (p1 != ctx->ibuf) OPENSSL_free(p1);
-                                goto malloc_error;
-                                }
-                        }
-                if (ctx->ibuf != p1)
-                        {
-                        OPENSSL_free(ctx->ibuf);
-                        ctx->ibuf=p1;
-                        ctx->ibuf_off=0;
-                        ctx->ibuf_len=0;
-                        ctx->ibuf_size=ibs;
-                        }
-                if (ctx->obuf != p2)
-                        {
-                        OPENSSL_free(ctx->obuf);
-                        ctx->obuf=p2;
-                        ctx->obuf_off=0;
-                        ctx->obuf_len=0;
-                        ctx->obuf_size=obs;
-                        }
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                if (b->next_bio == NULL) return(0);
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-
-        case BIO_CTRL_FLUSH:
-                if (b->next_bio == NULL) return(0);
-                if (ctx->obuf_len <= 0)
-                        {
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                        break;
-                        }
-
-                for (;;)
-                        {
-                        BIO_clear_retry_flags(b);
-                        if (ctx->obuf_len > ctx->obuf_off)
-                                {
-                                r=BIO_write(b->next_bio,
-                                        &(ctx->obuf[ctx->obuf_off]),
-                                        ctx->obuf_len-ctx->obuf_off);
-#if 0
-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
-#endif
-                                BIO_copy_next_retry(b);
-                                if (r <= 0) return((long)r);
-                                ctx->obuf_off+=r;
-                                }
-                        else
-                                {
-                                ctx->obuf_len=0;
-                                ctx->obuf_off=0;
-                                ret=1;
-                                break;
-                                }
-                        }
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_DUP:
-                dbio=(BIO *)ptr;
-                if (    !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
-                        !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
-                        ret=0;
-                break;
-        default:
-                if (b->next_bio == NULL) return(0);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-malloc_error:
-        BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
-        return(0);
-        }
-
-static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int buffer_gets(BIO *b, char *buf, int size)
-        {
-        BIO_F_BUFFER_CTX *ctx;
-        int num=0,i,flag;
-        char *p;
-
-        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-        size--; /* reserve space for a '\0' */
-        BIO_clear_retry_flags(b);
-
-        for (;;)
-                {
-                if (ctx->ibuf_len > 0)
-                        {
-                        p= &(ctx->ibuf[ctx->ibuf_off]);
-                        flag=0;
-                        for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
-                                {
-                                *(buf++)=p[i];
-                                if (p[i] == '\n')
-                                        {
-                                        flag=1;
-                                        i++;
-                                        break;
-                                        }
-                                }
-                        num+=i;
-                        size-=i;
-                        ctx->ibuf_len-=i;
-                        ctx->ibuf_off+=i;
-                        if (flag || size == 0)
-                                {
-                                *buf='\0';
-                                return(num);
-                                }
-                        }
-                else    /* read another chunk */
-                        {
-                        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-                                *buf='\0';
-                                if (i < 0) return((num > 0)?num:i);
-                                if (i == 0) return(num);
-                                }
-                        ctx->ibuf_len=i;
-                        ctx->ibuf_off=0;
-                        }
-                }
-        }
-
-static int buffer_puts(BIO *b, const char *str)
-        {
-        return(buffer_write(b,str,strlen(str)));
-        }
-
diff --git a/src/lib/libcrypto/bio/bf_lbuf.c b/src/lib/libcrypto/bio/bf_lbuf.c
deleted file mode 100644
index ec0f7eb0b7..0000000000
--- a/src/lib/libcrypto/bio/bf_lbuf.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-static int linebuffer_write(BIO *h, const char *buf,int num);
-static int linebuffer_read(BIO *h, char *buf, int size);
-static int linebuffer_puts(BIO *h, const char *str);
-static int linebuffer_gets(BIO *h, char *str, int size);
-static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int linebuffer_new(BIO *h);
-static int linebuffer_free(BIO *data);
-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-/* A 10k maximum should be enough for most purposes */
-#define DEFAULT_LINEBUFFER_SIZE 1024*10
-
-/* #define DEBUG */
-
-static BIO_METHOD methods_linebuffer=
-        {
-        BIO_TYPE_LINEBUFFER,
-        "linebuffer",
-        linebuffer_write,
-        linebuffer_read,
-        linebuffer_puts,
-        linebuffer_gets,
-        linebuffer_ctrl,
-        linebuffer_new,
-        linebuffer_free,
-        linebuffer_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_linebuffer(void)
-        {
-        return(&methods_linebuffer);
-        }
-
-typedef struct bio_linebuffer_ctx_struct
-        {
-        char *obuf;             /* the output char array */
-        int obuf_size;          /* how big is the output buffer */
-        int obuf_len;           /* how many bytes are in it */
-        } BIO_LINEBUFFER_CTX;
-
-static int linebuffer_new(BIO *bi)
-        {
-        BIO_LINEBUFFER_CTX *ctx;
-
-        ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
-        if (ctx == NULL) return(0);
-        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
-        if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
-        ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
-        ctx->obuf_len=0;
-
-        bi->init=1;
-        bi->ptr=(char *)ctx;
-        bi->flags=0;
-        return(1);
-        }
-
-static int linebuffer_free(BIO *a)
-        {
-        BIO_LINEBUFFER_CTX *b;
-
-        if (a == NULL) return(0);
-        b=(BIO_LINEBUFFER_CTX *)a->ptr;
-        if (b->obuf != NULL) OPENSSL_free(b->obuf);
-        OPENSSL_free(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int linebuffer_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
- 
-        if (out == NULL) return(0);
-        if (b->next_bio == NULL) return(0);
-        ret=BIO_read(b->next_bio,out,outl);
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static int linebuffer_write(BIO *b, const char *in, int inl)
-        {
-        int i,num=0,foundnl;
-        BIO_LINEBUFFER_CTX *ctx;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-        BIO_clear_retry_flags(b);
-
-        do
-                {
-                const char *p;
-
-                for(p = in; p < in + inl && *p != '\n'; p++)
-                        ;
-                if (*p == '\n')
-                        {
-                        p++;
-                        foundnl = 1;
-                        }
-                else
-                        foundnl = 0;
-
-                /* If a NL was found and we already have text in the save
-                   buffer, concatenate them and write */
-                while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
-                        && ctx->obuf_len > 0)
-                        {
-                        int orig_olen = ctx->obuf_len;
-                        
-                        i = ctx->obuf_size - ctx->obuf_len;
-                        if (p - in > 0)
-                                {
-                                if (i >= p - in)
-                                        {
-                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
-                                                in,p - in);
-                                        ctx->obuf_len += p - in;
-                                        inl -= p - in;
-                                        num += p - in;
-                                        in = p;
-                                        }
-                                else
-                                        {
-                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
-                                                in,i);
-                                        ctx->obuf_len += i;
-                                        inl -= i;
-                                        in += i;
-                                        num += i;
-                                        }
-                                }
-
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
-                        i=BIO_write(b->next_bio,
-                                ctx->obuf, ctx->obuf_len);
-                        if (i <= 0)
-                                {
-                                ctx->obuf_len = orig_olen;
-                                BIO_copy_next_retry(b);
-
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-                                if (i < 0) return((num > 0)?num:i);
-                                if (i == 0) return(num);
-                                }
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-                        if (i < ctx->obuf_len)
-                                memmove(ctx->obuf, ctx->obuf + i,
-                                        ctx->obuf_len - i);
-                        ctx->obuf_len-=i;
-                        }
-
-                /* Now that the save buffer is emptied, let's write the input
-                   buffer if a NL was found and there is anything to write. */
-                if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
-                        {
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
-                        i=BIO_write(b->next_bio,in,p - in);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-                                if (i < 0) return((num > 0)?num:i);
-                                if (i == 0) return(num);
-                                }
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-                        num+=i;
-                        in+=i;
-                        inl-=i;
-                        }
-                }
-        while(foundnl && inl > 0);
-        /* We've written as much as we can.  The rest of the input buffer, if
-           any, is text that doesn't and with a NL and therefore needs to be
-           saved for the next trip. */
-        if (inl > 0)
-                {
-                memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
-                ctx->obuf_len += inl;
-                num += inl;
-                }
-        return num;
-        }
-
-static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO *dbio;
-        BIO_LINEBUFFER_CTX *ctx;
-        long ret=1;
-        char *p;
-        int r;
-        int obs;
-
-        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ctx->obuf_len=0;
-                if (b->next_bio == NULL) return(0);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_INFO:
-                ret=(long)ctx->obuf_len;
-                break;
-        case BIO_CTRL_WPENDING:
-                ret=(long)ctx->obuf_len;
-                if (ret == 0)
-                        {
-                        if (b->next_bio == NULL) return(0);
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                        }
-                break;
-        case BIO_C_SET_BUFF_SIZE:
-                obs=(int)num;
-                p=ctx->obuf;
-                if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
-                        {
-                        p=(char *)OPENSSL_malloc((int)num);
-                        if (p == NULL)
-                                goto malloc_error;
-                        }
-                if (ctx->obuf != p)
-                        {
-                        if (ctx->obuf_len > obs)
-                                {
-                                ctx->obuf_len = obs;
-                                }
-                        memcpy(p, ctx->obuf, ctx->obuf_len);
-                        OPENSSL_free(ctx->obuf);
-                        ctx->obuf=p;
-                        ctx->obuf_size=obs;
-                        }
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                if (b->next_bio == NULL) return(0);
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-
-        case BIO_CTRL_FLUSH:
-                if (b->next_bio == NULL) return(0);
-                if (ctx->obuf_len <= 0)
-                        {
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                        break;
-                        }
-
-                for (;;)
-                        {
-                        BIO_clear_retry_flags(b);
-                        if (ctx->obuf_len > 0)
-                                {
-                                r=BIO_write(b->next_bio,
-                                        ctx->obuf, ctx->obuf_len);
-#if 0
-fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
-#endif
-                                BIO_copy_next_retry(b);
-                                if (r <= 0) return((long)r);
-                                if (r < ctx->obuf_len)
-                                        memmove(ctx->obuf, ctx->obuf + r,
-                                                ctx->obuf_len - r);
-                                ctx->obuf_len-=r;
-                                }
-                        else
-                                {
-                                ctx->obuf_len=0;
-                                ret=1;
-                                break;
-                                }
-                        }
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_DUP:
-                dbio=(BIO *)ptr;
-                if (    !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
-                        ret=0;
-                break;
-        default:
-                if (b->next_bio == NULL) return(0);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-malloc_error:
-        BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
-        return(0);
-        }
-
-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int linebuffer_gets(BIO *b, char *buf, int size)
-        {
-        if (b->next_bio == NULL) return(0);
-        return(BIO_gets(b->next_bio,buf,size));
-        }
-
-static int linebuffer_puts(BIO *b, const char *str)
-        {
-        return(linebuffer_write(b,str,strlen(str)));
-        }
-
diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c
deleted file mode 100644
index 1ce2bfacc0..0000000000
--- a/src/lib/libcrypto/bio/bf_nbio.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nbiof_write(BIO *h,const char *buf,int num);
-static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,const char *str);
-static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
-static int nbiof_new(BIO *h);
-static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-typedef struct nbio_test_st
-        {
-        /* only set if we sent a 'should retry' error */
-        int lrn;
-        int lwn;
-        } NBIO_TEST;
-
-static BIO_METHOD methods_nbiof=
-        {
-        BIO_TYPE_NBIO_TEST,
-        "non-blocking IO test filter",
-        nbiof_write,
-        nbiof_read,
-        nbiof_puts,
-        nbiof_gets,
-        nbiof_ctrl,
-        nbiof_new,
-        nbiof_free,
-        nbiof_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_nbio_test(void)
-        {
-        return(&methods_nbiof);
-        }
-
-static int nbiof_new(BIO *bi)
-        {
-        NBIO_TEST *nt;
-
-        if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
-        nt->lrn= -1;
-        nt->lwn= -1;
-        bi->ptr=(char *)nt;
-        bi->init=1;
-        bi->flags=0;
-        return(1);
-        }
-
-static int nbiof_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        if (a->ptr != NULL)
-                OPENSSL_free(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int nbiof_read(BIO *b, char *out, int outl)
-        {
-        NBIO_TEST *nt;
-        int ret=0;
-#if 0
-        int num;
-        unsigned char n;
-#endif
-
-        if (out == NULL) return(0);
-        if (b->next_bio == NULL) return(0);
-        nt=(NBIO_TEST *)b->ptr;
-
-        BIO_clear_retry_flags(b);
-#if 0
-        RAND_pseudo_bytes(&n,1);
-        num=(n&0x07);
-
-        if (outl > num) outl=num;
-
-        if (num == 0)
-                {
-                ret= -1;
-                BIO_set_retry_read(b);
-                }
-        else
-#endif
-                {
-                ret=BIO_read(b->next_bio,out,outl);
-                if (ret < 0)
-                        BIO_copy_next_retry(b);
-                }
-        return(ret);
-        }
-
-static int nbiof_write(BIO *b, const char *in, int inl)
-        {
-        NBIO_TEST *nt;
-        int ret=0;
-        int num;
-        unsigned char n;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-        if (b->next_bio == NULL) return(0);
-        nt=(NBIO_TEST *)b->ptr;
-
-        BIO_clear_retry_flags(b);
-
-#if 1
-        if (nt->lwn > 0)
-                {
-                num=nt->lwn;
-                nt->lwn=0;
-                }
-        else
-                {
-                RAND_pseudo_bytes(&n,1);
-                num=(n&7);
-                }
-
-        if (inl > num) inl=num;
-
-        if (num == 0)
-                {
-                ret= -1;
-                BIO_set_retry_write(b);
-                }
-        else
-#endif
-                {
-                ret=BIO_write(b->next_bio,in,inl);
-                if (ret < 0)
-                        {
-                        BIO_copy_next_retry(b);
-                        nt->lwn=inl;
-                        }
-                }
-        return(ret);
-        }
-
-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-        case BIO_CTRL_DUP:
-                ret=0L;
-                break;
-        default:
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-        }
-
-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int nbiof_gets(BIO *bp, char *buf, int size)
-        {
-        if (bp->next_bio == NULL) return(0);
-        return(BIO_gets(bp->next_bio,buf,size));
-        }
-
-
-static int nbiof_puts(BIO *bp, const char *str)
-        {
-        if (bp->next_bio == NULL) return(0);
-        return(BIO_puts(bp->next_bio,str));
-        }
-
-
diff --git a/src/lib/libcrypto/bio/bf_null.c b/src/lib/libcrypto/bio/bf_null.c
deleted file mode 100644
index c1bf39a904..0000000000
--- a/src/lib/libcrypto/bio/bf_null.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/* crypto/bio/bf_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nullf_write(BIO *h, const char *buf, int num);
-static int nullf_read(BIO *h, char *buf, int size);
-static int nullf_puts(BIO *h, const char *str);
-static int nullf_gets(BIO *h, char *str, int size);
-static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int nullf_new(BIO *h);
-static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_nullf=
-        {
-        BIO_TYPE_NULL_FILTER,
-        "NULL filter",
-        nullf_write,
-        nullf_read,
-        nullf_puts,
-        nullf_gets,
-        nullf_ctrl,
-        nullf_new,
-        nullf_free,
-        nullf_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_null(void)
-        {
-        return(&methods_nullf);
-        }
-
-static int nullf_new(BIO *bi)
-        {
-        bi->init=1;
-        bi->ptr=NULL;
-        bi->flags=0;
-        return(1);
-        }
-
-static int nullf_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-/*      a->ptr=NULL;
-        a->init=0;
-        a->flags=0;*/
-        return(1);
-        }
-        
-static int nullf_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
- 
-        if (out == NULL) return(0);
-        if (b->next_bio == NULL) return(0);
-        ret=BIO_read(b->next_bio,out,outl);
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static int nullf_write(BIO *b, const char *in, int inl)
-        {
-        int ret=0;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-        if (b->next_bio == NULL) return(0);
-        ret=BIO_write(b->next_bio,in,inl);
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret;
-
-        if (b->next_bio == NULL) return(0);
-        switch(cmd)
-                {
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-        case BIO_CTRL_DUP:
-                ret=0L;
-                break;
-        default:
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                }
-        return(ret);
-        }
-
-static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int nullf_gets(BIO *bp, char *buf, int size)
-        {
-        if (bp->next_bio == NULL) return(0);
-        return(BIO_gets(bp->next_bio,buf,size));
-        }
-
-
-static int nullf_puts(BIO *bp, const char *str)
-        {
-        if (bp->next_bio == NULL) return(0);
-        return(BIO_puts(bp->next_bio,str));
-        }
-
-
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
deleted file mode 100644
index 2eb703830f..0000000000
--- a/src/lib/libcrypto/bio/bio.h
+++ /dev/null
@@ -1,695 +0,0 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BIO_H
-#define HEADER_BIO_H
-
-#ifndef OPENSSL_NO_FP_API
-# include <stdio.h>
-#endif
-#include <stdarg.h>
-
-#include <openssl/crypto.h>
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-#define BIO_TYPE_NONE           0
-#define BIO_TYPE_MEM            (1|0x0400)
-#define BIO_TYPE_FILE           (2|0x0400)
-
-#define BIO_TYPE_FD             (4|0x0400|0x0100)
-#define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
-#define BIO_TYPE_NULL           (6|0x0400)
-#define BIO_TYPE_SSL            (7|0x0200)
-#define BIO_TYPE_MD             (8|0x0200)              /* passive filter */
-#define BIO_TYPE_BUFFER         (9|0x0200)              /* filter */
-#define BIO_TYPE_CIPHER         (10|0x0200)             /* filter */
-#define BIO_TYPE_BASE64         (11|0x0200)             /* filter */
-#define BIO_TYPE_CONNECT        (12|0x0400|0x0100)      /* socket - connect */
-#define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)      /* socket for accept */
-#define BIO_TYPE_PROXY_CLIENT   (14|0x0200)             /* client proxy BIO */
-#define BIO_TYPE_PROXY_SERVER   (15|0x0200)             /* server proxy BIO */
-#define BIO_TYPE_NBIO_TEST      (16|0x0200)             /* server proxy BIO */
-#define BIO_TYPE_NULL_FILTER    (17|0x0200)
-#define BIO_TYPE_BER            (18|0x0200)             /* BER -> bin filter */
-#define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
-#define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
-
-#define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
-#define BIO_TYPE_FILTER         0x0200
-#define BIO_TYPE_SOURCE_SINK    0x0400
-
-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
-#define BIO_NOCLOSE             0x00
-#define BIO_CLOSE               0x01
-
-/* These are used in the following macros and are passed to
- * BIO_ctrl() */
-#define BIO_CTRL_RESET          1  /* opt - rewind/zero etc */
-#define BIO_CTRL_EOF            2  /* opt - are we at the eof */
-#define BIO_CTRL_INFO           3  /* opt - extra tit-bits */
-#define BIO_CTRL_SET            4  /* man - set the 'IO' type */
-#define BIO_CTRL_GET            5  /* man - get the 'IO' type */
-#define BIO_CTRL_PUSH           6  /* opt - internal, used to signify change */
-#define BIO_CTRL_POP            7  /* opt - internal, used to signify change */
-#define BIO_CTRL_GET_CLOSE      8  /* man - set the 'close' on free */
-#define BIO_CTRL_SET_CLOSE      9  /* man - set the 'close' on free */
-#define BIO_CTRL_PENDING        10  /* opt - is their more data buffered */
-#define BIO_CTRL_FLUSH          11  /* opt - 'flush' buffered output */
-#define BIO_CTRL_DUP            12  /* man - extra stuff for 'duped' BIO */
-#define BIO_CTRL_WPENDING       13  /* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
-#define BIO_CTRL_SET_CALLBACK   14  /* opt - set callback function */
-#define BIO_CTRL_GET_CALLBACK   15  /* opt - set callback function */
-
-#define BIO_CTRL_SET_FILENAME   30      /* BIO_s_file special */
-
-/* modifiers */
-#define BIO_FP_READ             0x02
-#define BIO_FP_WRITE            0x04
-#define BIO_FP_APPEND           0x08
-#define BIO_FP_TEXT             0x10
-
-#define BIO_FLAGS_READ          0x01
-#define BIO_FLAGS_WRITE         0x02
-#define BIO_FLAGS_IO_SPECIAL    0x04
-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-#define BIO_FLAGS_SHOULD_RETRY  0x08
-
-/* Used in BIO_gethostbyname() */
-#define BIO_GHBN_CTRL_HITS              1
-#define BIO_GHBN_CTRL_MISSES            2
-#define BIO_GHBN_CTRL_CACHE_SIZE        3
-#define BIO_GHBN_CTRL_GET_ENTRY         4
-#define BIO_GHBN_CTRL_FLUSH             5
-
-/* Mostly used in the SSL BIO */
-/* Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
- */
-
-#define BIO_FLAGS_BASE64_NO_NL  0x100
-
-/* This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
- */
-#define BIO_FLAGS_MEM_RDONLY    0x200
-
-#define BIO_set_flags(b,f) ((b)->flags|=(f))
-#define BIO_get_flags(b) ((b)->flags)
-#define BIO_set_retry_special(b) \
-                ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_read(b) \
-                ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_write(b) \
-                ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
-
-/* These are normally used internally in BIOs */
-#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
-#define BIO_clear_retry_flags(b) \
-                ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_get_retry_flags(b) \
-                ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-
-/* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a)              ((a)->flags & BIO_FLAGS_READ)
-#define BIO_should_write(a)             ((a)->flags & BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a)        ((a)->flags & BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a)               ((a)->flags & BIO_FLAGS_RWS)
-#define BIO_should_retry(a)             ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
-
-/* The next three are used in conjunction with the
- * BIO_should_io_special() condition.  After this returns true,
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
- * stack and return the 'reason' for the special and the offending BIO.
- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
-/* Returned from the SSL bio when the certificate retrieval code had an error */
-#define BIO_RR_SSL_X509_LOOKUP          0x01
-/* Returned from the connect BIO when a connect would have blocked */
-#define BIO_RR_CONNECT                  0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT                   0x03
-
-/* These are passed by the BIO callback */
-#define BIO_CB_FREE     0x01
-#define BIO_CB_READ     0x02
-#define BIO_CB_WRITE    0x03
-#define BIO_CB_PUTS     0x04
-#define BIO_CB_GETS     0x05
-#define BIO_CB_CTRL     0x06
-
-/* The callback is called before and after the underling operation,
- * The BIO_CB_RETURN flag indicates if it is after the call */
-#define BIO_CB_RETURN   0x80
-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
-#define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
-#define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
-
-#define BIO_set_callback(b,cb)          ((b)->callback=(cb))
-#define BIO_set_callback_arg(b,arg)     ((b)->cb_arg=(char *)(arg))
-#define BIO_get_callback_arg(b)         ((b)->cb_arg)
-#define BIO_get_callback(b)             ((b)->callback)
-#define BIO_method_name(b)              ((b)->method->name)
-#define BIO_method_type(b)              ((b)->method->type)
-
-typedef struct bio_st BIO;
-
-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-
-#ifndef OPENSSL_SYS_WIN16
-typedef struct bio_method_st
-        {
-        int type;
-        const char *name;
-        int (*bwrite)(BIO *, const char *, int);
-        int (*bread)(BIO *, char *, int);
-        int (*bputs)(BIO *, const char *);
-        int (*bgets)(BIO *, char *, int);
-        long (*ctrl)(BIO *, int, long, void *);
-        int (*create)(BIO *);
-        int (*destroy)(BIO *);
-        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
-        } BIO_METHOD;
-#else
-typedef struct bio_method_st
-        {
-        int type;
-        const char *name;
-        int (_far *bwrite)();
-        int (_far *bread)();
-        int (_far *bputs)();
-        int (_far *bgets)();
-        long (_far *ctrl)();
-        int (_far *create)();
-        int (_far *destroy)();
-        long (_far *callback_ctrl)();
-        } BIO_METHOD;
-#endif
-
-struct bio_st
-        {
-        BIO_METHOD *method;
-        /* bio, mode, argp, argi, argl, ret */
-        long (*callback)(struct bio_st *,int,const char *,int, long,long);
-        char *cb_arg; /* first argument for the callback */
-
-        int init;
-        int shutdown;
-        int flags;      /* extra storage */
-        int retry_reason;
-        int num;
-        void *ptr;
-        struct bio_st *next_bio;        /* used by filter BIOs */
-        struct bio_st *prev_bio;        /* used by filter BIOs */
-        int references;
-        unsigned long num_read;
-        unsigned long num_write;
-
-        CRYPTO_EX_DATA ex_data;
-        };
-
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct
-        {
-        /* BIO *bio; */ /* this is now in the BIO struct */
-        int ibuf_size;  /* how big is the input buffer */
-        int obuf_size;  /* how big is the output buffer */
-
-        char *ibuf;             /* the char array */
-        int ibuf_len;           /* how many bytes are in it */
-        int ibuf_off;           /* write/read offset */
-
-        char *obuf;             /* the char array */
-        int obuf_len;           /* how many bytes are in it */
-        int obuf_off;           /* write/read offset */
-        } BIO_F_BUFFER_CTX;
-
-/* connect BIO stuff */
-#define BIO_CONN_S_BEFORE               1
-#define BIO_CONN_S_GET_IP               2
-#define BIO_CONN_S_GET_PORT             3
-#define BIO_CONN_S_CREATE_SOCKET        4
-#define BIO_CONN_S_CONNECT              5
-#define BIO_CONN_S_OK                   6
-#define BIO_CONN_S_BLOCKED_CONNECT      7
-#define BIO_CONN_S_NBIO                 8
-/*#define BIO_CONN_get_param_hostname   BIO_ctrl */
-
-#define BIO_C_SET_CONNECT                       100
-#define BIO_C_DO_STATE_MACHINE                  101
-#define BIO_C_SET_NBIO                          102
-#define BIO_C_SET_PROXY_PARAM                   103
-#define BIO_C_SET_FD                            104
-#define BIO_C_GET_FD                            105
-#define BIO_C_SET_FILE_PTR                      106
-#define BIO_C_GET_FILE_PTR                      107
-#define BIO_C_SET_FILENAME                      108
-#define BIO_C_SET_SSL                           109
-#define BIO_C_GET_SSL                           110
-#define BIO_C_SET_MD                            111
-#define BIO_C_GET_MD                            112
-#define BIO_C_GET_CIPHER_STATUS                 113
-#define BIO_C_SET_BUF_MEM                       114
-#define BIO_C_GET_BUF_MEM_PTR                   115
-#define BIO_C_GET_BUFF_NUM_LINES                116
-#define BIO_C_SET_BUFF_SIZE                     117
-#define BIO_C_SET_ACCEPT                        118
-#define BIO_C_SSL_MODE                          119
-#define BIO_C_GET_MD_CTX                        120
-#define BIO_C_GET_PROXY_PARAM                   121
-#define BIO_C_SET_BUFF_READ_DATA                122 /* data to read first */
-#define BIO_C_GET_CONNECT                       123
-#define BIO_C_GET_ACCEPT                        124
-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
-#define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
-#define BIO_C_FILE_SEEK                         128
-#define BIO_C_GET_CIPHER_CTX                    129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN            130/*return end of input value*/
-#define BIO_C_SET_BIND_MODE                     131
-#define BIO_C_GET_BIND_MODE                     132
-#define BIO_C_FILE_TELL                         133
-#define BIO_C_GET_SOCKS                         134
-#define BIO_C_SET_SOCKS                         135
-
-#define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
-#define BIO_C_GET_WRITE_BUF_SIZE                137
-#define BIO_C_MAKE_BIO_PAIR                     138
-#define BIO_C_DESTROY_BIO_PAIR                  139
-#define BIO_C_GET_WRITE_GUARANTEE               140
-#define BIO_C_GET_READ_REQUEST                  141
-#define BIO_C_SHUTDOWN_WR                       142
-#define BIO_C_NREAD0                            143
-#define BIO_C_NREAD                             144
-#define BIO_C_NWRITE0                           145
-#define BIO_C_NWRITE                            146
-#define BIO_C_RESET_READ_REQUEST                147
-#define BIO_C_SET_MD_CTX                        148
-
-
-#define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
-#define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
-
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-#define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
-
-
-#define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-
-/* BIO_s_accept_socket() */
-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-#define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
-/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-#define BIO_BIND_NORMAL                 0
-#define BIO_BIND_REUSEADDR_IF_UNUSED    1
-#define BIO_BIND_REUSEADDR              2
-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-#define BIO_do_connect(b)       BIO_do_handshake(b)
-#define BIO_do_accept(b)        BIO_do_handshake(b)
-#define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-/* BIO_s_proxy_client() */
-#define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-#define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-#define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-#define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
-
-#define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-#define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
-#define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-#define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
-
-#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
-#define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-
-/* name is cast to lose const, but might be better to route through a function
-   so we can do it safely */
-#ifdef CONST_STRICT
-/* If you are wondering why this isn't defined, its because CONST_STRICT is
- * purely a compile-time kludge to allow const to be checked.
- */
-int BIO_read_filename(BIO *b,const char *name);
-#else
-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_READ,(char *)name)
-#endif
-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_WRITE,name)
-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_APPEND,name)
-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-
-/* WARNING WARNING, this ups the reference count on the read bio of the
- * SSL structure.  This is because the ssl read BIO is now pointed to by
- * the next_bio field in the bio.  So when you free the BIO, make sure
- * you are doing a BIO_free_all() to catch the underlying BIO. */
-#define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-#define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-#define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-#define BIO_set_ssl_renegotiate_bytes(b,num) \
-        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-#define BIO_get_num_renegotiates(b) \
-        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-
-/* defined in evp.h */
-/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-
-#define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-#define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
-#define BIO_set_mem_eof_return(b,v) \
-                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
-
-/* For the BIO_f_buffer() type */
-#define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
-#define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-/* Don't use the next one unless you know what you are doing :-) */
-#define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
-
-#define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
-#define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
-#define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
-#define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
-#define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
-#define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
-/* ...pending macros have inappropriate return type */
-size_t BIO_ctrl_pending(BIO *b);
-size_t BIO_ctrl_wpending(BIO *b);
-#define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
-                                                   cbp)
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
-
-/* For the BIO_f_buffer() type */
-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
-
-/* For BIO_s_bio() */
-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-/* macros with inappropriate type -- but ...pending macros use int too: */
-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-size_t BIO_ctrl_get_write_guarantee(BIO *b);
-size_t BIO_ctrl_get_read_request(BIO *b);
-int BIO_ctrl_reset_read_request(BIO *b);
-
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
-int BIO_set_ex_data(BIO *bio,int idx,void *data);
-void *BIO_get_ex_data(BIO *bio,int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
-
-# ifndef OPENSSL_NO_FP_API
-#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal(void);
-BIO *BIO_new_file_internal(char *filename, char *mode);
-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
-#    define BIO_s_file  BIO_s_file_internal
-#    define BIO_new_file        BIO_new_file_internal
-#    define BIO_new_fp  BIO_new_fp_internal
-#  else /* FP_API */
-BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(const char *filename, const char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-#    define BIO_s_file_internal         BIO_s_file
-#    define BIO_new_file_internal       BIO_new_file
-#    define BIO_new_fp_internal         BIO_s_file
-#  endif /* FP_API */
-# endif
-BIO *   BIO_new(BIO_METHOD *type);
-int     BIO_set(BIO *a,BIO_METHOD *type);
-int     BIO_free(BIO *a);
-void    BIO_vfree(BIO *a);
-int     BIO_read(BIO *b, void *data, int len);
-int     BIO_gets(BIO *bp,char *buf, int size);
-int     BIO_write(BIO *b, const void *data, int len);
-int     BIO_puts(BIO *bp,const char *buf);
-int     BIO_indent(BIO *b,int indent,int max);
-long    BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
-char *  BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-long    BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-BIO *   BIO_push(BIO *b,BIO *append);
-BIO *   BIO_pop(BIO *b);
-void    BIO_free_all(BIO *a);
-BIO *   BIO_find_type(BIO *b,int bio_type);
-BIO *   BIO_next(BIO *b);
-BIO *   BIO_get_retry_BIO(BIO *bio, int *reason);
-int     BIO_get_retry_reason(BIO *bio);
-BIO *   BIO_dup_chain(BIO *in);
-
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
-#ifndef OPENSSL_SYS_WIN16
-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-        long argl,long ret);
-#else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-        long argl,long ret);
-#endif
-
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-#ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
-#endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-#ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-#endif
-BIO_METHOD *BIO_f_nbio_test(void);
-/* BIO_METHOD *BIO_f_ber(void); */
-
-int BIO_sock_should_retry(int i);
-int BIO_sock_non_fatal_error(int error);
-int BIO_fd_should_retry(int i);
-int BIO_fd_non_fatal_error(int error);
-int BIO_dump(BIO *b,const char *bytes,int len);
-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
-
-struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- *     struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
-int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
-int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port,int mode);
-int BIO_accept(int sock,char **ip_port);
-int BIO_sock_init(void );
-void BIO_sock_cleanup(void);
-int BIO_set_tcp_ndelay(int sock,int turn_on);
-
-BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
-
-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
-        BIO **bio2, size_t writebuf2);
-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
- * Size 0 uses default value.
- */
-
-void BIO_copy_next_retry(BIO *b);
-
-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
-
-int BIO_printf(BIO *bio, const char *format, ...);
-int BIO_vprintf(BIO *bio, const char *format, va_list args);
-int BIO_snprintf(char *buf, size_t n, const char *format, ...);
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE                                 100
-#define BIO_F_BIO_ACCEPT                                 101
-#define BIO_F_BIO_BER_GET_HEADER                         102
-#define BIO_F_BIO_CTRL                                   103
-#define BIO_F_BIO_GETHOSTBYNAME                          120
-#define BIO_F_BIO_GETS                                   104
-#define BIO_F_BIO_GET_ACCEPT_SOCKET                      105
-#define BIO_F_BIO_GET_HOST_IP                            106
-#define BIO_F_BIO_GET_PORT                               107
-#define BIO_F_BIO_MAKE_PAIR                              121
-#define BIO_F_BIO_NEW                                    108
-#define BIO_F_BIO_NEW_FILE                               109
-#define BIO_F_BIO_NEW_MEM_BUF                            126
-#define BIO_F_BIO_NREAD                                  123
-#define BIO_F_BIO_NREAD0                                 124
-#define BIO_F_BIO_NWRITE                                 125
-#define BIO_F_BIO_NWRITE0                                122
-#define BIO_F_BIO_PUTS                                   110
-#define BIO_F_BIO_READ                                   111
-#define BIO_F_BIO_SOCK_INIT                              112
-#define BIO_F_BIO_WRITE                                  113
-#define BIO_F_BUFFER_CTRL                                114
-#define BIO_F_CONN_CTRL                                  127
-#define BIO_F_CONN_STATE                                 115
-#define BIO_F_FILE_CTRL                                  116
-#define BIO_F_FILE_READ                                  130
-#define BIO_F_LINEBUFFER_CTRL                            129
-#define BIO_F_MEM_READ                                   128
-#define BIO_F_MEM_WRITE                                  117
-#define BIO_F_SSL_NEW                                    118
-#define BIO_F_WSASTARTUP                                 119
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR                               100
-#define BIO_R_BAD_FOPEN_MODE                             101
-#define BIO_R_BAD_HOSTNAME_LOOKUP                        102
-#define BIO_R_BROKEN_PIPE                                124
-#define BIO_R_CONNECT_ERROR                              103
-#define BIO_R_EOF_ON_MEMORY_BIO                          127
-#define BIO_R_ERROR_SETTING_NBIO                         104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
-#define BIO_R_INVALID_ARGUMENT                           125
-#define BIO_R_INVALID_IP_ADDRESS                         108
-#define BIO_R_IN_USE                                     123
-#define BIO_R_KEEPALIVE                                  109
-#define BIO_R_NBIO_CONNECT_ERROR                         110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
-#define BIO_R_NO_HOSTNAME_SPECIFIED                      112
-#define BIO_R_NO_PORT_DEFINED                            113
-#define BIO_R_NO_PORT_SPECIFIED                          114
-#define BIO_R_NO_SUCH_FILE                               128
-#define BIO_R_NULL_PARAMETER                             115
-#define BIO_R_TAG_MISMATCH                               116
-#define BIO_R_UNABLE_TO_BIND_SOCKET                      117
-#define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
-#define BIO_R_UNINITIALIZED                              120
-#define BIO_R_UNSUPPORTED_METHOD                         121
-#define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
-#define BIO_R_WSASTARTUP                                 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
deleted file mode 100644
index 6f4254a114..0000000000
--- a/src/lib/libcrypto/bio/bio_cb.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/bio/bio_cb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
-             int argi, long argl, long ret)
-        {
-        BIO *b;
-        MS_STATIC char buf[256];
-        char *p;
-        long r=1;
-        size_t p_maxlen;
-
-        if (BIO_CB_RETURN & cmd)
-                r=ret;
-
-        BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
-        p= &(buf[14]);
-        p_maxlen = sizeof buf - 14;
-        switch (cmd)
-                {
-        case BIO_CB_FREE:
-                BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
-                break;
-        case BIO_CB_READ:
-                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
-                else
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
-                                 bio->num,argi,bio->method->name);
-                break;
-        case BIO_CB_WRITE:
-                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
-                else
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
-                                 bio->num,argi,bio->method->name);
-                break;
-        case BIO_CB_PUTS:
-                BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
-                break;
-        case BIO_CB_GETS:
-                BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
-                break;
-        case BIO_CB_CTRL:
-                BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
-                break;
-        case BIO_CB_RETURN|BIO_CB_READ:
-                BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
-                break;
-        case BIO_CB_RETURN|BIO_CB_WRITE:
-                BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
-                break;
-        case BIO_CB_RETURN|BIO_CB_GETS:
-                BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
-                break;
-        case BIO_CB_RETURN|BIO_CB_PUTS:
-                BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
-                break;
-        case BIO_CB_RETURN|BIO_CB_CTRL:
-                BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
-                break;
-        default:
-                BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
-                break;
-                }
-
-        b=(BIO *)bio->cb_arg;
-        if (b != NULL)
-                BIO_write(b,buf,strlen(buf));
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-        else
-                fputs(buf,stderr);
-#endif
-        return(r);
-        }
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
deleted file mode 100644
index 8859a58ae4..0000000000
--- a/src/lib/libcrypto/bio/bio_err.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/* crypto/bio/bio_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
-
-static ERR_STRING_DATA BIO_str_functs[]=
-        {
-{ERR_FUNC(BIO_F_ACPT_STATE),    "ACPT_STATE"},
-{ERR_FUNC(BIO_F_BIO_ACCEPT),    "BIO_accept"},
-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),    "BIO_BER_GET_HEADER"},
-{ERR_FUNC(BIO_F_BIO_CTRL),      "BIO_ctrl"},
-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),     "BIO_gethostbyname"},
-{ERR_FUNC(BIO_F_BIO_GETS),      "BIO_gets"},
-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP),       "BIO_get_host_ip"},
-{ERR_FUNC(BIO_F_BIO_GET_PORT),  "BIO_get_port"},
-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
-{ERR_FUNC(BIO_F_BIO_NEW),       "BIO_new"},
-{ERR_FUNC(BIO_F_BIO_NEW_FILE),  "BIO_new_file"},
-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),       "BIO_new_mem_buf"},
-{ERR_FUNC(BIO_F_BIO_NREAD),     "BIO_nread"},
-{ERR_FUNC(BIO_F_BIO_NREAD0),    "BIO_nread0"},
-{ERR_FUNC(BIO_F_BIO_NWRITE),    "BIO_nwrite"},
-{ERR_FUNC(BIO_F_BIO_NWRITE0),   "BIO_nwrite0"},
-{ERR_FUNC(BIO_F_BIO_PUTS),      "BIO_puts"},
-{ERR_FUNC(BIO_F_BIO_READ),      "BIO_read"},
-{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
-{ERR_FUNC(BIO_F_BIO_WRITE),     "BIO_write"},
-{ERR_FUNC(BIO_F_BUFFER_CTRL),   "BUFFER_CTRL"},
-{ERR_FUNC(BIO_F_CONN_CTRL),     "CONN_CTRL"},
-{ERR_FUNC(BIO_F_CONN_STATE),    "CONN_STATE"},
-{ERR_FUNC(BIO_F_FILE_CTRL),     "FILE_CTRL"},
-{ERR_FUNC(BIO_F_FILE_READ),     "FILE_READ"},
-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL),       "LINEBUFFER_CTRL"},
-{ERR_FUNC(BIO_F_MEM_READ),      "MEM_READ"},
-{ERR_FUNC(BIO_F_MEM_WRITE),     "MEM_WRITE"},
-{ERR_FUNC(BIO_F_SSL_NEW),       "SSL_new"},
-{ERR_FUNC(BIO_F_WSASTARTUP),    "WSASTARTUP"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA BIO_str_reasons[]=
-        {
-{ERR_REASON(BIO_R_ACCEPT_ERROR)          ,"accept error"},
-{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        ,"bad fopen mode"},
-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   ,"bad hostname lookup"},
-{ERR_REASON(BIO_R_BROKEN_PIPE)           ,"broken pipe"},
-{ERR_REASON(BIO_R_CONNECT_ERROR)         ,"connect error"},
-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO)     ,"EOF on memory BIO"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO)    ,"error setting nbio"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
-{ERR_REASON(BIO_R_INVALID_ARGUMENT)      ,"invalid argument"},
-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS)    ,"invalid ip address"},
-{ERR_REASON(BIO_R_IN_USE)                ,"in use"},
-{ERR_REASON(BIO_R_KEEPALIVE)             ,"keepalive"},
-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR)    ,"nbio connect error"},
-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
-{ERR_REASON(BIO_R_NO_PORT_DEFINED)       ,"no port defined"},
-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED)     ,"no port specified"},
-{ERR_REASON(BIO_R_NO_SUCH_FILE)          ,"no such file"},
-{ERR_REASON(BIO_R_NULL_PARAMETER)        ,"null parameter"},
-{ERR_REASON(BIO_R_TAG_MISMATCH)          ,"tag mismatch"},
-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
-{ERR_REASON(BIO_R_UNINITIALIZED)         ,"uninitialized"},
-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD)    ,"unsupported method"},
-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
-{ERR_REASON(BIO_R_WSASTARTUP)            ,"WSAStartup"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_BIO_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,BIO_str_functs);
-                ERR_load_strings(0,BIO_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
deleted file mode 100644
index 692c8fb5c6..0000000000
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ /dev/null
@@ -1,556 +0,0 @@
-/* crypto/bio/bio_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-
-BIO *BIO_new(BIO_METHOD *method)
-        {
-        BIO *ret=NULL;
-
-        ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
-        if (ret == NULL)
-                {
-                BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        if (!BIO_set(ret,method))
-                {
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-int BIO_set(BIO *bio, BIO_METHOD *method)
-        {
-        bio->method=method;
-        bio->callback=NULL;
-        bio->cb_arg=NULL;
-        bio->init=0;
-        bio->shutdown=1;
-        bio->flags=0;
-        bio->retry_reason=0;
-        bio->num=0;
-        bio->ptr=NULL;
-        bio->prev_bio=NULL;
-        bio->next_bio=NULL;
-        bio->references=1;
-        bio->num_read=0L;
-        bio->num_write=0L;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-        if (method->create != NULL)
-                if (!method->create(bio))
-                        {
-                        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
-                                        &bio->ex_data);
-                        return(0);
-                        }
-        return(1);
-        }
-
-int BIO_free(BIO *a)
-        {
-        int ret=0,i;
-
-        if (a == NULL) return(0);
-
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
-#ifdef REF_PRINT
-        REF_PRINT("BIO",a);
-#endif
-        if (i > 0) return(1);
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"BIO_free, bad reference count\n");
-                abort();
-                }
-#endif
-        if ((a->callback != NULL) &&
-                ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
-                        return(i);
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
-
-        if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
-        ret=a->method->destroy(a);
-        OPENSSL_free(a);
-        return(1);
-        }
-
-void BIO_vfree(BIO *a)
-    { BIO_free(a); }
-
-int BIO_read(BIO *b, void *out, int outl)
-        {
-        int i;
-        long (*cb)();
-
-        if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
-                {
-                BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        cb=b->callback;
-        if ((cb != NULL) &&
-                ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
-                        return(i);
-
-        if (!b->init)
-                {
-                BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
-                return(-2);
-                }
-
-        i=b->method->bread(b,out,outl);
-
-        if (i > 0) b->num_read+=(unsigned long)i;
-
-        if (cb != NULL)
-                i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
-                        0L,(long)i);
-        return(i);
-        }
-
-int BIO_write(BIO *b, const void *in, int inl)
-        {
-        int i;
-        long (*cb)();
-
-        if (b == NULL)
-                return(0);
-
-        cb=b->callback;
-        if ((b->method == NULL) || (b->method->bwrite == NULL))
-                {
-                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        if ((cb != NULL) &&
-                ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
-                        return(i);
-
-        if (!b->init)
-                {
-                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
-                return(-2);
-                }
-
-        i=b->method->bwrite(b,in,inl);
-
-        if (i > 0) b->num_write+=(unsigned long)i;
-
-        if (cb != NULL)
-                i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
-                        0L,(long)i);
-        return(i);
-        }
-
-int BIO_puts(BIO *b, const char *in)
-        {
-        int i;
-        long (*cb)();
-
-        if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
-                {
-                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        cb=b->callback;
-
-        if ((cb != NULL) &&
-                ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
-                        return(i);
-
-        if (!b->init)
-                {
-                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
-                return(-2);
-                }
-
-        i=b->method->bputs(b,in);
-
-        if (i > 0) b->num_write+=(unsigned long)i;
-
-        if (cb != NULL)
-                i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
-                        0L,(long)i);
-        return(i);
-        }
-
-int BIO_gets(BIO *b, char *in, int inl)
-        {
-        int i;
-        long (*cb)();
-
-        if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
-                {
-                BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        cb=b->callback;
-
-        if ((cb != NULL) &&
-                ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
-                        return(i);
-
-        if (!b->init)
-                {
-                BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
-                return(-2);
-                }
-
-        i=b->method->bgets(b,in,inl);
-
-        if (cb != NULL)
-                i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
-                        0L,(long)i);
-        return(i);
-        }
-
-int BIO_indent(BIO *b,int indent,int max)
-        {
-        if(indent < 0)
-                indent=0;
-        if(indent > max)
-                indent=max;
-        while(indent--)
-                if(BIO_puts(b," ") != 1)
-                        return 0;
-        return 1;
-        }
-
-long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
-        {
-        int i;
-
-        i=iarg;
-        return(BIO_ctrl(b,cmd,larg,(char *)&i));
-        }
-
-char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
-        {
-        char *p=NULL;
-
-        if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
-                return(NULL);
-        else
-                return(p);
-        }
-
-long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
-        {
-        long ret;
-        long (*cb)();
-
-        if (b == NULL) return(0);
-
-        if ((b->method == NULL) || (b->method->ctrl == NULL))
-                {
-                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        cb=b->callback;
-
-        if ((cb != NULL) &&
-                ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
-                return(ret);
-
-        ret=b->method->ctrl(b,cmd,larg,parg);
-
-        if (cb != NULL)
-                ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
-                        larg,ret);
-        return(ret);
-        }
-
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
-        {
-        long ret;
-        long (*cb)();
-
-        if (b == NULL) return(0);
-
-        if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
-                {
-                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
-                return(-2);
-                }
-
-        cb=b->callback;
-
-        if ((cb != NULL) &&
-                ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
-                return(ret);
-
-        ret=b->method->callback_ctrl(b,cmd,fp);
-
-        if (cb != NULL)
-                ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
-                        0,ret);
-        return(ret);
-        }
-
-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
- * do; but those macros have inappropriate return type, and for interfacing
- * from other programming languages, C macros aren't much of a help anyway. */
-size_t BIO_ctrl_pending(BIO *bio)
-        {
-        return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
-        }
-
-size_t BIO_ctrl_wpending(BIO *bio)
-        {
-        return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
-        }
-
-
-/* put the 'bio' on the end of b's list of operators */
-BIO *BIO_push(BIO *b, BIO *bio)
-        {
-        BIO *lb;
-
-        if (b == NULL) return(bio);
-        lb=b;
-        while (lb->next_bio != NULL)
-                lb=lb->next_bio;
-        lb->next_bio=bio;
-        if (bio != NULL)
-                bio->prev_bio=lb;
-        /* called to do internal processing */
-        BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
-        return(b);
-        }
-
-/* Remove the first and return the rest */
-BIO *BIO_pop(BIO *b)
-        {
-        BIO *ret;
-
-        if (b == NULL) return(NULL);
-        ret=b->next_bio;
-
-        BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
-
-        if (b->prev_bio != NULL)
-                b->prev_bio->next_bio=b->next_bio;
-        if (b->next_bio != NULL)
-                b->next_bio->prev_bio=b->prev_bio;
-
-        b->next_bio=NULL;
-        b->prev_bio=NULL;
-        return(ret);
-        }
-
-BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
-        {
-        BIO *b,*last;
-
-        b=last=bio;
-        for (;;)
-                {
-                if (!BIO_should_retry(b)) break;
-                last=b;
-                b=b->next_bio;
-                if (b == NULL) break;
-                }
-        if (reason != NULL) *reason=last->retry_reason;
-        return(last);
-        }
-
-int BIO_get_retry_reason(BIO *bio)
-        {
-        return(bio->retry_reason);
-        }
-
-BIO *BIO_find_type(BIO *bio, int type)
-        {
-        int mt,mask;
-
-        if(!bio) return NULL;
-        mask=type&0xff;
-        do      {
-                if (bio->method != NULL)
-                        {
-                        mt=bio->method->type;
-
-                        if (!mask)
-                                {
-                                if (mt & type) return(bio);
-                                }
-                        else if (mt == type)
-                                return(bio);
-                        }
-                bio=bio->next_bio;
-                } while (bio != NULL);
-        return(NULL);
-        }
-
-BIO *BIO_next(BIO *b)
-        {
-        if(!b) return NULL;
-        return b->next_bio;
-        }
-
-void BIO_free_all(BIO *bio)
-        {
-        BIO *b;
-        int ref;
-
-        while (bio != NULL)
-                {
-                b=bio;
-                ref=b->references;
-                bio=bio->next_bio;
-                BIO_free(b);
-                /* Since ref count > 1, don't free anyone else. */
-                if (ref > 1) break;
-                }
-        }
-
-BIO *BIO_dup_chain(BIO *in)
-        {
-        BIO *ret=NULL,*eoc=NULL,*bio,*new;
-
-        for (bio=in; bio != NULL; bio=bio->next_bio)
-                {
-                if ((new=BIO_new(bio->method)) == NULL) goto err;
-                new->callback=bio->callback;
-                new->cb_arg=bio->cb_arg;
-                new->init=bio->init;
-                new->shutdown=bio->shutdown;
-                new->flags=bio->flags;
-
-                /* This will let SSL_s_sock() work with stdin/stdout */
-                new->num=bio->num;
-
-                if (!BIO_dup_state(bio,(char *)new))
-                        {
-                        BIO_free(new);
-                        goto err;
-                        }
-
-                /* copy app data */
-                if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
-                                        &bio->ex_data))
-                        goto err;
-
-                if (ret == NULL)
-                        {
-                        eoc=new;
-                        ret=eoc;
-                        }
-                else
-                        {
-                        BIO_push(eoc,new);
-                        eoc=new;
-                        }
-                }
-        return(ret);
-err:
-        if (ret != NULL)
-                BIO_free(ret);
-        return(NULL);   
-        }
-
-void BIO_copy_next_retry(BIO *b)
-        {
-        BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
-        b->retry_reason=b->next_bio->retry_reason;
-        }
-
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int BIO_set_ex_data(BIO *bio, int idx, void *data)
-        {
-        return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
-        }
-
-void *BIO_get_ex_data(BIO *bio, int idx)
-        {
-        return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
-        }
-
-unsigned long BIO_number_read(BIO *bio)
-{
-        if(bio) return bio->num_read;
-        return 0;
-}
-
-unsigned long BIO_number_written(BIO *bio)
-{
-        if(bio) return bio->num_write;
-        return 0;
-}
-
-IMPLEMENT_STACK_OF(BIO)
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
deleted file mode 100644
index 8ea1db158b..0000000000
--- a/src/lib/libcrypto/bio/bss_acpt.c
+++ /dev/null
@@ -1,479 +0,0 @@
-/* crypto/bio/bss_acpt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-typedef struct bio_accept_st
-        {
-        int state;
-        char *param_addr;
-
-        int accept_sock;
-        int accept_nbio;
-
-        char *addr;
-        int nbio;
-        /* If 0, it means normal, if 1, do a connect on bind failure,
-         * and if there is no-one listening, bind with SO_REUSEADDR.
-         * If 2, always use SO_REUSEADDR. */
-        int bind_mode;
-        BIO *bio_chain;
-        } BIO_ACCEPT;
-
-static int acpt_write(BIO *h, const char *buf, int num);
-static int acpt_read(BIO *h, char *buf, int size);
-static int acpt_puts(BIO *h, const char *str);
-static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int acpt_new(BIO *h);
-static int acpt_free(BIO *data);
-static int acpt_state(BIO *b, BIO_ACCEPT *c);
-static void acpt_close_socket(BIO *data);
-BIO_ACCEPT *BIO_ACCEPT_new(void );
-void BIO_ACCEPT_free(BIO_ACCEPT *a);
-
-#define ACPT_S_BEFORE                   1
-#define ACPT_S_GET_ACCEPT_SOCKET        2
-#define ACPT_S_OK                       3
-
-static BIO_METHOD methods_acceptp=
-        {
-        BIO_TYPE_ACCEPT,
-        "socket accept",
-        acpt_write,
-        acpt_read,
-        acpt_puts,
-        NULL, /* connect_gets, */
-        acpt_ctrl,
-        acpt_new,
-        acpt_free,
-        NULL,
-        };
-
-BIO_METHOD *BIO_s_accept(void)
-        {
-        return(&methods_acceptp);
-        }
-
-static int acpt_new(BIO *bi)
-        {
-        BIO_ACCEPT *ba;
-
-        bi->init=0;
-        bi->num=INVALID_SOCKET;
-        bi->flags=0;
-        if ((ba=BIO_ACCEPT_new()) == NULL)
-                return(0);
-        bi->ptr=(char *)ba;
-        ba->state=ACPT_S_BEFORE;
-        bi->shutdown=1;
-        return(1);
-        }
-
-BIO_ACCEPT *BIO_ACCEPT_new(void)
-        {
-        BIO_ACCEPT *ret;
-
-        if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
-                return(NULL);
-
-        memset(ret,0,sizeof(BIO_ACCEPT));
-        ret->accept_sock=INVALID_SOCKET;
-        ret->bind_mode=BIO_BIND_NORMAL;
-        return(ret);
-        }
-
-void BIO_ACCEPT_free(BIO_ACCEPT *a)
-        {
-        if(a == NULL)
-            return;
-
-        if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
-        if (a->addr != NULL) OPENSSL_free(a->addr);
-        if (a->bio_chain != NULL) BIO_free(a->bio_chain);
-        OPENSSL_free(a);
-        }
-
-static void acpt_close_socket(BIO *bio)
-        {
-        BIO_ACCEPT *c;
-
-        c=(BIO_ACCEPT *)bio->ptr;
-        if (c->accept_sock != INVALID_SOCKET)
-                {
-                shutdown(c->accept_sock,2);
-                closesocket(c->accept_sock);
-                c->accept_sock=INVALID_SOCKET;
-                bio->num=INVALID_SOCKET;
-                }
-        }
-
-static int acpt_free(BIO *a)
-        {
-        BIO_ACCEPT *data;
-
-        if (a == NULL) return(0);
-        data=(BIO_ACCEPT *)a->ptr;
-         
-        if (a->shutdown)
-                {
-                acpt_close_socket(a);
-                BIO_ACCEPT_free(data);
-                a->ptr=NULL;
-                a->flags=0;
-                a->init=0;
-                }
-        return(1);
-        }
-        
-static int acpt_state(BIO *b, BIO_ACCEPT *c)
-        {
-        BIO *bio=NULL,*dbio;
-        int s= -1;
-        int i;
-
-again:
-        switch (c->state)
-                {
-        case ACPT_S_BEFORE:
-                if (c->param_addr == NULL)
-                        {
-                        BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
-                        return(-1);
-                        }
-                s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
-                if (s == INVALID_SOCKET)
-                        return(-1);
-
-                if (c->accept_nbio)
-                        {
-                        if (!BIO_socket_nbio(s,1))
-                                {
-                                closesocket(s);
-                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
-                                return(-1);
-                                }
-                        }
-                c->accept_sock=s;
-                b->num=s;
-                c->state=ACPT_S_GET_ACCEPT_SOCKET;
-                return(1);
-                /* break; */
-        case ACPT_S_GET_ACCEPT_SOCKET:
-                if (b->next_bio != NULL)
-                        {
-                        c->state=ACPT_S_OK;
-                        goto again;
-                        }
-                BIO_clear_retry_flags(b);
-                b->retry_reason=0;
-                i=BIO_accept(c->accept_sock,&(c->addr));
-
-                /* -2 return means we should retry */
-                if(i == -2)
-                        {
-                        BIO_set_retry_special(b);
-                        b->retry_reason=BIO_RR_ACCEPT;
-                        return -1;
-                        }
-
-                if (i < 0) return(i);
-
-                bio=BIO_new_socket(i,BIO_CLOSE);
-                if (bio == NULL) goto err;
-
-                BIO_set_callback(bio,BIO_get_callback(b));
-                BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
-
-                if (c->nbio)
-                        {
-                        if (!BIO_socket_nbio(i,1))
-                                {
-                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
-                                goto err;
-                                }
-                        }
-
-                /* If the accept BIO has an bio_chain, we dup it and
-                 * put the new socket at the end. */
-                if (c->bio_chain != NULL)
-                        {
-                        if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
-                                goto err;
-                        if (!BIO_push(dbio,bio)) goto err;
-                        bio=dbio;
-                        }
-                if (BIO_push(b,bio) == NULL) goto err;
-
-                c->state=ACPT_S_OK;
-                return(1);
-err:
-                if (bio != NULL)
-                        BIO_free(bio);
-                else if (s >= 0)
-                        closesocket(s);
-                return(0);
-                /* break; */
-        case ACPT_S_OK:
-                if (b->next_bio == NULL)
-                        {
-                        c->state=ACPT_S_GET_ACCEPT_SOCKET;
-                        goto again;
-                        }
-                return(1);
-                /* break; */
-        default:        
-                return(0);
-                /* break; */
-                }
-
-        }
-
-static int acpt_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
-        BIO_ACCEPT *data;
-
-        BIO_clear_retry_flags(b);
-        data=(BIO_ACCEPT *)b->ptr;
-
-        while (b->next_bio == NULL)
-                {
-                ret=acpt_state(b,data);
-                if (ret <= 0) return(ret);
-                }
-
-        ret=BIO_read(b->next_bio,out,outl);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static int acpt_write(BIO *b, const char *in, int inl)
-        {
-        int ret;
-        BIO_ACCEPT *data;
-
-        BIO_clear_retry_flags(b);
-        data=(BIO_ACCEPT *)b->ptr;
-
-        while (b->next_bio == NULL)
-                {
-                ret=acpt_state(b,data);
-                if (ret <= 0) return(ret);
-                }
-
-        ret=BIO_write(b->next_bio,in,inl);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO *dbio;
-        int *ip;
-        long ret=1;
-        BIO_ACCEPT *data;
-        char **pp;
-
-        data=(BIO_ACCEPT *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ret=0;
-                data->state=ACPT_S_BEFORE;
-                acpt_close_socket(b);
-                b->flags=0;
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                /* use this one to start the connection */
-                ret=(long)acpt_state(b,data);
-                break;
-        case BIO_C_SET_ACCEPT:
-                if (ptr != NULL)
-                        {
-                        if (num == 0)
-                                {
-                                b->init=1;
-                                if (data->param_addr != NULL)
-                                        OPENSSL_free(data->param_addr);
-                                data->param_addr=BUF_strdup(ptr);
-                                }
-                        else if (num == 1)
-                                {
-                                data->accept_nbio=(ptr != NULL);
-                                }
-                        else if (num == 2)
-                                {
-                                if (data->bio_chain != NULL)
-                                        BIO_free(data->bio_chain);
-                                data->bio_chain=(BIO *)ptr;
-                                }
-                        }
-                break;
-        case BIO_C_SET_NBIO:
-                data->nbio=(int)num;
-                break;
-        case BIO_C_SET_FD:
-                b->init=1;
-                b->num= *((int *)ptr);
-                data->accept_sock=b->num;
-                data->state=ACPT_S_GET_ACCEPT_SOCKET;
-                b->shutdown=(int)num;
-                b->init=1;
-                break;
-        case BIO_C_GET_FD:
-                if (b->init)
-                        {
-                        ip=(int *)ptr;
-                        if (ip != NULL)
-                                *ip=data->accept_sock;
-                        ret=data->accept_sock;
-                        }
-                else
-                        ret= -1;
-                break;
-        case BIO_C_GET_ACCEPT:
-                if (b->init)
-                        {
-                        if (ptr != NULL)
-                                {
-                                pp=(char **)ptr;
-                                *pp=data->param_addr;
-                                }
-                        else
-                                ret= -1;
-                        }
-                else
-                        ret= -1;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
-        case BIO_CTRL_FLUSH:
-                break;
-        case BIO_C_SET_BIND_MODE:
-                data->bind_mode=(int)num;
-                break;
-        case BIO_C_GET_BIND_MODE:
-                ret=(long)data->bind_mode;
-                break;
-        case BIO_CTRL_DUP:
-                dbio=(BIO *)ptr;
-/*              if (data->param_port) EAY EAY
-                        BIO_set_port(dbio,data->param_port);
-                if (data->param_hostname)
-                        BIO_set_hostname(dbio,data->param_hostname);
-                BIO_set_nbio(dbio,data->nbio); */
-                break;
-
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int acpt_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=acpt_write(bp,str,n);
-        return(ret);
-        }
-
-BIO *BIO_new_accept(char *str)
-        {
-        BIO *ret;
-
-        ret=BIO_new(BIO_s_accept());
-        if (ret == NULL) return(NULL);
-        if (BIO_set_accept_port(ret,str))
-                return(ret);
-        else
-                {
-                BIO_free(ret);
-                return(NULL);
-                }
-        }
-
-#endif
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
deleted file mode 100644
index 0f9f0955b4..0000000000
--- a/src/lib/libcrypto/bio/bss_bio.c
+++ /dev/null
@@ -1,924 +0,0 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Special method for a BIO where the other endpoint is also a BIO
- * of this kind, handled by the same thread (i.e. the "peer" is actually
- * ourselves, wearing a different hat).
- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
- * for which no specific BIO method is available.
- * See ssl/ssltest.c for some hints on how this can be used. */
-
-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
-#ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-#include "e_os.h"
-
-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef SSIZE_MAX
-#endif
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
-static int bio_new(BIO *bio);
-static int bio_free(BIO *bio);
-static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, const char *buf, int num);
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, const char *str);
-
-static int bio_make_pair(BIO *bio1, BIO *bio2);
-static void bio_destroy_pair(BIO *bio);
-
-static BIO_METHOD methods_biop =
-{
-        BIO_TYPE_BIO,
-        "BIO pair",
-        bio_write,
-        bio_read,
-        bio_puts,
-        NULL /* no bio_gets */,
-        bio_ctrl,
-        bio_new,
-        bio_free,
-        NULL /* no bio_callback_ctrl */
-};
-
-BIO_METHOD *BIO_s_bio(void)
-        {
-        return &methods_biop;
-        }
-
-struct bio_bio_st
-{
-        BIO *peer;     /* NULL if buf == NULL.
-                        * If peer != NULL, then peer->ptr is also a bio_bio_st,
-                        * and its "peer" member points back to us.
-                        * peer != NULL iff init != 0 in the BIO. */
-        
-        /* This is for what we write (i.e. reading uses peer's struct): */
-        int closed;     /* valid iff peer != NULL */
-        size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
-        size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
-        size_t size;
-        char *buf;      /* "size" elements (if != NULL) */
-
-        size_t request; /* valid iff peer != NULL; 0 if len != 0,
-                         * otherwise set by peer to number of bytes
-                         * it (unsuccessfully) tried to read,
-                         * never more than buffer space (size-len) warrants. */
-};
-
-static int bio_new(BIO *bio)
-        {
-        struct bio_bio_st *b;
-        
-        b = OPENSSL_malloc(sizeof *b);
-        if (b == NULL)
-                return 0;
-
-        b->peer = NULL;
-        b->size = 17*1024; /* enough for one TLS record (just a default) */
-        b->buf = NULL;
-
-        bio->ptr = b;
-        return 1;
-        }
-
-
-static int bio_free(BIO *bio)
-        {
-        struct bio_bio_st *b;
-
-        if (bio == NULL)
-                return 0;
-        b = bio->ptr;
-
-        assert(b != NULL);
-
-        if (b->peer)
-                bio_destroy_pair(bio);
-        
-        if (b->buf != NULL)
-                {
-                OPENSSL_free(b->buf);
-                }
-
-        OPENSSL_free(b);
-
-        return 1;
-        }
-
-
-
-static int bio_read(BIO *bio, char *buf, int size_)
-        {
-        size_t size = size_;
-        size_t rest;
-        struct bio_bio_st *b, *peer_b;
-
-        BIO_clear_retry_flags(bio);
-
-        if (!bio->init)
-                return 0;
-
-        b = bio->ptr;
-        assert(b != NULL);
-        assert(b->peer != NULL);
-        peer_b = b->peer->ptr;
-        assert(peer_b != NULL);
-        assert(peer_b->buf != NULL);
-
-        peer_b->request = 0; /* will be set in "retry_read" situation */
-
-        if (buf == NULL || size == 0)
-                return 0;
-
-        if (peer_b->len == 0)
-                {
-                if (peer_b->closed)
-                        return 0; /* writer has closed, and no data is left */
-                else
-                        {
-                        BIO_set_retry_read(bio); /* buffer is empty */
-                        if (size <= peer_b->size)
-                                peer_b->request = size;
-                        else
-                                /* don't ask for more than the peer can
-                                 * deliver in one write */
-                                peer_b->request = peer_b->size;
-                        return -1;
-                        }
-                }
-
-        /* we can read */
-        if (peer_b->len < size)
-                size = peer_b->len;
-
-        /* now read "size" bytes */
-        
-        rest = size;
-        
-        assert(rest > 0);
-        do /* one or two iterations */
-                {
-                size_t chunk;
-                
-                assert(rest <= peer_b->len);
-                if (peer_b->offset + rest <= peer_b->size)
-                        chunk = rest;
-                else
-                        /* wrap around ring buffer */
-                        chunk = peer_b->size - peer_b->offset;
-                assert(peer_b->offset + chunk <= peer_b->size);
-                
-                memcpy(buf, peer_b->buf + peer_b->offset, chunk);
-                
-                peer_b->len -= chunk;
-                if (peer_b->len)
-                        {
-                        peer_b->offset += chunk;
-                        assert(peer_b->offset <= peer_b->size);
-                        if (peer_b->offset == peer_b->size)
-                                peer_b->offset = 0;
-                        buf += chunk;
-                        }
-                else
-                        {
-                        /* buffer now empty, no need to advance "buf" */
-                        assert(chunk == rest);
-                        peer_b->offset = 0;
-                        }
-                rest -= chunk;
-                }
-        while (rest);
-        
-        return size;
-        }
-
-/* non-copying interface: provide pointer to available data in buffer
- *    bio_nread0:  return number of available bytes
- *    bio_nread:   also advance index
- * (example usage:  bio_nread0(), read from buffer, bio_nread()
- *  or just         bio_nread(), read from buffer)
- */
-/* WARNING: The non-copying interface is largely untested as of yet
- * and may contain bugs. */
-static ssize_t bio_nread0(BIO *bio, char **buf)
-        {
-        struct bio_bio_st *b, *peer_b;
-        ssize_t num;
-        
-        BIO_clear_retry_flags(bio);
-
-        if (!bio->init)
-                return 0;
-        
-        b = bio->ptr;
-        assert(b != NULL);
-        assert(b->peer != NULL);
-        peer_b = b->peer->ptr;
-        assert(peer_b != NULL);
-        assert(peer_b->buf != NULL);
-        
-        peer_b->request = 0;
-        
-        if (peer_b->len == 0)
-                {
-                char dummy;
-                
-                /* avoid code duplication -- nothing available for reading */
-                return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
-                }
-
-        num = peer_b->len;
-        if (peer_b->size < peer_b->offset + num)
-                /* no ring buffer wrap-around for non-copying interface */
-                num = peer_b->size - peer_b->offset;
-        assert(num > 0);
-
-        if (buf != NULL)
-                *buf = peer_b->buf + peer_b->offset;
-        return num;
-        }
-
-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
-        {
-        struct bio_bio_st *b, *peer_b;
-        ssize_t num, available;
-
-        if (num_ > SSIZE_MAX)
-                num = SSIZE_MAX;
-        else
-                num = (ssize_t)num_;
-
-        available = bio_nread0(bio, buf);
-        if (num > available)
-                num = available;
-        if (num <= 0)
-                return num;
-
-        b = bio->ptr;
-        peer_b = b->peer->ptr;
-
-        peer_b->len -= num;
-        if (peer_b->len) 
-                {
-                peer_b->offset += num;
-                assert(peer_b->offset <= peer_b->size);
-                if (peer_b->offset == peer_b->size)
-                        peer_b->offset = 0;
-                }
-        else
-                peer_b->offset = 0;
-
-        return num;
-        }
-
-
-static int bio_write(BIO *bio, const char *buf, int num_)
-        {
-        size_t num = num_;
-        size_t rest;
-        struct bio_bio_st *b;
-
-        BIO_clear_retry_flags(bio);
-
-        if (!bio->init || buf == NULL || num == 0)
-                return 0;
-
-        b = bio->ptr;           
-        assert(b != NULL);
-        assert(b->peer != NULL);
-        assert(b->buf != NULL);
-
-        b->request = 0;
-        if (b->closed)
-                {
-                /* we already closed */
-                BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
-                return -1;
-                }
-
-        assert(b->len <= b->size);
-
-        if (b->len == b->size)
-                {
-                BIO_set_retry_write(bio); /* buffer is full */
-                return -1;
-                }
-
-        /* we can write */
-        if (num > b->size - b->len)
-                num = b->size - b->len;
-        
-        /* now write "num" bytes */
-
-        rest = num;
-        
-        assert(rest > 0);
-        do /* one or two iterations */
-                {
-                size_t write_offset;
-                size_t chunk;
-
-                assert(b->len + rest <= b->size);
-
-                write_offset = b->offset + b->len;
-                if (write_offset >= b->size)
-                        write_offset -= b->size;
-                /* b->buf[write_offset] is the first byte we can write to. */
-
-                if (write_offset + rest <= b->size)
-                        chunk = rest;
-                else
-                        /* wrap around ring buffer */
-                        chunk = b->size - write_offset;
-                
-                memcpy(b->buf + write_offset, buf, chunk);
-                
-                b->len += chunk;
-
-                assert(b->len <= b->size);
-                
-                rest -= chunk;
-                buf += chunk;
-                }
-        while (rest);
-
-        return num;
-        }
-
-/* non-copying interface: provide pointer to region to write to
- *   bio_nwrite0:  check how much space is available
- *   bio_nwrite:   also increase length
- * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
- *  or just         bio_nwrite(), write to buffer)
- */
-static ssize_t bio_nwrite0(BIO *bio, char **buf)
-        {
-        struct bio_bio_st *b;
-        size_t num;
-        size_t write_offset;
-
-        BIO_clear_retry_flags(bio);
-
-        if (!bio->init)
-                return 0;
-
-        b = bio->ptr;           
-        assert(b != NULL);
-        assert(b->peer != NULL);
-        assert(b->buf != NULL);
-
-        b->request = 0;
-        if (b->closed)
-                {
-                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
-                return -1;
-                }
-
-        assert(b->len <= b->size);
-
-        if (b->len == b->size)
-                {
-                BIO_set_retry_write(bio);
-                return -1;
-                }
-
-        num = b->size - b->len;
-        write_offset = b->offset + b->len;
-        if (write_offset >= b->size)
-                write_offset -= b->size;
-        if (write_offset + num > b->size)
-                /* no ring buffer wrap-around for non-copying interface
-                 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
-                 * BIO_nwrite may have to be called twice) */
-                num = b->size - write_offset;
-
-        if (buf != NULL)
-                *buf = b->buf + write_offset;
-        assert(write_offset + num <= b->size);
-
-        return num;
-        }
-
-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
-        {
-        struct bio_bio_st *b;
-        ssize_t num, space;
-
-        if (num_ > SSIZE_MAX)
-                num = SSIZE_MAX;
-        else
-                num = (ssize_t)num_;
-
-        space = bio_nwrite0(bio, buf);
-        if (num > space)
-                num = space;
-        if (num <= 0)
-                return num;
-        b = bio->ptr;
-        assert(b != NULL);
-        b->len += num;
-        assert(b->len <= b->size);
-
-        return num;
-        }
-
-
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
-        {
-        long ret;
-        struct bio_bio_st *b = bio->ptr;
-        
-        assert(b != NULL);
-
-        switch (cmd)
-                {
-        /* specific CTRL codes */
-
-        case BIO_C_SET_WRITE_BUF_SIZE:
-                if (b->peer)
-                        {
-                        BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
-                        ret = 0;
-                        }
-                else if (num == 0)
-                        {
-                        BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
-                        ret = 0;
-                        }
-                else
-                        {
-                        size_t new_size = num;
-
-                        if (b->size != new_size)
-                                {
-                                if (b->buf) 
-                                        {
-                                        OPENSSL_free(b->buf);
-                                        b->buf = NULL;
-                                        }
-                                b->size = new_size;
-                                }
-                        ret = 1;
-                        }
-                break;
-
-        case BIO_C_GET_WRITE_BUF_SIZE:
-                ret = (long) b->size;
-                break;
-
-        case BIO_C_MAKE_BIO_PAIR:
-                {
-                BIO *other_bio = ptr;
-                
-                if (bio_make_pair(bio, other_bio))
-                        ret = 1;
-                else
-                        ret = 0;
-                }
-                break;
-                
-        case BIO_C_DESTROY_BIO_PAIR:
-                /* Affects both BIOs in the pair -- call just once!
-                 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
-                bio_destroy_pair(bio);
-                ret = 1;
-                break;
-
-        case BIO_C_GET_WRITE_GUARANTEE:
-                /* How many bytes can the caller feed to the next write
-                 * without having to keep any? */
-                if (b->peer == NULL || b->closed)
-                        ret = 0;
-                else
-                        ret = (long) b->size - b->len;
-                break;
-
-        case BIO_C_GET_READ_REQUEST:
-                /* If the peer unsuccessfully tried to read, how many bytes
-                 * were requested?  (As with BIO_CTRL_PENDING, that number
-                 * can usually be treated as boolean.) */
-                ret = (long) b->request;
-                break;
-
-        case BIO_C_RESET_READ_REQUEST:
-                /* Reset request.  (Can be useful after read attempts
-                 * at the other side that are meant to be non-blocking,
-                 * e.g. when probing SSL_read to see if any data is
-                 * available.) */
-                b->request = 0;
-                ret = 1;
-                break;
-
-        case BIO_C_SHUTDOWN_WR:
-                /* similar to shutdown(..., SHUT_WR) */
-                b->closed = 1;
-                ret = 1;
-                break;
-
-        case BIO_C_NREAD0:
-                /* prepare for non-copying read */
-                ret = (long) bio_nread0(bio, ptr);
-                break;
-                
-        case BIO_C_NREAD:
-                /* non-copying read */
-                ret = (long) bio_nread(bio, ptr, (size_t) num);
-                break;
-                
-        case BIO_C_NWRITE0:
-                /* prepare for non-copying write */
-                ret = (long) bio_nwrite0(bio, ptr);
-                break;
-
-        case BIO_C_NWRITE:
-                /* non-copying write */
-                ret = (long) bio_nwrite(bio, ptr, (size_t) num);
-                break;
-                
-
-        /* standard CTRL codes follow */
-
-        case BIO_CTRL_RESET:
-                if (b->buf != NULL)
-                        {
-                        b->len = 0;
-                        b->offset = 0;
-                        }
-                ret = 0;
-                break;          
-
-        case BIO_CTRL_GET_CLOSE:
-                ret = bio->shutdown;
-                break;
-
-        case BIO_CTRL_SET_CLOSE:
-                bio->shutdown = (int) num;
-                ret = 1;
-                break;
-
-        case BIO_CTRL_PENDING:
-                if (b->peer != NULL)
-                        {
-                        struct bio_bio_st *peer_b = b->peer->ptr;
-                        
-                        ret = (long) peer_b->len;
-                        }
-                else
-                        ret = 0;
-                break;
-
-        case BIO_CTRL_WPENDING:
-                if (b->buf != NULL)
-                        ret = (long) b->len;
-                else
-                        ret = 0;
-                break;
-
-        case BIO_CTRL_DUP:
-                /* See BIO_dup_chain for circumstances we have to expect. */
-                {
-                BIO *other_bio = ptr;
-                struct bio_bio_st *other_b;
-                
-                assert(other_bio != NULL);
-                other_b = other_bio->ptr;
-                assert(other_b != NULL);
-                
-                assert(other_b->buf == NULL); /* other_bio is always fresh */
-
-                other_b->size = b->size;
-                }
-
-                ret = 1;
-                break;
-
-        case BIO_CTRL_FLUSH:
-                ret = 1;
-                break;
-
-        case BIO_CTRL_EOF:
-                {
-                BIO *other_bio = ptr;
-                
-                if (other_bio)
-                        {
-                        struct bio_bio_st *other_b = other_bio->ptr;
-                        
-                        assert(other_b != NULL);
-                        ret = other_b->len == 0 && other_b->closed;
-                        }
-                else
-                        ret = 1;
-                }
-                break;
-
-        default:
-                ret = 0;
-                }
-        return ret;
-        }
-
-static int bio_puts(BIO *bio, const char *str)
-        {
-        return bio_write(bio, str, strlen(str));
-        }
-
-
-static int bio_make_pair(BIO *bio1, BIO *bio2)
-        {
-        struct bio_bio_st *b1, *b2;
-
-        assert(bio1 != NULL);
-        assert(bio2 != NULL);
-
-        b1 = bio1->ptr;
-        b2 = bio2->ptr;
-        
-        if (b1->peer != NULL || b2->peer != NULL)
-                {
-                BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
-                return 0;
-                }
-        
-        if (b1->buf == NULL)
-                {
-                b1->buf = OPENSSL_malloc(b1->size);
-                if (b1->buf == NULL)
-                        {
-                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                b1->len = 0;
-                b1->offset = 0;
-                }
-        
-        if (b2->buf == NULL)
-                {
-                b2->buf = OPENSSL_malloc(b2->size);
-                if (b2->buf == NULL)
-                        {
-                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                b2->len = 0;
-                b2->offset = 0;
-                }
-        
-        b1->peer = bio2;
-        b1->closed = 0;
-        b1->request = 0;
-        b2->peer = bio1;
-        b2->closed = 0;
-        b2->request = 0;
-
-        bio1->init = 1;
-        bio2->init = 1;
-
-        return 1;
-        }
-
-static void bio_destroy_pair(BIO *bio)
-        {
-        struct bio_bio_st *b = bio->ptr;
-
-        if (b != NULL)
-                {
-                BIO *peer_bio = b->peer;
-
-                if (peer_bio != NULL)
-                        {
-                        struct bio_bio_st *peer_b = peer_bio->ptr;
-
-                        assert(peer_b != NULL);
-                        assert(peer_b->peer == bio);
-
-                        peer_b->peer = NULL;
-                        peer_bio->init = 0;
-                        assert(peer_b->buf != NULL);
-                        peer_b->len = 0;
-                        peer_b->offset = 0;
-                        
-                        b->peer = NULL;
-                        bio->init = 0;
-                        assert(b->buf != NULL);
-                        b->len = 0;
-                        b->offset = 0;
-                        }
-                }
-        }
- 
-
-/* Exported convenience functions */
-int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
-        BIO **bio2_p, size_t writebuf2)
-         {
-         BIO *bio1 = NULL, *bio2 = NULL;
-         long r;
-         int ret = 0;
-
-         bio1 = BIO_new(BIO_s_bio());
-         if (bio1 == NULL)
-                 goto err;
-         bio2 = BIO_new(BIO_s_bio());
-         if (bio2 == NULL)
-                 goto err;
-
-         if (writebuf1)
-                 {
-                 r = BIO_set_write_buf_size(bio1, writebuf1);
-                 if (!r)
-                         goto err;
-                 }
-         if (writebuf2)
-                 {
-                 r = BIO_set_write_buf_size(bio2, writebuf2);
-                 if (!r)
-                         goto err;
-                 }
-
-         r = BIO_make_bio_pair(bio1, bio2);
-         if (!r)
-                 goto err;
-         ret = 1;
-
- err:
-         if (ret == 0)
-                 {
-                 if (bio1)
-                         {
-                         BIO_free(bio1);
-                         bio1 = NULL;
-                         }
-                 if (bio2)
-                         {
-                         BIO_free(bio2);
-                         bio2 = NULL;
-                         }
-                 }
-
-         *bio1_p = bio1;
-         *bio2_p = bio2;
-         return ret;
-         }
-
-size_t BIO_ctrl_get_write_guarantee(BIO *bio)
-        {
-        return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
-        }
-
-size_t BIO_ctrl_get_read_request(BIO *bio)
-        {
-        return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
-        }
-
-int BIO_ctrl_reset_read_request(BIO *bio)
-        {
-        return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
-        }
-
-
-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
- * (conceivably some other BIOs could allow non-copying reads and writes too.)
- */
-int BIO_nread0(BIO *bio, char **buf)
-        {
-        long ret;
-
-        if (!bio->init)
-                {
-                BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
-                return -2;
-                }
-
-        ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
-        if (ret > INT_MAX)
-                return INT_MAX;
-        else
-                return (int) ret;
-        }
-
-int BIO_nread(BIO *bio, char **buf, int num)
-        {
-        int ret;
-
-        if (!bio->init)
-                {
-                BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
-                return -2;
-                }
-
-        ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
-        if (ret > 0)
-                bio->num_read += ret;
-        return ret;
-        }
-
-int BIO_nwrite0(BIO *bio, char **buf)
-        {
-        long ret;
-
-        if (!bio->init)
-                {
-                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
-                return -2;
-                }
-
-        ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
-        if (ret > INT_MAX)
-                return INT_MAX;
-        else
-                return (int) ret;
-        }
-
-int BIO_nwrite(BIO *bio, char **buf, int num)
-        {
-        int ret;
-
-        if (!bio->init)
-                {
-                BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
-                return -2;
-                }
-
-        ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
-        if (ret > 0)
-                bio->num_read += ret;
-        return ret;
-        }
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
deleted file mode 100644
index 216780ed5e..0000000000
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-
-typedef struct bio_connect_st
-        {
-        int state;
-
-        char *param_hostname;
-        char *param_port;
-        int nbio;
-
-        unsigned char ip[4];
-        unsigned short port;
-
-        struct sockaddr_in them;
-
-        /* int socket; this will be kept in bio->num so that it is
-         * compatible with the bss_sock bio */ 
-
-        /* called when the connection is initially made
-         *  callback(BIO,state,ret);  The callback should return
-         * 'ret'.  state is for compatibility with the ssl info_callback */
-        int (*info_callback)(const BIO *bio,int state,int ret);
-        } BIO_CONNECT;
-
-static int conn_write(BIO *h, const char *buf, int num);
-static int conn_read(BIO *h, char *buf, int size);
-static int conn_puts(BIO *h, const char *str);
-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int conn_new(BIO *h);
-static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
-
-static int conn_state(BIO *b, BIO_CONNECT *c);
-static void conn_close_socket(BIO *data);
-BIO_CONNECT *BIO_CONNECT_new(void );
-void BIO_CONNECT_free(BIO_CONNECT *a);
-
-static BIO_METHOD methods_connectp=
-        {
-        BIO_TYPE_CONNECT,
-        "socket connect",
-        conn_write,
-        conn_read,
-        conn_puts,
-        NULL, /* connect_gets, */
-        conn_ctrl,
-        conn_new,
-        conn_free,
-        conn_callback_ctrl,
-        };
-
-static int conn_state(BIO *b, BIO_CONNECT *c)
-        {
-        int ret= -1,i;
-        unsigned long l;
-        char *p,*q;
-        int (*cb)()=NULL;
-
-        if (c->info_callback != NULL)
-                cb=c->info_callback;
-
-        for (;;)
-                {
-                switch (c->state)
-                        {
-                case BIO_CONN_S_BEFORE:
-                        p=c->param_hostname;
-                        if (p == NULL)
-                                {
-                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
-                                goto exit_loop;
-                                }
-                        for ( ; *p != '\0'; p++)
-                                {
-                                if ((*p == ':') || (*p == '/')) break;
-                                }
-
-                        i= *p;
-                        if ((i == ':') || (i == '/'))
-                                {
-
-                                *(p++)='\0';
-                                if (i == ':')
-                                        {
-                                        for (q=p; *q; q++)
-                                                if (*q == '/')
-                                                        {
-                                                        *q='\0';
-                                                        break;
-                                                        }
-                                        if (c->param_port != NULL)
-                                                OPENSSL_free(c->param_port);
-                                        c->param_port=BUF_strdup(p);
-                                        }
-                                }
-
-                        if (c->param_port == NULL)
-                                {
-                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
-                                ERR_add_error_data(2,"host=",c->param_hostname);
-                                goto exit_loop;
-                                }
-                        c->state=BIO_CONN_S_GET_IP;
-                        break;
-
-                case BIO_CONN_S_GET_IP:
-                        if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
-                                goto exit_loop;
-                        c->state=BIO_CONN_S_GET_PORT;
-                        break;
-
-                case BIO_CONN_S_GET_PORT:
-                        if (c->param_port == NULL)
-                                {
-                                /* abort(); */
-                                goto exit_loop;
-                                }
-                        else if (BIO_get_port(c->param_port,&c->port) <= 0)
-                                goto exit_loop;
-                        c->state=BIO_CONN_S_CREATE_SOCKET;
-                        break;
-
-                case BIO_CONN_S_CREATE_SOCKET:
-                        /* now setup address */
-                        memset((char *)&c->them,0,sizeof(c->them));
-                        c->them.sin_family=AF_INET;
-                        c->them.sin_port=htons((unsigned short)c->port);
-                        l=(unsigned long)
-                                ((unsigned long)c->ip[0]<<24L)|
-                                ((unsigned long)c->ip[1]<<16L)|
-                                ((unsigned long)c->ip[2]<< 8L)|
-                                ((unsigned long)c->ip[3]);
-                        c->them.sin_addr.s_addr=htonl(l);
-                        c->state=BIO_CONN_S_CREATE_SOCKET;
-
-                        ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-                        if (ret == INVALID_SOCKET)
-                                {
-                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
-                                ERR_add_error_data(4,"host=",c->param_hostname,
-                                        ":",c->param_port);
-                                BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
-                                goto exit_loop;
-                                }
-                        b->num=ret;
-                        c->state=BIO_CONN_S_NBIO;
-                        break;
-
-                case BIO_CONN_S_NBIO:
-                        if (c->nbio)
-                                {
-                                if (!BIO_socket_nbio(b->num,1))
-                                        {
-                                        BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
-                                        ERR_add_error_data(4,"host=",
-                                                c->param_hostname,
-                                                ":",c->param_port);
-                                        goto exit_loop;
-                                        }
-                                }
-                        c->state=BIO_CONN_S_CONNECT;
-
-#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-                        i=1;
-                        i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-                        if (i < 0)
-                                {
-                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
-                                ERR_add_error_data(4,"host=",c->param_hostname,
-                                        ":",c->param_port);
-                                BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
-                                goto exit_loop;
-                                }
-#endif
-                        break;
-
-                case BIO_CONN_S_CONNECT:
-                        BIO_clear_retry_flags(b);
-                        ret=connect(b->num,
-                                (struct sockaddr *)&c->them,
-                                sizeof(c->them));
-                        b->retry_reason=0;
-                        if (ret < 0)
-                                {
-                                if (BIO_sock_should_retry(ret))
-                                        {
-                                        BIO_set_retry_special(b);
-                                        c->state=BIO_CONN_S_BLOCKED_CONNECT;
-                                        b->retry_reason=BIO_RR_CONNECT;
-                                        }
-                                else
-                                        {
-                                        SYSerr(SYS_F_CONNECT,get_last_socket_error());
-                                        ERR_add_error_data(4,"host=",
-                                                c->param_hostname,
-                                                ":",c->param_port);
-                                        BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
-                                        }
-                                goto exit_loop;
-                                }
-                        else
-                                c->state=BIO_CONN_S_OK;
-                        break;
-
-                case BIO_CONN_S_BLOCKED_CONNECT:
-                        i=BIO_sock_error(b->num);
-                        if (i)
-                                {
-                                BIO_clear_retry_flags(b);
-                                SYSerr(SYS_F_CONNECT,i);
-                                ERR_add_error_data(4,"host=",
-                                        c->param_hostname,
-                                        ":",c->param_port);
-                                BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
-                                ret=0;
-                                goto exit_loop;
-                                }
-                        else
-                                c->state=BIO_CONN_S_OK;
-                        break;
-
-                case BIO_CONN_S_OK:
-                        ret=1;
-                        goto exit_loop;
-                default:
-                        /* abort(); */
-                        goto exit_loop;
-                        }
-
-                if (cb != NULL)
-                        {
-                        if (!(ret=cb((BIO *)b,c->state,ret)))
-                                goto end;
-                        }
-                }
-
-        /* Loop does not exit */
-exit_loop:
-        if (cb != NULL)
-                ret=cb((BIO *)b,c->state,ret);
-end:
-        return(ret);
-        }
-
-BIO_CONNECT *BIO_CONNECT_new(void)
-        {
-        BIO_CONNECT *ret;
-
-        if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
-                return(NULL);
-        ret->state=BIO_CONN_S_BEFORE;
-        ret->param_hostname=NULL;
-        ret->param_port=NULL;
-        ret->info_callback=NULL;
-        ret->nbio=0;
-        ret->ip[0]=0;
-        ret->ip[1]=0;
-        ret->ip[2]=0;
-        ret->ip[3]=0;
-        ret->port=0;
-        memset((char *)&ret->them,0,sizeof(ret->them));
-        return(ret);
-        }
-
-void BIO_CONNECT_free(BIO_CONNECT *a)
-        {
-        if(a == NULL)
-            return;
-
-        if (a->param_hostname != NULL)
-                OPENSSL_free(a->param_hostname);
-        if (a->param_port != NULL)
-                OPENSSL_free(a->param_port);
-        OPENSSL_free(a);
-        }
-
-BIO_METHOD *BIO_s_connect(void)
-        {
-        return(&methods_connectp);
-        }
-
-static int conn_new(BIO *bi)
-        {
-        bi->init=0;
-        bi->num=INVALID_SOCKET;
-        bi->flags=0;
-        if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
-                return(0);
-        else
-                return(1);
-        }
-
-static void conn_close_socket(BIO *bio)
-        {
-        BIO_CONNECT *c;
-
-        c=(BIO_CONNECT *)bio->ptr;
-        if (bio->num != INVALID_SOCKET)
-                {
-                /* Only do a shutdown if things were established */
-                if (c->state == BIO_CONN_S_OK)
-                        shutdown(bio->num,2);
-                closesocket(bio->num);
-                bio->num=INVALID_SOCKET;
-                }
-        }
-
-static int conn_free(BIO *a)
-        {
-        BIO_CONNECT *data;
-
-        if (a == NULL) return(0);
-        data=(BIO_CONNECT *)a->ptr;
-         
-        if (a->shutdown)
-                {
-                conn_close_socket(a);
-                BIO_CONNECT_free(data);
-                a->ptr=NULL;
-                a->flags=0;
-                a->init=0;
-                }
-        return(1);
-        }
-        
-static int conn_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
-        BIO_CONNECT *data;
-
-        data=(BIO_CONNECT *)b->ptr;
-        if (data->state != BIO_CONN_S_OK)
-                {
-                ret=conn_state(b,data);
-                if (ret <= 0)
-                                return(ret);
-                }
-
-        if (out != NULL)
-                {
-                clear_socket_error();
-                ret=readsocket(b->num,out,outl);
-                BIO_clear_retry_flags(b);
-                if (ret <= 0)
-                        {
-                        if (BIO_sock_should_retry(ret))
-                                BIO_set_retry_read(b);
-                        }
-                }
-        return(ret);
-        }
-
-static int conn_write(BIO *b, const char *in, int inl)
-        {
-        int ret;
-        BIO_CONNECT *data;
-
-        data=(BIO_CONNECT *)b->ptr;
-        if (data->state != BIO_CONN_S_OK)
-                {
-                ret=conn_state(b,data);
-                if (ret <= 0) return(ret);
-                }
-
-        clear_socket_error();
-        ret=writesocket(b->num,in,inl);
-        BIO_clear_retry_flags(b);
-        if (ret <= 0)
-                {
-                if (BIO_sock_should_retry(ret))
-                        BIO_set_retry_write(b);
-                }
-        return(ret);
-        }
-
-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO *dbio;
-        int *ip;
-        const char **pptr;
-        long ret=1;
-        BIO_CONNECT *data;
-
-        data=(BIO_CONNECT *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ret=0;
-                data->state=BIO_CONN_S_BEFORE;
-                conn_close_socket(b);
-                b->flags=0;
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                /* use this one to start the connection */
-                if (data->state != BIO_CONN_S_OK)
-                        ret=(long)conn_state(b,data);
-                else
-                        ret=1;
-                break;
-        case BIO_C_GET_CONNECT:
-                if (ptr != NULL)
-                        {
-                        pptr=(const char **)ptr;
-                        if (num == 0)
-                                {
-                                *pptr=data->param_hostname;
-
-                                }
-                        else if (num == 1)
-                                {
-                                *pptr=data->param_port;
-                                }
-                        else if (num == 2)
-                                {
-                                *pptr= (char *)&(data->ip[0]);
-                                }
-                        else if (num == 3)
-                                {
-                                *((int *)ptr)=data->port;
-                                }
-                        if ((!b->init) || (ptr == NULL))
-                                *pptr="not initialized";
-                        ret=1;
-                        }
-                break;
-        case BIO_C_SET_CONNECT:
-                if (ptr != NULL)
-                        {
-                        b->init=1;
-                        if (num == 0)
-                                {
-                                if (data->param_hostname != NULL)
-                                        OPENSSL_free(data->param_hostname);
-                                data->param_hostname=BUF_strdup(ptr);
-                                }
-                        else if (num == 1)
-                                {
-                                if (data->param_port != NULL)
-                                        OPENSSL_free(data->param_port);
-                                data->param_port=BUF_strdup(ptr);
-                                }
-                        else if (num == 2)
-                                {
-                                char buf[16];
-                                unsigned char *p = ptr;
-
-                                BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
-                                             p[0],p[1],p[2],p[3]);
-                                if (data->param_hostname != NULL)
-                                        OPENSSL_free(data->param_hostname);
-                                data->param_hostname=BUF_strdup(buf);
-                                memcpy(&(data->ip[0]),ptr,4);
-                                }
-                        else if (num == 3)
-                                {
-                                char buf[DECIMAL_SIZE(int)+1];
-
-                                BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
-                                if (data->param_port != NULL)
-                                        OPENSSL_free(data->param_port);
-                                data->param_port=BUF_strdup(buf);
-                                data->port= *(int *)ptr;
-                                }
-                        }
-                break;
-        case BIO_C_SET_NBIO:
-                data->nbio=(int)num;
-                break;
-        case BIO_C_GET_FD:
-                if (b->init)
-                        {
-                        ip=(int *)ptr;
-                        if (ip != NULL)
-                                *ip=b->num;
-                        ret=b->num;
-                        }
-                else
-                        ret= -1;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
-        case BIO_CTRL_FLUSH:
-                break;
-        case BIO_CTRL_DUP:
-                {
-                dbio=(BIO *)ptr;
-                if (data->param_port)
-                        BIO_set_conn_port(dbio,data->param_port);
-                if (data->param_hostname)
-                        BIO_set_conn_hostname(dbio,data->param_hostname);
-                BIO_set_nbio(dbio,data->nbio);
-                /* FIXME: the cast of the function seems unlikely to be a good idea */
-                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
-                }
-                break;
-        case BIO_CTRL_SET_CALLBACK:
-                {
-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-                BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                ret = -1;
-#else
-                ret=0;
-#endif
-                }
-                break;
-        case BIO_CTRL_GET_CALLBACK:
-                {
-                int (**fptr)();
-
-                fptr=(int (**)())ptr;
-                *fptr=data->info_callback;
-                }
-                break;
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-        BIO_CONNECT *data;
-
-        data=(BIO_CONNECT *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_SET_CALLBACK:
-                {
-                data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
-                }
-                break;
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int conn_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=conn_write(bp,str,n);
-        return(ret);
-        }
-
-BIO *BIO_new_connect(char *str)
-        {
-        BIO *ret;
-
-        ret=BIO_new(BIO_s_connect());
-        if (ret == NULL) return(NULL);
-        if (BIO_set_conn_hostname(ret,str))
-                return(ret);
-        else
-                {
-                BIO_free(ret);
-                return(NULL);
-                }
-        }
-
-#endif
-
diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c
deleted file mode 100644
index 5e3e187de6..0000000000
--- a/src/lib/libcrypto/bio/bss_fd.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/* crypto/bio/bss_fd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int fd_write(BIO *h, const char *buf, int num);
-static int fd_read(BIO *h, char *buf, int size);
-static int fd_puts(BIO *h, const char *str);
-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int fd_new(BIO *h);
-static int fd_free(BIO *data);
-int BIO_fd_should_retry(int s);
-
-static BIO_METHOD methods_fdp=
-        {
-        BIO_TYPE_FD,"file descriptor",
-        fd_write,
-        fd_read,
-        fd_puts,
-        NULL, /* fd_gets, */
-        fd_ctrl,
-        fd_new,
-        fd_free,
-        NULL,
-        };
-
-BIO_METHOD *BIO_s_fd(void)
-        {
-        return(&methods_fdp);
-        }
-
-BIO *BIO_new_fd(int fd,int close_flag)
-        {
-        BIO *ret;
-        ret=BIO_new(BIO_s_fd());
-        if (ret == NULL) return(NULL);
-        BIO_set_fd(ret,fd,close_flag);
-        return(ret);
-        }
-
-static int fd_new(BIO *bi)
-        {
-        bi->init=0;
-        bi->num=0;
-        bi->ptr=NULL;
-        bi->flags=0;
-        return(1);
-        }
-
-static int fd_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        if (a->shutdown)
-                {
-                if (a->init)
-                        {
-                        close(a->num);
-                        }
-                a->init=0;
-                a->flags=0;
-                }
-        return(1);
-        }
-        
-static int fd_read(BIO *b, char *out,int outl)
-        {
-        int ret=0;
-
-        if (out != NULL)
-                {
-                clear_sys_error();
-                ret=read(b->num,out,outl);
-                BIO_clear_retry_flags(b);
-                if (ret <= 0)
-                        {
-                        if (BIO_fd_should_retry(ret))
-                                BIO_set_retry_read(b);
-                        }
-                }
-        return(ret);
-        }
-
-static int fd_write(BIO *b, const char *in, int inl)
-        {
-        int ret;
-        clear_sys_error();
-        ret=write(b->num,in,inl);
-        BIO_clear_retry_flags(b);
-        if (ret <= 0)
-                {
-                if (BIO_fd_should_retry(ret))
-                        BIO_set_retry_write(b);
-                }
-        return(ret);
-        }
-
-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret=1;
-        int *ip;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                num=0;
-        case BIO_C_FILE_SEEK:
-                ret=(long)lseek(b->num,num,0);
-                break;
-        case BIO_C_FILE_TELL:
-        case BIO_CTRL_INFO:
-                ret=(long)lseek(b->num,0,1);
-                break;
-        case BIO_C_SET_FD:
-                fd_free(b);
-                b->num= *((int *)ptr);
-                b->shutdown=(int)num;
-                b->init=1;
-                break;
-        case BIO_C_GET_FD:
-                if (b->init)
-                        {
-                        ip=(int *)ptr;
-                        if (ip != NULL) *ip=b->num;
-                        ret=b->num;
-                        }
-                else
-                        ret= -1;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
-        case BIO_CTRL_DUP:
-        case BIO_CTRL_FLUSH:
-                ret=1;
-                break;
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int fd_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=fd_write(bp,str,n);
-        return(ret);
-        }
-
-int BIO_fd_should_retry(int i)
-        {
-        int err;
-
-        if ((i == 0) || (i == -1))
-                {
-                err=get_last_sys_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-                if ((i == -1) && (err == 0))
-                        return(1);
-#endif
-
-                return(BIO_fd_non_fatal_error(err));
-                }
-        return(0);
-        }
-
-int BIO_fd_non_fatal_error(int err)
-        {
-        switch (err)
-                {
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-        case EWOULDBLOCK:
-#  endif
-# else
-        case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
-        case ENOTCONN:
-#endif
-
-#ifdef EINTR
-        case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-        case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
-        case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
-        case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
-        case EALREADY:
-#endif
-                return(1);
-                /* break; */
-        default:
-                break;
-                }
-        return(0);
-        }
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
deleted file mode 100644
index 58fade9f29..0000000000
--- a/src/lib/libcrypto/bio/bss_file.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
- *              with binary data (e.g. asn1parse -inform DER < xxx) under
- *              Windows
- */
-
-#ifndef HEADER_BSS_FILE_C
-#define HEADER_BSS_FILE_C
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-#if !defined(OPENSSL_NO_STDIO)
-
-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
-static int MS_CALLBACK file_puts(BIO *h, const char *str);
-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-static BIO_METHOD methods_filep=
-        {
-        BIO_TYPE_FILE,
-        "FILE pointer",
-        file_write,
-        file_read,
-        file_puts,
-        file_gets,
-        file_ctrl,
-        file_new,
-        file_free,
-        NULL,
-        };
-
-BIO *BIO_new_file(const char *filename, const char *mode)
-        {
-        BIO *ret;
-        FILE *file;
-
-        if ((file=fopen(filename,mode)) == NULL)
-                {
-                SYSerr(SYS_F_FOPEN,get_last_sys_error());
-                ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-                if (errno == ENOENT)
-                        BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
-                else
-                        BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-                return(NULL);
-                }
-        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
-                return(NULL);
-
-        BIO_set_fp(ret,file,BIO_CLOSE);
-        return(ret);
-        }
-
-BIO *BIO_new_fp(FILE *stream, int close_flag)
-        {
-        BIO *ret;
-
-        if ((ret=BIO_new(BIO_s_file())) == NULL)
-                return(NULL);
-
-        BIO_set_fp(ret,stream,close_flag);
-        return(ret);
-        }
-
-BIO_METHOD *BIO_s_file(void)
-        {
-        return(&methods_filep);
-        }
-
-static int MS_CALLBACK file_new(BIO *bi)
-        {
-        bi->init=0;
-        bi->num=0;
-        bi->ptr=NULL;
-        return(1);
-        }
-
-static int MS_CALLBACK file_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        if (a->shutdown)
-                {
-                if ((a->init) && (a->ptr != NULL))
-                        {
-                        fclose((FILE *)a->ptr);
-                        a->ptr=NULL;
-                        }
-                a->init=0;
-                }
-        return(1);
-        }
-        
-static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
-
-        if (b->init && (out != NULL))
-                {
-                ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-                if(ret == 0 && ferror((FILE *)b->ptr))
-                        {
-                        SYSerr(SYS_F_FREAD,get_last_sys_error());
-                        BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
-                        ret=-1;
-                        }
-                }
-        return(ret);
-        }
-
-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
-        {
-        int ret=0;
-
-        if (b->init && (in != NULL))
-                {
-                if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-                        ret=inl;
-                /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-                /* according to Tim Hudson <tjh@cryptsoft.com>, the commented
-                 * out version above can cause 'inl' write calls under
-                 * some stupid stdio implementations (VMS) */
-                }
-        return(ret);
-        }
-
-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret=1;
-        FILE *fp=(FILE *)b->ptr;
-        FILE **fpp;
-        char p[4];
-
-        switch (cmd)
-                {
-        case BIO_C_FILE_SEEK:
-        case BIO_CTRL_RESET:
-                ret=(long)fseek(fp,num,SEEK_SET);
-                break;
-        case BIO_CTRL_EOF:
-                ret=(long)feof(fp);
-                break;
-        case BIO_C_FILE_TELL:
-        case BIO_CTRL_INFO:
-                ret=ftell(fp);
-                break;
-        case BIO_C_SET_FILE_PTR:
-                file_free(b);
-                b->shutdown=(int)num&BIO_CLOSE;
-                b->ptr=(char *)ptr;
-                b->init=1;
-                {
-#if defined(OPENSSL_SYS_WINDOWS)
-                int fd = fileno((FILE*)ptr);
-                if (num & BIO_FP_TEXT)
-                        _setmode(fd,_O_TEXT);
-                else
-                        _setmode(fd,_O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
-                int fd = fileno((FILE*)ptr);
-                /* Set correct text/binary mode */
-                if (num & BIO_FP_TEXT)
-                        _setmode(fd,_O_TEXT);
-                /* Dangerous to set stdin/stdout to raw (unless redirected) */
-                else
-                        {
-                        if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
-                                {
-                                if (isatty(fd) <= 0)
-                                        _setmode(fd,_O_BINARY);
-                                }
-                        else
-                                _setmode(fd,_O_BINARY);
-                        }
-#elif defined(OPENSSL_SYS_OS2)
-                int fd = fileno((FILE*)ptr);
-                if (num & BIO_FP_TEXT)
-                        setmode(fd, O_TEXT);
-                else
-                        setmode(fd, O_BINARY);
-#endif
-                }
-                break;
-        case BIO_C_SET_FILENAME:
-                file_free(b);
-                b->shutdown=(int)num&BIO_CLOSE;
-                if (num & BIO_FP_APPEND)
-                        {
-                        if (num & BIO_FP_READ)
-                                BUF_strlcpy(p,"a+",sizeof p);
-                        else    BUF_strlcpy(p,"a",sizeof p);
-                        }
-                else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-                        BUF_strlcpy(p,"r+",sizeof p);
-                else if (num & BIO_FP_WRITE)
-                        BUF_strlcpy(p,"w",sizeof p);
-                else if (num & BIO_FP_READ)
-                        BUF_strlcpy(p,"r",sizeof p);
-                else
-                        {
-                        BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-                        ret=0;
-                        break;
-                        }
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
-                if (!(num & BIO_FP_TEXT))
-                        strcat(p,"b");
-                else
-                        strcat(p,"t");
-#endif
-                fp=fopen(ptr,p);
-                if (fp == NULL)
-                        {
-                        SYSerr(SYS_F_FOPEN,get_last_sys_error());
-                        ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
-                        BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-                        ret=0;
-                        break;
-                        }
-                b->ptr=(char *)fp;
-                b->init=1;
-                break;
-        case BIO_C_GET_FILE_PTR:
-                /* the ptr parameter is actually a FILE ** in this case. */
-                if (ptr != NULL)
-                        {
-                        fpp=(FILE **)ptr;
-                        *fpp=(FILE *)b->ptr;
-                        }
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=(long)b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_FLUSH:
-                fflush((FILE *)b->ptr);
-                break;
-        case BIO_CTRL_DUP:
-                ret=1;
-                break;
-
-        case BIO_CTRL_WPENDING:
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_PUSH:
-        case BIO_CTRL_POP:
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
-        {
-        int ret=0;
-
-        buf[0]='\0';
-        fgets(buf,size,(FILE *)bp->ptr);
-        if (buf[0] != '\0')
-                ret=strlen(buf);
-        return(ret);
-        }
-
-static int MS_CALLBACK file_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=file_write(bp,str,n);
-        return(ret);
-        }
-
-#endif /* OPENSSL_NO_STDIO */
-
-#endif /* HEADER_BSS_FILE_C */
-
-
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
deleted file mode 100644
index 1eb678cac0..0000000000
--- a/src/lib/libcrypto/bio/bss_log.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* crypto/bio/bss_log.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-        Why BIO_s_log?
-
-        BIO_s_log is useful for system daemons (or services under NT).
-        It is one-way BIO, it sends all stuff to syslogd (on system that
-        commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
-
-*/
-
-
-#include <stdio.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#if defined(OPENSSL_SYS_WINCE)
-#elif defined(OPENSSL_SYS_WIN32)
-#  include <process.h>
-#elif defined(OPENSSL_SYS_VMS)
-#  include <opcdef.h>
-#  include <descrip.h>
-#  include <lib$routines.h>
-#  include <starlet.h>
-#elif defined(__ultrix)
-#  include <sys/syslog.h>
-#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
-#  include <syslog.h>
-#endif
-
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-#ifndef NO_SYSLOG
-
-#if defined(OPENSSL_SYS_WIN32)
-#define LOG_EMERG       0
-#define LOG_ALERT       1
-#define LOG_CRIT        2
-#define LOG_ERR         3
-#define LOG_WARNING     4
-#define LOG_NOTICE      5
-#define LOG_INFO        6
-#define LOG_DEBUG       7
-
-#define LOG_DAEMON      (3<<3)
-#elif defined(OPENSSL_SYS_VMS)
-/* On VMS, we don't really care about these, but we need them to compile */
-#define LOG_EMERG       0
-#define LOG_ALERT       1
-#define LOG_CRIT        2
-#define LOG_ERR         3
-#define LOG_WARNING     4
-#define LOG_NOTICE      5
-#define LOG_INFO        6
-#define LOG_DEBUG       7
-
-#define LOG_DAEMON      OPC$M_NM_NTWORK
-#endif
-
-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK slg_puts(BIO *h, const char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK slg_new(BIO *h);
-static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
-#ifdef OPENSSL_SYS_WIN32
-LONG    (WINAPI *go_for_advapi)()       = RegOpenKeyEx;
-HANDLE  (WINAPI *register_event_source)()       = NULL;
-BOOL    (WINAPI *deregister_event_source)()     = NULL;
-BOOL    (WINAPI *report_event)()        = NULL;
-#define DL_PROC(m,f)    (GetProcAddress( m, f ))
-#ifdef UNICODE
-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
-#else
-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
-#endif
-#endif
-
-static BIO_METHOD methods_slg=
-        {
-        BIO_TYPE_MEM,"syslog",
-        slg_write,
-        NULL,
-        slg_puts,
-        NULL,
-        slg_ctrl,
-        slg_new,
-        slg_free,
-        NULL,
-        };
-
-BIO_METHOD *BIO_s_log(void)
-        {
-        return(&methods_slg);
-        }
-
-static int MS_CALLBACK slg_new(BIO *bi)
-        {
-        bi->init=1;
-        bi->num=0;
-        bi->ptr=NULL;
-        xopenlog(bi, "application", LOG_DAEMON);
-        return(1);
-        }
-
-static int MS_CALLBACK slg_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        xcloselog(a);
-        return(1);
-        }
-        
-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
-        {
-        int ret= inl;
-        char* buf;
-        char* pp;
-        int priority, i;
-        static struct
-                {
-                int strl;
-                char str[10];
-                int log_level;
-                }
-        mapping[] =
-                {
-                { 6, "PANIC ", LOG_EMERG },
-                { 6, "EMERG ", LOG_EMERG },
-                { 4, "EMR ", LOG_EMERG },
-                { 6, "ALERT ", LOG_ALERT },
-                { 4, "ALR ", LOG_ALERT },
-                { 5, "CRIT ", LOG_CRIT },
-                { 4, "CRI ", LOG_CRIT },
-                { 6, "ERROR ", LOG_ERR },
-                { 4, "ERR ", LOG_ERR },
-                { 8, "WARNING ", LOG_WARNING },
-                { 5, "WARN ", LOG_WARNING },
-                { 4, "WAR ", LOG_WARNING },
-                { 7, "NOTICE ", LOG_NOTICE },
-                { 5, "NOTE ", LOG_NOTICE },
-                { 4, "NOT ", LOG_NOTICE },
-                { 5, "INFO ", LOG_INFO },
-                { 4, "INF ", LOG_INFO },
-                { 6, "DEBUG ", LOG_DEBUG },
-                { 4, "DBG ", LOG_DEBUG },
-                { 0, "", LOG_ERR } /* The default */
-                };
-
-        if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
-                return(0);
-        }
-        strncpy(buf, in, inl);
-        buf[inl]= '\0';
-
-        i = 0;
-        while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
-        priority = mapping[i].log_level;
-        pp = buf + mapping[i].strl;
-
-        xsyslog(b, priority, pp);
-
-        OPENSSL_free(buf);
-        return(ret);
-        }
-
-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        switch (cmd)
-                {
-        case BIO_CTRL_SET:
-                xcloselog(b);
-                xopenlog(b, ptr, num);
-                break;
-        default:
-                break;
-                }
-        return(0);
-        }
-
-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=slg_write(bp,str,n);
-        return(ret);
-        }
-
-#if defined(OPENSSL_SYS_WIN32)
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-        if ( !register_event_source )
-                {
-                HANDLE  advapi;
-                if ( !(advapi = GetModuleHandle("advapi32")) )
-                        return;
-                register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
-                        "RegisterEventSource" );
-                deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
-                        "DeregisterEventSource");
-                report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
-                        "ReportEvent" );
-                if ( !(register_event_source && deregister_event_source &&
-                                report_event) )
-                        {
-                        register_event_source = NULL;
-                        deregister_event_source = NULL;
-                        report_event = NULL;
-                        return;
-                        }
-                }
-        bp->ptr= (char *)register_event_source(NULL, name);
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-        LPCSTR lpszStrings[2];
-        WORD evtype= EVENTLOG_ERROR_TYPE;
-        int pid = _getpid();
-        char pidbuf[DECIMAL_SIZE(pid)+4];
-
-        switch (priority)
-                {
-        case LOG_EMERG:
-        case LOG_ALERT:
-        case LOG_CRIT:
-        case LOG_ERR:
-                evtype = EVENTLOG_ERROR_TYPE;
-                break;
-        case LOG_WARNING:
-                evtype = EVENTLOG_WARNING_TYPE;
-                break;
-        case LOG_NOTICE:
-        case LOG_INFO:
-        case LOG_DEBUG:
-                evtype = EVENTLOG_INFORMATION_TYPE;
-                break;
-        default:                /* Should never happen, but set it
-                                   as error anyway. */
-                evtype = EVENTLOG_ERROR_TYPE;
-                break;
-                }
-
-        sprintf(pidbuf, "[%d] ", pid);
-        lpszStrings[0] = pidbuf;
-        lpszStrings[1] = string;
-
-        if(report_event && bp->ptr)
-                report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-                                lpszStrings, NULL);
-}
-        
-static void xcloselog(BIO* bp)
-{
-        if(deregister_event_source && bp->ptr)
-                deregister_event_source((HANDLE)(bp->ptr));
-        bp->ptr= NULL;
-}
-
-#elif defined(OPENSSL_SYS_VMS)
-
-static int VMS_OPC_target = LOG_DAEMON;
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-        VMS_OPC_target = level; 
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-        struct dsc$descriptor_s opc_dsc;
-        struct opcdef *opcdef_p;
-        char buf[10240];
-        unsigned int len;
-        struct dsc$descriptor_s buf_dsc;
-        $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
-        char *priority_tag;
-
-        switch (priority)
-          {
-          case LOG_EMERG: priority_tag = "Emergency"; break;
-          case LOG_ALERT: priority_tag = "Alert"; break;
-          case LOG_CRIT: priority_tag = "Critical"; break;
-          case LOG_ERR: priority_tag = "Error"; break;
-          case LOG_WARNING: priority_tag = "Warning"; break;
-          case LOG_NOTICE: priority_tag = "Notice"; break;
-          case LOG_INFO: priority_tag = "Info"; break;
-          case LOG_DEBUG: priority_tag = "DEBUG"; break;
-          }
-
-        buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-        buf_dsc.dsc$b_class = DSC$K_CLASS_S;
-        buf_dsc.dsc$a_pointer = buf;
-        buf_dsc.dsc$w_length = sizeof(buf) - 1;
-
-        lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
-
-        /* we know there's an 8 byte header.  That's documented */
-        opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
-        opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
-        memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
-        opcdef_p->opc$l_ms_rqstid = 0;
-        memcpy(&opcdef_p->opc$l_ms_text, buf, len);
-
-        opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-        opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-        opc_dsc.dsc$a_pointer = (char *)opcdef_p;
-        opc_dsc.dsc$w_length = len + 8;
-
-        sys$sndopr(opc_dsc, 0);
-
-        OPENSSL_free(opcdef_p);
-}
-
-static void xcloselog(BIO* bp)
-{
-}
-
-#else /* Unix/Watt32 */
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-#ifdef WATT32   /* djgpp/DOS */
-        openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
-#else
-        openlog(name, LOG_PID|LOG_CONS, level);
-#endif
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-        syslog(priority, "%s", string);
-}
-
-static void xcloselog(BIO* bp)
-{
-        closelog();
-}
-
-#endif /* Unix */
-
-#endif /* NO_SYSLOG */
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
deleted file mode 100644
index a4edb711ae..0000000000
--- a/src/lib/libcrypto/bio/bss_mem.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/* crypto/bio/bss_mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int mem_write(BIO *h, const char *buf, int num);
-static int mem_read(BIO *h, char *buf, int size);
-static int mem_puts(BIO *h, const char *str);
-static int mem_gets(BIO *h, char *str, int size);
-static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int mem_new(BIO *h);
-static int mem_free(BIO *data);
-static BIO_METHOD mem_method=
-        {
-        BIO_TYPE_MEM,
-        "memory buffer",
-        mem_write,
-        mem_read,
-        mem_puts,
-        mem_gets,
-        mem_ctrl,
-        mem_new,
-        mem_free,
-        NULL,
-        };
-
-/* bio->num is used to hold the value to return on 'empty', if it is
- * 0, should_retry is not set */
-
-BIO_METHOD *BIO_s_mem(void)
-        {
-        return(&mem_method);
-        }
-
-BIO *BIO_new_mem_buf(void *buf, int len)
-{
-        BIO *ret;
-        BUF_MEM *b;
-        if (!buf) {
-                BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
-                return NULL;
-        }
-        if(len == -1) len = strlen(buf);
-        if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
-        b = (BUF_MEM *)ret->ptr;
-        b->data = buf;
-        b->length = len;
-        b->max = len;
-        ret->flags |= BIO_FLAGS_MEM_RDONLY;
-        /* Since this is static data retrying wont help */
-        ret->num = 0;
-        return ret;
-}
-
-static int mem_new(BIO *bi)
-        {
-        BUF_MEM *b;
-
-        if ((b=BUF_MEM_new()) == NULL)
-                return(0);
-        bi->shutdown=1;
-        bi->init=1;
-        bi->num= -1;
-        bi->ptr=(char *)b;
-        return(1);
-        }
-
-static int mem_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        if (a->shutdown)
-                {
-                if ((a->init) && (a->ptr != NULL))
-                        {
-                        BUF_MEM *b;
-                        b = (BUF_MEM *)a->ptr;
-                        if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
-                        BUF_MEM_free(b);
-                        a->ptr=NULL;
-                        }
-                }
-        return(1);
-        }
-        
-static int mem_read(BIO *b, char *out, int outl)
-        {
-        int ret= -1;
-        BUF_MEM *bm;
-        int i;
-        char *from,*to;
-
-        bm=(BUF_MEM *)b->ptr;
-        BIO_clear_retry_flags(b);
-        ret=(outl > bm->length)?bm->length:outl;
-        if ((out != NULL) && (ret > 0)) {
-                memcpy(out,bm->data,ret);
-                bm->length-=ret;
-                /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
-                if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
-                else {
-                        from=(char *)&(bm->data[ret]);
-                        to=(char *)&(bm->data[0]);
-                        for (i=0; i<bm->length; i++)
-                                to[i]=from[i];
-                }
-        } else if (bm->length == 0)
-                {
-                ret = b->num;
-                if (ret != 0)
-                        BIO_set_retry_read(b);
-                }
-        return(ret);
-        }
-
-static int mem_write(BIO *b, const char *in, int inl)
-        {
-        int ret= -1;
-        int blen;
-        BUF_MEM *bm;
-
-        bm=(BUF_MEM *)b->ptr;
-        if (in == NULL)
-                {
-                BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
-                goto end;
-                }
-
-        if(b->flags & BIO_FLAGS_MEM_RDONLY) {
-                BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
-                goto end;
-        }
-
-        BIO_clear_retry_flags(b);
-        blen=bm->length;
-        if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
-                goto end;
-        memcpy(&(bm->data[blen]),in,inl);
-        ret=inl;
-end:
-        return(ret);
-        }
-
-static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret=1;
-        char **pptr;
-
-        BUF_MEM *bm=(BUF_MEM *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                if (bm->data != NULL)
-                        {
-                        /* For read only case reset to the start again */
-                        if(b->flags & BIO_FLAGS_MEM_RDONLY) 
-                                {
-                                bm->data -= bm->max - bm->length;
-                                bm->length = bm->max;
-                                }
-                        else
-                                {
-                                memset(bm->data,0,bm->max);
-                                bm->length=0;
-                                }
-                        }
-                break;
-        case BIO_CTRL_EOF:
-                ret=(long)(bm->length == 0);
-                break;
-        case BIO_C_SET_BUF_MEM_EOF_RETURN:
-                b->num=(int)num;
-                break;
-        case BIO_CTRL_INFO:
-                ret=(long)bm->length;
-                if (ptr != NULL)
-                        {
-                        pptr=(char **)ptr;
-                        *pptr=(char *)&(bm->data[0]);
-                        }
-                break;
-        case BIO_C_SET_BUF_MEM:
-                mem_free(b);
-                b->shutdown=(int)num;
-                b->ptr=ptr;
-                break;
-        case BIO_C_GET_BUF_MEM_PTR:
-                if (ptr != NULL)
-                        {
-                        pptr=(char **)ptr;
-                        *pptr=(char *)bm;
-                        }
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=(long)b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-
-        case BIO_CTRL_WPENDING:
-                ret=0L;
-                break;
-        case BIO_CTRL_PENDING:
-                ret=(long)bm->length;
-                break;
-        case BIO_CTRL_DUP:
-        case BIO_CTRL_FLUSH:
-                ret=1;
-                break;
-        case BIO_CTRL_PUSH:
-        case BIO_CTRL_POP:
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int mem_gets(BIO *bp, char *buf, int size)
-        {
-        int i,j;
-        int ret= -1;
-        char *p;
-        BUF_MEM *bm=(BUF_MEM *)bp->ptr;
-
-        BIO_clear_retry_flags(bp);
-        j=bm->length;
-        if (j <= 0)
-                {
-                *buf='\0';
-                return 0;
-                }
-        p=bm->data;
-        for (i=0; i<j; i++)
-                {
-                if (p[i] == '\n') break;
-                }
-        if (i == j)
-                {
-                BIO_set_retry_read(bp);
-                /* return(-1);  change the semantics 0.6.6a */ 
-                }
-        else
-                i++;
-        /* i is the max to copy */
-        if ((size-1) < i) i=size-1;
-        i=mem_read(bp,buf,i);
-        if (i > 0) buf[i]='\0';
-        ret=i;
-        return(ret);
-        }
-
-static int mem_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=mem_write(bp,str,n);
-        /* memory semantics is that it will always work */
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/bio/bss_null.c b/src/lib/libcrypto/bio/bss_null.c
deleted file mode 100644
index 46b73339df..0000000000
--- a/src/lib/libcrypto/bio/bss_null.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/bio/bss_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int null_write(BIO *h, const char *buf, int num);
-static int null_read(BIO *h, char *buf, int size);
-static int null_puts(BIO *h, const char *str);
-static int null_gets(BIO *h, char *str, int size);
-static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int null_new(BIO *h);
-static int null_free(BIO *data);
-static BIO_METHOD null_method=
-        {
-        BIO_TYPE_NULL,
-        "NULL",
-        null_write,
-        null_read,
-        null_puts,
-        null_gets,
-        null_ctrl,
-        null_new,
-        null_free,
-        NULL,
-        };
-
-BIO_METHOD *BIO_s_null(void)
-        {
-        return(&null_method);
-        }
-
-static int null_new(BIO *bi)
-        {
-        bi->init=1;
-        bi->num=0;
-        bi->ptr=(NULL);
-        return(1);
-        }
-
-static int null_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        return(1);
-        }
-        
-static int null_read(BIO *b, char *out, int outl)
-        {
-        return(0);
-        }
-
-static int null_write(BIO *b, const char *in, int inl)
-        {
-        return(inl);
-        }
-
-static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret=1;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-        case BIO_CTRL_EOF:
-        case BIO_CTRL_SET:
-        case BIO_CTRL_SET_CLOSE:
-        case BIO_CTRL_FLUSH:
-        case BIO_CTRL_DUP:
-                ret=1;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-        case BIO_CTRL_INFO:
-        case BIO_CTRL_GET:
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int null_gets(BIO *bp, char *buf, int size)
-        {
-        return(0);
-        }
-
-static int null_puts(BIO *bp, const char *str)
-        {
-        if (str == NULL) return(0);
-        return(strlen(str));
-        }
-
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c
deleted file mode 100644
index 2c1c405ec7..0000000000
--- a/src/lib/libcrypto/bio/bss_sock.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/* crypto/bio/bss_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifdef WATT32
-#define sock_write SockWrite  /* Watt-32 uses same names */
-#define sock_read  SockRead
-#define sock_puts  SockPuts
-#endif
-
-static int sock_write(BIO *h, const char *buf, int num);
-static int sock_read(BIO *h, char *buf, int size);
-static int sock_puts(BIO *h, const char *str);
-static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int sock_new(BIO *h);
-static int sock_free(BIO *data);
-int BIO_sock_should_retry(int s);
-
-static BIO_METHOD methods_sockp=
-        {
-        BIO_TYPE_SOCKET,
-        "socket",
-        sock_write,
-        sock_read,
-        sock_puts,
-        NULL, /* sock_gets, */
-        sock_ctrl,
-        sock_new,
-        sock_free,
-        NULL,
-        };
-
-BIO_METHOD *BIO_s_socket(void)
-        {
-        return(&methods_sockp);
-        }
-
-BIO *BIO_new_socket(int fd, int close_flag)
-        {
-        BIO *ret;
-
-        ret=BIO_new(BIO_s_socket());
-        if (ret == NULL) return(NULL);
-        BIO_set_fd(ret,fd,close_flag);
-        return(ret);
-        }
-
-static int sock_new(BIO *bi)
-        {
-        bi->init=0;
-        bi->num=0;
-        bi->ptr=NULL;
-        bi->flags=0;
-        return(1);
-        }
-
-static int sock_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        if (a->shutdown)
-                {
-                if (a->init)
-                        {
-                        SHUTDOWN2(a->num);
-                        }
-                a->init=0;
-                a->flags=0;
-                }
-        return(1);
-        }
-        
-static int sock_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
-
-        if (out != NULL)
-                {
-                clear_socket_error();
-                ret=readsocket(b->num,out,outl);
-                BIO_clear_retry_flags(b);
-                if (ret <= 0)
-                        {
-                        if (BIO_sock_should_retry(ret))
-                                BIO_set_retry_read(b);
-                        }
-                }
-        return(ret);
-        }
-
-static int sock_write(BIO *b, const char *in, int inl)
-        {
-        int ret;
-        
-        clear_socket_error();
-        ret=writesocket(b->num,in,inl);
-        BIO_clear_retry_flags(b);
-        if (ret <= 0)
-                {
-                if (BIO_sock_should_retry(ret))
-                        BIO_set_retry_write(b);
-                }
-        return(ret);
-        }
-
-static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        long ret=1;
-        int *ip;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                num=0;
-        case BIO_C_FILE_SEEK:
-                ret=0;
-                break;
-        case BIO_C_FILE_TELL:
-        case BIO_CTRL_INFO:
-                ret=0;
-                break;
-        case BIO_C_SET_FD:
-                sock_free(b);
-                b->num= *((int *)ptr);
-                b->shutdown=(int)num;
-                b->init=1;
-                break;
-        case BIO_C_GET_FD:
-                if (b->init)
-                        {
-                        ip=(int *)ptr;
-                        if (ip != NULL) *ip=b->num;
-                        ret=b->num;
-                        }
-                else
-                        ret= -1;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
-        case BIO_CTRL_DUP:
-        case BIO_CTRL_FLUSH:
-                ret=1;
-                break;
-        default:
-                ret=0;
-                break;
-                }
-        return(ret);
-        }
-
-static int sock_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=sock_write(bp,str,n);
-        return(ret);
-        }
-
-int BIO_sock_should_retry(int i)
-        {
-        int err;
-
-        if ((i == 0) || (i == -1))
-                {
-                err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-                if ((i == -1) && (err == 0))
-                        return(1);
-#endif
-
-                return(BIO_sock_non_fatal_error(err));
-                }
-        return(0);
-        }
-
-int BIO_sock_non_fatal_error(int err)
-        {
-        switch (err)
-                {
-#if defined(OPENSSL_SYS_WINDOWS)
-# if defined(WSAEWOULDBLOCK)
-        case WSAEWOULDBLOCK:
-# endif
-
-# if 0 /* This appears to always be an error */
-#  if defined(WSAENOTCONN)
-        case WSAENOTCONN:
-#  endif
-# endif
-#endif
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-        case EWOULDBLOCK:
-#  endif
-# else
-        case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
-        case ENOTCONN:
-#endif
-
-#ifdef EINTR
-        case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-        case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
-        case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
-        case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
-        case EALREADY:
-#endif
-                return(1);
-                /* break; */
-        default:
-                break;
-                }
-        return(0);
-        }
-#endif
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
deleted file mode 100644
index c4de4a2bee..0000000000
--- a/src/lib/libcrypto/bn/asm/bn-586.pl
+++ /dev/null
@@ -1,593 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-&bn_mul_add_words("bn_mul_add_words");
-&bn_mul_words("bn_mul_words");
-&bn_sqr_words("bn_sqr_words");
-&bn_div_words("bn_div_words");
-&bn_add_words("bn_add_words");
-&bn_sub_words("bn_sub_words");
-#&bn_sub_part_words("bn_sub_part_words");
-
-&asm_finish();
-
-sub bn_mul_add_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $Low="eax";
-        $High="edx";
-        $a="ebx";
-        $w="ebp";
-        $r="edi";
-        $c="esi";
-
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-
-        &mov("ecx",&wparam(2)); #
-        &mov($a,&wparam(1));    #
-
-        &and("ecx",0xfffffff8); # num / 8
-        &mov($w,&wparam(3));    #
-
-        &push("ecx");           # Up the stack for a tmp variable
-
-        &jz(&label("maw_finish"));
-
-        &set_label("maw_loop",0);
-
-        &mov(&swtmp(0),"ecx");  #
-
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);         # L(t)+= *r
-                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
-                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);                # L(t)+=c
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
-                &mov($c,"edx");                 # c=  H(t);
-                }
-
-        &comment("");
-        &mov("ecx",&swtmp(0));  #
-        &add($a,32);
-        &add($r,32);
-        &sub("ecx",8);
-        &jnz(&label("maw_loop"));
-
-        &set_label("maw_finish",0);
-        &mov("ecx",&wparam(2)); # get num
-        &and("ecx",7);
-        &jnz(&label("maw_finish2"));    # helps branch prediction
-        &jmp(&label("maw_end"));
-
-        &set_label("maw_finish2",1);
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
-                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);
-                &adc("edx",0);                  # H(t)+=carry
-                 &dec("ecx") if ($i != 7-1);
-                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
-                 &mov($c,"edx");                        # c=  H(t);
-                &jz(&label("maw_end")) if ($i != 7-1);
-                }
-        &set_label("maw_end",0);
-        &mov("eax",$c);
-
-        &pop("ecx");    # clear variable from
-
-        &function_end($name);
-        }
-
-sub bn_mul_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $Low="eax";
-        $High="edx";
-        $a="ebx";
-        $w="ecx";
-        $r="edi";
-        $c="esi";
-        $num="ebp";
-
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-        &mov($a,&wparam(1));    #
-        &mov($num,&wparam(2));  #
-        &mov($w,&wparam(3));    #
-
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("mw_finish"));
-
-        &set_label("mw_loop",0);
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 # XXX
-
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
-
-                &mov($c,"edx");                 # c=  H(t);
-                }
-
-        &comment("");
-        &add($a,32);
-        &add($r,32);
-        &sub($num,8);
-        &jz(&label("mw_finish"));
-        &jmp(&label("mw_loop"));
-
-        &set_label("mw_finish",0);
-        &mov($num,&wparam(2));  # get num
-        &and($num,7);
-        &jnz(&label("mw_finish2"));
-        &jmp(&label("mw_end"));
-
-        &set_label("mw_finish2",1);
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 # XXX
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
-                &mov($c,"edx");                 # c=  H(t);
-                 &dec($num) if ($i != 7-1);
-                &jz(&label("mw_end")) if ($i != 7-1);
-                }
-        &set_label("mw_end",0);
-        &mov("eax",$c);
-
-        &function_end($name);
-        }
-
-sub bn_sqr_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $r="esi";
-        $a="edi";
-        $num="ebx";
-
-        &mov($r,&wparam(0));    #
-        &mov($a,&wparam(1));    #
-        &mov($num,&wparam(2));  #
-
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("sw_finish"));
-
-        &set_label("sw_loop",0);
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-                &mov("eax",&DWP($i,$a,"",0));   # *a
-                 # XXX
-                &mul("eax");                    # *a * *a
-                &mov(&DWP($i*2,$r,"",0),"eax"); #
-                 &mov(&DWP($i*2+4,$r,"",0),"edx");#
-                }
-
-        &comment("");
-        &add($a,32);
-        &add($r,64);
-        &sub($num,8);
-        &jnz(&label("sw_loop"));
-
-        &set_label("sw_finish",0);
-        &mov($num,&wparam(2));  # get num
-        &and($num,7);
-        &jz(&label("sw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov("eax",&DWP($i*4,$a,"",0)); # *a
-                 # XXX
-                &mul("eax");                    # *a * *a
-                &mov(&DWP($i*8,$r,"",0),"eax"); #
-                 &dec($num) if ($i != 7-1);
-                &mov(&DWP($i*8+4,$r,"",0),"edx");
-                 &jz(&label("sw_end")) if ($i != 7-1);
-                }
-        &set_label("sw_end",0);
-
-        &function_end($name);
-        }
-
-sub bn_div_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-        &mov("edx",&wparam(0)); #
-        &mov("eax",&wparam(1)); #
-        &mov("ebx",&wparam(2)); #
-        &div("ebx");
-        &function_end($name);
-        }
-
-sub bn_add_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $a="esi";
-        $b="edi";
-        $c="eax";
-        $r="ebx";
-        $tmp1="ecx";
-        $tmp2="edx";
-        $num="ebp";
-
-        &mov($r,&wparam(0));    # get r
-         &mov($a,&wparam(1));   # get a
-        &mov($b,&wparam(2));    # get b
-         &mov($num,&wparam(3)); # get num
-        &xor($c,$c);            # clear carry
-         &and($num,0xfffffff8); # num / 8
-
-        &jz(&label("aw_finish"));
-
-        &set_label("aw_loop",0);
-        for ($i=0; $i<8; $i++)
-                {
-                &comment("Round $i");
-
-                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
-                &add($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &add($tmp1,$tmp2);
-                &adc($c,0);
-                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
-                }
-
-        &comment("");
-        &add($a,32);
-         &add($b,32);
-        &add($r,32);
-         &sub($num,8);
-        &jnz(&label("aw_loop"));
-
-        &set_label("aw_finish",0);
-        &mov($num,&wparam(3));  # get num
-        &and($num,7);
-         &jz(&label("aw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-                &add($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &add($tmp1,$tmp2);
-                &adc($c,0);
-                 &dec($num) if ($i != 6);
-                &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
-                 &jz(&label("aw_end")) if ($i != 6);
-                }
-        &set_label("aw_end",0);
-
-#       &mov("eax",$c);         # $c is "eax"
-
-        &function_end($name);
-        }
-
-sub bn_sub_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $a="esi";
-        $b="edi";
-        $c="eax";
-        $r="ebx";
-        $tmp1="ecx";
-        $tmp2="edx";
-        $num="ebp";
-
-        &mov($r,&wparam(0));    # get r
-         &mov($a,&wparam(1));   # get a
-        &mov($b,&wparam(2));    # get b
-         &mov($num,&wparam(3)); # get num
-        &xor($c,$c);            # clear carry
-         &and($num,0xfffffff8); # num / 8
-
-        &jz(&label("aw_finish"));
-
-        &set_label("aw_loop",0);
-        for ($i=0; $i<8; $i++)
-                {
-                &comment("Round $i");
-
-                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
-                }
-
-        &comment("");
-        &add($a,32);
-         &add($b,32);
-        &add($r,32);
-         &sub($num,8);
-        &jnz(&label("aw_loop"));
-
-        &set_label("aw_finish",0);
-        &mov($num,&wparam(3));  # get num
-        &and($num,7);
-         &jz(&label("aw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                 &dec($num) if ($i != 6);
-                &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
-                 &jz(&label("aw_end")) if ($i != 6);
-                }
-        &set_label("aw_end",0);
-
-#       &mov("eax",$c);         # $c is "eax"
-
-        &function_end($name);
-        }
-
-sub bn_sub_part_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $a="esi";
-        $b="edi";
-        $c="eax";
-        $r="ebx";
-        $tmp1="ecx";
-        $tmp2="edx";
-        $num="ebp";
-
-        &mov($r,&wparam(0));    # get r
-         &mov($a,&wparam(1));   # get a
-        &mov($b,&wparam(2));    # get b
-         &mov($num,&wparam(3)); # get num
-        &xor($c,$c);            # clear carry
-         &and($num,0xfffffff8); # num / 8
-
-        &jz(&label("aw_finish"));
-
-        &set_label("aw_loop",0);
-        for ($i=0; $i<8; $i++)
-                {
-                &comment("Round $i");
-
-                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
-                }
-
-        &comment("");
-        &add($a,32);
-         &add($b,32);
-        &add($r,32);
-         &sub($num,8);
-        &jnz(&label("aw_loop"));
-
-        &set_label("aw_finish",0);
-        &mov($num,&wparam(3));  # get num
-        &and($num,7);
-         &jz(&label("aw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov($tmp1,&DWP(0,$a,"",0));    # *a
-                 &mov($tmp2,&DWP(0,$b,"",0));# *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                &mov(&DWP(0,$r,"",0),$tmp1);    # *r
-                &add($a, 4);
-                &add($b, 4);
-                &add($r, 4);
-                 &dec($num) if ($i != 6);
-                 &jz(&label("aw_end")) if ($i != 6);
-                }
-        &set_label("aw_end",0);
-
-        &cmp(&wparam(4),0);
-        &je(&label("pw_end"));
-
-        &mov($num,&wparam(4));  # get dl
-        &cmp($num,0);
-        &je(&label("pw_end"));
-        &jge(&label("pw_pos"));
-
-        &comment("pw_neg");
-        &mov($tmp2,0);
-        &sub($tmp2,$num);
-        &mov($num,$tmp2);
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("pw_neg_finish"));
-
-        &set_label("pw_neg_loop",0);
-        for ($i=0; $i<8; $i++)
-        {
-            &comment("dl<0 Round $i");
-
-            &mov($tmp1,0);
-            &mov($tmp2,&DWP($i*4,$b,"",0));     # *b
-            &sub($tmp1,$c);
-            &mov($c,0);
-            &adc($c,$c);
-            &sub($tmp1,$tmp2);
-            &adc($c,0);
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-        }
-            
-        &comment("");
-        &add($b,32);
-        &add($r,32);
-        &sub($num,8);
-        &jnz(&label("pw_neg_loop"));
-            
-        &set_label("pw_neg_finish",0);
-        &mov($tmp2,&wparam(4)); # get dl
-        &mov($num,0);
-        &sub($num,$tmp2);
-        &and($num,7);
-        &jz(&label("pw_end"));
-            
-        for ($i=0; $i<7; $i++)
-        {
-            &comment("dl<0 Tail Round $i");
-            &mov($tmp1,0);
-            &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-            &sub($tmp1,$c);
-            &mov($c,0);
-            &adc($c,$c);
-            &sub($tmp1,$tmp2);
-            &adc($c,0);
-            &dec($num) if ($i != 6);
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-            &jz(&label("pw_end")) if ($i != 6);
-        }
-
-        &jmp(&label("pw_end"));
-        
-        &set_label("pw_pos",0);
-        
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("pw_pos_finish"));
-
-        &set_label("pw_pos_loop",0);
-
-        for ($i=0; $i<8; $i++)
-        {
-            &comment("dl>0 Round $i");
-
-            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
-            &sub($tmp1,$c);
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-            &jnc(&label("pw_nc".$i));
-        }
-            
-        &comment("");
-        &add($a,32);
-        &add($r,32);
-        &sub($num,8);
-        &jnz(&label("pw_pos_loop"));
-            
-        &set_label("pw_pos_finish",0);
-        &mov($num,&wparam(4));  # get dl
-        &and($num,7);
-        &jz(&label("pw_end"));
-            
-        for ($i=0; $i<7; $i++)
-        {
-            &comment("dl>0 Tail Round $i");
-            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
-            &sub($tmp1,$c);
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-            &jnc(&label("pw_tail_nc".$i));
-            &dec($num) if ($i != 6);
-            &jz(&label("pw_end")) if ($i != 6);
-        }
-        &mov($c,1);
-        &jmp(&label("pw_end"));
-
-        &set_label("pw_nc_loop",0);
-        for ($i=0; $i<8; $i++)
-        {
-            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-            &set_label("pw_nc".$i,0);
-        }
-            
-        &comment("");
-        &add($a,32);
-        &add($r,32);
-        &sub($num,8);
-        &jnz(&label("pw_nc_loop"));
-            
-        &mov($num,&wparam(4));  # get dl
-        &and($num,7);
-        &jz(&label("pw_nc_end"));
-            
-        for ($i=0; $i<7; $i++)
-        {
-            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
-            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
-            &set_label("pw_tail_nc".$i,0);
-            &dec($num) if ($i != 6);
-            &jz(&label("pw_nc_end")) if ($i != 6);
-        }
-
-        &set_label("pw_nc_end",0);
-        &mov($c,0);
-
-        &set_label("pw_end",0);
-
-#       &mov("eax",$c);         # $c is "eax"
-
-        &function_end($name);
-        }
-
diff --git a/src/lib/libcrypto/bn/asm/co-586.pl b/src/lib/libcrypto/bn/asm/co-586.pl
deleted file mode 100644
index 5d962cb957..0000000000
--- a/src/lib/libcrypto/bn/asm/co-586.pl
+++ /dev/null
@@ -1,286 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-&bn_mul_comba("bn_mul_comba8",8);
-&bn_mul_comba("bn_mul_comba4",4);
-&bn_sqr_comba("bn_sqr_comba8",8);
-&bn_sqr_comba("bn_sqr_comba4",4);
-
-&asm_finish();
-
-sub mul_add_c
-        {
-        local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("mul a[$ai]*b[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$b,"",0));
-
-        &mul("edx");
-        &add($c0,"eax");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # laod next a
-         &mov("eax",&wparam(0)) if $pos > 0;                    # load r[]
-         ###
-        &adc($c1,"edx");
-         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;        # laod next b
-         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;        # laod next b
-         ###
-        &adc($c2,0);
-         # is pos > 1, it means it is the last loop 
-         &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;           # save r[];
-        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # laod next a
-        }
-
-sub sqr_add_c
-        {
-        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("sqr a[$ai]*a[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$b,"",0));
-
-        if ($ai == $bi)
-                { &mul("eax");}
-        else
-                { &mul("edx");}
-        &add($c0,"eax");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
-         ###
-        &adc($c1,"edx");
-         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
-         ###
-        &adc($c2,0);
-         # is pos > 1, it means it is the last loop 
-         &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;              # save r[];
-        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # load next b
-        }
-
-sub sqr_add_c2
-        {
-        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("sqr a[$ai]*a[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$a,"",0));
-
-        if ($ai == $bi)
-                { &mul("eax");}
-        else
-                { &mul("edx");}
-        &add("eax","eax");
-         ###
-        &adc("edx","edx");
-         ###
-        &adc($c2,0);
-         &add($c0,"eax");
-        &adc($c1,"edx");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;        # load next b
-        &adc($c2,0);
-        &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;               # save r[];
-         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
-         ###
-        }
-
-sub bn_mul_comba
-        {
-        local($name,$num)=@_;
-        local($a,$b,$c0,$c1,$c2);
-        local($i,$as,$ae,$bs,$be,$ai,$bi);
-        local($tot,$end);
-
-        &function_begin_B($name,"");
-
-        $c0="ebx";
-        $c1="ecx";
-        $c2="ebp";
-        $a="esi";
-        $b="edi";
-        
-        $as=0;
-        $ae=0;
-        $bs=0;
-        $be=0;
-        $tot=$num+$num-1;
-
-        &push("esi");
-         &mov($a,&wparam(1));
-        &push("edi");
-         &mov($b,&wparam(2));
-        &push("ebp");
-         &push("ebx");
-
-        &xor($c0,$c0);
-         &mov("eax",&DWP(0,$a,"",0));   # load the first word 
-        &xor($c1,$c1);
-         &mov("edx",&DWP(0,$b,"",0));   # load the first second 
-
-        for ($i=0; $i<$tot; $i++)
-                {
-                $ai=$as;
-                $bi=$bs;
-                $end=$be+1;
-
-                &comment("################## Calculate word $i"); 
-
-                for ($j=$bs; $j<$end; $j++)
-                        {
-                        &xor($c2,$c2) if ($j == $bs);
-                        if (($j+1) == $end)
-                                {
-                                $v=1;
-                                $v=2 if (($i+1) == $tot);
-                                }
-                        else
-                                { $v=0; }
-                        if (($j+1) != $end)
-                                {
-                                $na=($ai-1);
-                                $nb=($bi+1);
-                                }
-                        else
-                                {
-                                $na=$as+($i < ($num-1));
-                                $nb=$bs+($i >= ($num-1));
-                                }
-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
-                        &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
-                        if ($v)
-                                {
-                                &comment("saved r[$i]");
-                                # &mov("eax",&wparam(0));
-                                # &mov(&DWP($i*4,"eax","",0),$c0);
-                                ($c0,$c1,$c2)=($c1,$c2,$c0);
-                                }
-                        $ai--;
-                        $bi++;
-                        }
-                $as++ if ($i < ($num-1));
-                $ae++ if ($i >= ($num-1));
-
-                $bs++ if ($i >= ($num-1));
-                $be++ if ($i < ($num-1));
-                }
-        &comment("save r[$i]");
-        # &mov("eax",&wparam(0));
-        &mov(&DWP($i*4,"eax","",0),$c0);
-
-        &pop("ebx");
-        &pop("ebp");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-        &function_end_B($name);
-        }
-
-sub bn_sqr_comba
-        {
-        local($name,$num)=@_;
-        local($r,$a,$c0,$c1,$c2)=@_;
-        local($i,$as,$ae,$bs,$be,$ai,$bi);
-        local($b,$tot,$end,$half);
-
-        &function_begin_B($name,"");
-
-        $c0="ebx";
-        $c1="ecx";
-        $c2="ebp";
-        $a="esi";
-        $r="edi";
-
-        &push("esi");
-         &push("edi");
-        &push("ebp");
-         &push("ebx");
-        &mov($r,&wparam(0));
-         &mov($a,&wparam(1));
-        &xor($c0,$c0);
-         &xor($c1,$c1);
-        &mov("eax",&DWP(0,$a,"",0)); # load the first word
-
-        $as=0;
-        $ae=0;
-        $bs=0;
-        $be=0;
-        $tot=$num+$num-1;
-
-        for ($i=0; $i<$tot; $i++)
-                {
-                $ai=$as;
-                $bi=$bs;
-                $end=$be+1;
-
-                &comment("############### Calculate word $i");
-                for ($j=$bs; $j<$end; $j++)
-                        {
-                        &xor($c2,$c2) if ($j == $bs);
-                        if (($ai-1) < ($bi+1))
-                                {
-                                $v=1;
-                                $v=2 if ($i+1) == $tot;
-                                }
-                        else
-                                { $v=0; }
-                        if (!$v)
-                                {
-                                $na=$ai-1;
-                                $nb=$bi+1;
-                                }
-                        else
-                                {
-                                $na=$as+($i < ($num-1));
-                                $nb=$bs+($i >= ($num-1));
-                                }
-                        if ($ai == $bi)
-                                {
-                                &sqr_add_c($r,$a,$ai,$bi,
-                                        $c0,$c1,$c2,$v,$i,$na,$nb);
-                                }
-                        else
-                                {
-                                &sqr_add_c2($r,$a,$ai,$bi,
-                                        $c0,$c1,$c2,$v,$i,$na,$nb);
-                                }
-                        if ($v)
-                                {
-                                &comment("saved r[$i]");
-                                #&mov(&DWP($i*4,$r,"",0),$c0);
-                                ($c0,$c1,$c2)=($c1,$c2,$c0);
-                                last;
-                                }
-                        $ai--;
-                        $bi++;
-                        }
-                $as++ if ($i < ($num-1));
-                $ae++ if ($i >= ($num-1));
-
-                $bs++ if ($i >= ($num-1));
-                $be++ if ($i < ($num-1));
-                }
-        &mov(&DWP($i*4,$r,"",0),$c0);
-        &pop("ebx");
-        &pop("ebp");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-        &function_end_B($name);
-        }
diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S
deleted file mode 100644
index 7b82b820e6..0000000000
--- a/src/lib/libcrypto/bn/asm/ia64.S
+++ /dev/null
@@ -1,1560 +0,0 @@
-.explicit
-.text
-.ident  "ia64.S, Version 2.1"
-.ident  "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-//
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project.
-//
-// Rights for redistribution and usage in source and binary forms are
-// granted according to the OpenSSL license. Warranty of any kind is
-// disclaimed.
-// ====================================================================
-//
-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
-// different from Itanium to this module viewpoint. Most notably, is it
-// "wider" than Itanium? Can you experience loop scalability as
-// discussed in commentary sections? Not really:-( Itanium2 has 6
-// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
-// spin twice as fast, as I need 8 IALU ports. Amount of floating point
-// ports is the same, i.e. 2, while I need 4. In other words, to this
-// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
-// essentially different in respect to this module, and a re-tune was
-// required. Well, because some intruction latencies has changed. Most
-// noticeably those intensively used:
-//
-//                      Itanium Itanium2
-//      ldf8            9       6               L2 hit
-//      ld8             2       1               L1 hit
-//      getf            2       5
-//      xma[->getf]     7[+1]   4[+0]
-//      add[->st8]      1[+1]   1[+0]
-//
-// What does it mean? You might ratiocinate that the original code
-// should run just faster... Because sum of latencies is smaller...
-// Wrong! Note that getf latency increased. This means that if a loop is
-// scheduled for lower latency (as they were), then it will suffer from
-// stall condition and the code will therefore turn anti-scalable, e.g.
-// original bn_mul_words spun at 5*n or 2.5 times slower than expected
-// on Itanium2! What to do? Reschedule loops for Itanium2? But then
-// Itanium would exhibit anti-scalability. So I've chosen to reschedule
-// for worst latency for every instruction aiming for best *all-round*
-// performance.  
-
-// Q.   How much faster does it get?
-// A.   Here is the output from 'openssl speed rsa dsa' for vanilla
-//      0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
-//      Linux 7.1 2.96-81):
-//
-//                        sign    verify    sign/s verify/s
-//      rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
-//      rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
-//      rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
-//      rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
-//                        sign    verify    sign/s verify/s
-//      dsa  512 bits   0.0035s   0.0043s    288.3    234.8
-//      dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
-//
-//      And here is similar output but for this assembler
-//      implementation:-)
-//
-//                        sign    verify    sign/s verify/s
-//      rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
-//      rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
-//      rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
-//      rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
-//                        sign    verify    sign/s verify/s
-//      dsa  512 bits   0.0012s   0.0013s    891.9    756.6
-//      dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
-//      
-//      Yes, you may argue that it's not fair comparison as it's
-//      possible to craft the C implementation with BN_UMULT_HIGH
-//      inline assembler macro. But of course! Here is the output
-//      with the macro:
-//
-//                        sign    verify    sign/s verify/s
-//      rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
-//      rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
-//      rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
-//      rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
-//                        sign    verify    sign/s verify/s
-//      dsa  512 bits   0.0016s   0.0020s    613.1    510.5
-//      dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
-//
-//      My code is still way faster, huh:-) And I believe that even
-//      higher performance can be achieved. Note that as keys get
-//      longer, performance gain is larger. Why? According to the
-//      profiler there is another player in the field, namely
-//      BN_from_montgomery consuming larger and larger portion of CPU
-//      time as keysize decreases. I therefore consider putting effort
-//      to assembler implementation of the following routine:
-//
-//      void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
-//      {
-//      int      i,j;
-//      BN_ULONG v;
-//
-//      for (i=0; i<nl; i++)
-//              {
-//              v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-//              nrp++;
-//              rp++;
-//              if (((nrp[-1]+=v)&BN_MASK2) < v)
-//                      for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
-//              }
-//      }
-//
-//      It might as well be beneficial to implement even combaX
-//      variants, as it appears as it can literally unleash the
-//      performance (see comment section to bn_mul_comba8 below).
-//
-//      And finally for your reference the output for 0.9.6a compiled
-//      with SGIcc version 0.01.0-12 (keep in mind that for the moment
-//      of this writing it's not possible to convince SGIcc to use
-//      BN_UMULT_HIGH inline assembler macro, yet the code is fast,
-//      i.e. for a compiler generated one:-):
-//
-//                        sign    verify    sign/s verify/s
-//      rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
-//      rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
-//      rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
-//      rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
-//                        sign    verify    sign/s verify/s
-//      dsa  512 bits   0.0018s   0.0022s    547.3    459.6
-//      dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
-//
-//      Oh! Benchmarks were performed on 733MHz Lion-class Itanium
-//      system running Redhat Linux 7.1 (very special thanks to Ray
-//      McCaffity of Williams Communications for providing an account).
-//
-// Q.   What's the heck with 'rum 1<<5' at the end of every function?
-// A.   Well, by clearing the "upper FP registers written" bit of the
-//      User Mask I want to excuse the kernel from preserving upper
-//      (f32-f128) FP register bank over process context switch, thus
-//      minimizing bus bandwidth consumption during the switch (i.e.
-//      after PKI opration completes and the program is off doing
-//      something else like bulk symmetric encryption). Having said
-//      this, I also want to point out that it might be good idea
-//      to compile the whole toolkit (as well as majority of the
-//      programs for that matter) with -mfixed-range=f32-f127 command
-//      line option. No, it doesn't prevent the compiler from writing
-//      to upper bank, but at least discourages to do so. If you don't
-//      like the idea you have the option to compile the module with
-//      -Drum=nop.m in command line.
-//
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define ADDP    addp4
-#else
-#define ADDP    add
-#endif
-
-#if 1
-//
-// bn_[add|sub]_words routines.
-//
-// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
-// data reside in L1 cache, i.e. 2 ticks away). It's possible to
-// compress the epilogue and get down to 2*n+6, but at the cost of
-// scalability (the neat feature of this implementation is that it
-// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
-// I consider that the epilogue is short enough as it is to trade tiny
-// performance loss on Itanium for scalability.
-//
-// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global bn_add_words#
-.proc   bn_add_words#
-.align  64
-.skip   32      // makes the loop body aligned at 64-byte boundary
-bn_add_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-{ .mii; alloc           r2=ar.pfs,4,12,0,16
-        cmp4.le         p6,p0=r35,r0    };;
-{ .mfb; mov             r8=r0                   // return value
-(p6)    br.ret.spnt.many        b0      };;
-
-        .save   ar.lc,r3
-{ .mib; sub             r10=r35,r0,1
-        mov             r3=ar.lc
-        brp.loop.imp    .L_bn_add_words_ctop,.L_bn_add_words_cend-16
-                                        }
-        .body
-{ .mib; ADDP            r14=0,r32               // rp
-        mov             r9=pr           };;
-{ .mii; ADDP            r15=0,r33               // ap
-        mov             ar.lc=r10
-        mov             ar.ec=6         }
-{ .mib; ADDP            r16=0,r34               // bp
-        mov             pr.rot=1<<16    };;
-
-.L_bn_add_words_ctop:
-{ .mii; (p16)   ld8             r32=[r16],8       // b=*(bp++)
-        (p18)   add             r39=r37,r34
-        (p19)   cmp.ltu.unc     p56,p0=r40,r38  }
-{ .mfb; (p0)    nop.m           0x0
-        (p0)    nop.f           0x0
-        (p0)    nop.b           0x0             }
-{ .mii; (p16)   ld8             r35=[r15],8       // a=*(ap++)
-        (p58)   cmp.eq.or       p57,p0=-1,r41     // (p20)
-        (p58)   add             r41=1,r41       } // (p20)
-{ .mfb; (p21)   st8             [r14]=r42,8       // *(rp++)=r
-        (p0)    nop.f           0x0
-        br.ctop.sptk    .L_bn_add_words_ctop    };;
-.L_bn_add_words_cend:
-
-{ .mii;
-(p59)   add             r8=1,r8         // return value
-        mov             pr=r9,0x1ffff
-        mov             ar.lc=r3        }
-{ .mbb; nop.b           0x0
-        br.ret.sptk.many        b0      };;
-.endp   bn_add_words#
-
-//
-// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global bn_sub_words#
-.proc   bn_sub_words#
-.align  64
-.skip   32      // makes the loop body aligned at 64-byte boundary
-bn_sub_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-{ .mii; alloc           r2=ar.pfs,4,12,0,16
-        cmp4.le         p6,p0=r35,r0    };;
-{ .mfb; mov             r8=r0                   // return value
-(p6)    br.ret.spnt.many        b0      };;
-
-        .save   ar.lc,r3
-{ .mib; sub             r10=r35,r0,1
-        mov             r3=ar.lc
-        brp.loop.imp    .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
-                                        }
-        .body
-{ .mib; ADDP            r14=0,r32               // rp
-        mov             r9=pr           };;
-{ .mii; ADDP            r15=0,r33               // ap
-        mov             ar.lc=r10
-        mov             ar.ec=6         }
-{ .mib; ADDP            r16=0,r34               // bp
-        mov             pr.rot=1<<16    };;
-
-.L_bn_sub_words_ctop:
-{ .mii; (p16)   ld8             r32=[r16],8       // b=*(bp++)
-        (p18)   sub             r39=r37,r34
-        (p19)   cmp.gtu.unc     p56,p0=r40,r38  }
-{ .mfb; (p0)    nop.m           0x0
-        (p0)    nop.f           0x0
-        (p0)    nop.b           0x0             }
-{ .mii; (p16)   ld8             r35=[r15],8       // a=*(ap++)
-        (p58)   cmp.eq.or       p57,p0=0,r41      // (p20)
-        (p58)   add             r41=-1,r41      } // (p20)
-{ .mbb; (p21)   st8             [r14]=r42,8       // *(rp++)=r
-        (p0)    nop.b           0x0
-        br.ctop.sptk    .L_bn_sub_words_ctop    };;
-.L_bn_sub_words_cend:
-
-{ .mii;
-(p59)   add             r8=1,r8         // return value
-        mov             pr=r9,0x1ffff
-        mov             ar.lc=r3        }
-{ .mbb; nop.b           0x0
-        br.ret.sptk.many        b0      };;
-.endp   bn_sub_words#
-#endif
-
-#if 0
-#define XMA_TEMPTATION
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global bn_mul_words#
-.proc   bn_mul_words#
-.align  64
-.skip   32      // makes the loop body aligned at 64-byte boundary
-bn_mul_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-#ifdef XMA_TEMPTATION
-{ .mfi; alloc           r2=ar.pfs,4,0,0,0       };;
-#else
-{ .mfi; alloc           r2=ar.pfs,4,12,0,16     };;
-#endif
-{ .mib; mov             r8=r0                   // return value
-        cmp4.le         p6,p0=r34,r0
-(p6)    br.ret.spnt.many        b0              };;
-
-        .save   ar.lc,r3
-{ .mii; sub     r10=r34,r0,1
-        mov     r3=ar.lc
-        mov     r9=pr                   };;
-
-        .body
-{ .mib; setf.sig        f8=r35  // w
-        mov             pr.rot=0x800001<<16
-                        // ------^----- serves as (p50) at first (p27)
-        brp.loop.imp    .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
-                                        }
-
-#ifndef XMA_TEMPTATION
-
-{ .mmi; ADDP            r14=0,r32       // rp
-        ADDP            r15=0,r33       // ap
-        mov             ar.lc=r10       }
-{ .mmi; mov             r40=0           // serves as r35 at first (p27)
-        mov             ar.ec=13        };;
-
-// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
-// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
-// bypass L1 cache and L2 latency is actually best-case scenario for
-// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
-// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
-// would give us ~5% in *overall* performance improvement on "wider"
-// IA-64, but would hurt Itanium for about same because of longer
-// epilogue. As it's a matter of few percents in either case I've
-// chosen to trade the scalability for development time (you can see
-// this very instruction sequence in bn_mul_add_words loop which in
-// turn is scalable).
-.L_bn_mul_words_ctop:
-{ .mfi; (p25)   getf.sig        r36=f52                 // low
-        (p21)   xmpy.lu         f48=f37,f8
-        (p28)   cmp.ltu         p54,p50=r41,r39 }
-{ .mfi; (p16)   ldf8            f32=[r15],8
-        (p21)   xmpy.hu         f40=f37,f8
-        (p0)    nop.i           0x0             };;
-{ .mii; (p25)   getf.sig        r32=f44                 // high
-        .pred.rel       "mutex",p50,p54
-        (p50)   add             r40=r38,r35             // (p27)
-        (p54)   add             r40=r38,r35,1   }       // (p27)
-{ .mfb; (p28)   st8             [r14]=r41,8
-        (p0)    nop.f           0x0
-        br.ctop.sptk    .L_bn_mul_words_ctop    };;
-.L_bn_mul_words_cend:
-
-{ .mii; nop.m           0x0
-.pred.rel       "mutex",p51,p55
-(p51)   add             r8=r36,r0
-(p55)   add             r8=r36,r0,1     }
-{ .mfb; nop.m   0x0
-        nop.f   0x0
-        nop.b   0x0                     }
-
-#else   // XMA_TEMPTATION
-
-        setf.sig        f37=r0  // serves as carry at (p18) tick
-        mov             ar.lc=r10
-        mov             ar.ec=5;;
-
-// Most of you examining this code very likely wonder why in the name
-// of Intel the following loop is commented out? Indeed, it looks so
-// neat that you find it hard to believe that it's something wrong
-// with it, right? The catch is that every iteration depends on the
-// result from previous one and the latter isn't available instantly.
-// The loop therefore spins at the latency of xma minus 1, or in other
-// words at 6*(n+4) ticks:-( Compare to the "production" loop above
-// that runs in 2*(n+11) where the low latency problem is worked around
-// by moving the dependency to one-tick latent interger ALU. Note that
-// "distance" between ldf8 and xma is not latency of ldf8, but the
-// *difference* between xma and ldf8 latencies.
-.L_bn_mul_words_ctop:
-{ .mfi; (p16)   ldf8            f32=[r33],8
-        (p18)   xma.hu          f38=f34,f8,f39  }
-{ .mfb; (p20)   stf8            [r32]=f37,8
-        (p18)   xma.lu          f35=f34,f8,f39
-        br.ctop.sptk    .L_bn_mul_words_ctop    };;
-.L_bn_mul_words_cend:
-
-        getf.sig        r8=f41          // the return value
-
-#endif  // XMA_TEMPTATION
-
-{ .mii; nop.m           0x0
-        mov             pr=r9,0x1ffff
-        mov             ar.lc=r3        }
-{ .mfb; rum             1<<5            // clear um.mfh
-        nop.f           0x0
-        br.ret.sptk.many        b0      };;
-.endp   bn_mul_words#
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global bn_mul_add_words#
-.proc   bn_mul_add_words#
-.align  64
-.skip   48      // makes the loop body aligned at 64-byte boundary
-bn_mul_add_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-        .save   ar.lc,r3
-        .save   pr,r9
-{ .mmi; alloc           r2=ar.pfs,4,4,0,8
-        cmp4.le         p6,p0=r34,r0
-        mov             r3=ar.lc        };;
-{ .mib; mov             r8=r0           // return value
-        sub             r10=r34,r0,1
-(p6)    br.ret.spnt.many        b0      };;
-
-        .body
-{ .mib; setf.sig        f8=r35          // w
-        mov             r9=pr
-        brp.loop.imp    .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
-                                        }
-{ .mmi; ADDP            r14=0,r32       // rp
-        ADDP            r15=0,r33       // ap
-        mov             ar.lc=r10       }
-{ .mii; ADDP            r16=0,r32       // rp copy
-        mov             pr.rot=0x2001<<16
-                        // ------^----- serves as (p40) at first (p27)
-        mov             ar.ec=11        };;
-
-// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
-// Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was peforming *all* additions in IALU and was starving
-// for those even on Itanium 2. In this version one addition is
-// moved to FPU and is folded with multiplication. This is at cost
-// of propogating the result from previous call to this subroutine
-// to L2 cache... In other words negligible even for shorter keys.
-// *Overall* performance improvement [over previous version] varies
-// from 11 to 22 percent depending on key length.
-.L_bn_mul_add_words_ctop:
-.pred.rel       "mutex",p40,p42
-{ .mfi; (p23)   getf.sig        r36=f45                 // low
-        (p20)   xma.lu          f42=f36,f8,f50          // low
-        (p40)   add             r39=r39,r35     }       // (p27)
-{ .mfi; (p16)   ldf8            f32=[r15],8             // *(ap++)
-        (p20)   xma.hu          f36=f36,f8,f50          // high
-        (p42)   add             r39=r39,r35,1   };;     // (p27)
-{ .mmi; (p24)   getf.sig        r32=f40                 // high
-        (p16)   ldf8            f46=[r16],8             // *(rp1++)
-        (p40)   cmp.ltu         p41,p39=r39,r35 }       // (p27)
-{ .mib; (p26)   st8             [r14]=r39,8             // *(rp2++)
-        (p42)   cmp.leu         p41,p39=r39,r35         // (p27)
-        br.ctop.sptk    .L_bn_mul_add_words_ctop};;
-.L_bn_mul_add_words_cend:
-
-{ .mmi; .pred.rel       "mutex",p40,p42
-(p40)   add             r8=r35,r0
-(p42)   add             r8=r35,r0,1
-        mov             pr=r9,0x1ffff   }
-{ .mib; rum             1<<5            // clear um.mfh
-        mov             ar.lc=r3
-        br.ret.sptk.many        b0      };;
-.endp   bn_mul_add_words#
-#endif
-
-#if 1
-//
-// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-//
-.global bn_sqr_words#
-.proc   bn_sqr_words#
-.align  64
-.skip   32      // makes the loop body aligned at 64-byte boundary 
-bn_sqr_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-{ .mii; alloc           r2=ar.pfs,3,0,0,0
-        sxt4            r34=r34         };;
-{ .mii; cmp.le          p6,p0=r34,r0
-        mov             r8=r0           }       // return value
-{ .mfb; ADDP            r32=0,r32
-        nop.f           0x0
-(p6)    br.ret.spnt.many        b0      };;
-
-        .save   ar.lc,r3
-{ .mii; sub     r10=r34,r0,1
-        mov     r3=ar.lc
-        mov     r9=pr                   };;
-
-        .body
-{ .mib; ADDP            r33=0,r33
-        mov             pr.rot=1<<16
-        brp.loop.imp    .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
-                                        }
-{ .mii; add             r34=8,r32
-        mov             ar.lc=r10
-        mov             ar.ec=18        };;
-
-// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
-// possible to compress the epilogue (I'm getting tired to write this
-// comment over and over) and get down to 2*n+16 at the cost of
-// scalability. The decision will very likely be reconsidered after the
-// benchmark program is profiled. I.e. if perfomance gain on Itanium
-// will appear larger than loss on "wider" IA-64, then the loop should
-// be explicitely split and the epilogue compressed.
-.L_bn_sqr_words_ctop:
-{ .mfi; (p16)   ldf8            f32=[r33],8
-        (p25)   xmpy.lu         f42=f41,f41
-        (p0)    nop.i           0x0             }
-{ .mib; (p33)   stf8            [r32]=f50,16
-        (p0)    nop.i           0x0
-        (p0)    nop.b           0x0             }
-{ .mfi; (p0)    nop.m           0x0
-        (p25)   xmpy.hu         f52=f41,f41
-        (p0)    nop.i           0x0             }
-{ .mib; (p33)   stf8            [r34]=f60,16
-        (p0)    nop.i           0x0
-        br.ctop.sptk    .L_bn_sqr_words_ctop    };;
-.L_bn_sqr_words_cend:
-
-{ .mii; nop.m           0x0
-        mov             pr=r9,0x1ffff
-        mov             ar.lc=r3        }
-{ .mfb; rum             1<<5            // clear um.mfh
-        nop.f           0x0
-        br.ret.sptk.many        b0      };;
-.endp   bn_sqr_words#
-#endif
-
-#if 1
-// Apparently we win nothing by implementing special bn_sqr_comba8.
-// Yes, it is possible to reduce the number of multiplications by
-// almost factor of two, but then the amount of additions would
-// increase by factor of two (as we would have to perform those
-// otherwise performed by xma ourselves). Normally we would trade
-// anyway as multiplications are way more expensive, but not this
-// time... Multiplication kernel is fully pipelined and as we drain
-// one 128-bit multiplication result per clock cycle multiplications
-// are effectively as inexpensive as additions. Special implementation
-// might become of interest for "wider" IA-64 implementation as you'll
-// be able to get through the multiplication phase faster (there won't
-// be any stall issues as discussed in the commentary section below and
-// you therefore will be able to employ all 4 FP units)... But these
-// Itanium days it's simply too hard to justify the effort so I just
-// drop down to bn_mul_comba8 code:-)
-//
-// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-//
-.global bn_sqr_comba8#
-.proc   bn_sqr_comba8#
-.align  64
-bn_sqr_comba8:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii; alloc   r2=ar.pfs,2,1,0,0
-        addp4   r33=0,r33
-        addp4   r32=0,r32               };;
-{ .mii;
-#else
-{ .mii; alloc   r2=ar.pfs,2,1,0,0
-#endif
-        mov     r34=r33
-        add     r14=8,r33               };;
-        .body
-{ .mii; add     r17=8,r34
-        add     r15=16,r33
-        add     r18=16,r34              }
-{ .mfb; add     r16=24,r33
-        br      .L_cheat_entry_point8   };;
-.endp   bn_sqr_comba8#
-#endif
-
-#if 1
-// I've estimated this routine to run in ~120 ticks, but in reality
-// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
-// cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium µ-architecture manual? Comments are welcomed and
-// highly appreciated.
-//
-// On Itanium 2 it takes ~190 ticks. This is because of stalls on
-// result from getf.sig. I do nothing about it at this point for
-// reasons depicted below.
-//
-// However! It should be noted that even 160 ticks is darn good result
-// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
-// C version (compiled with gcc with inline assembler). I really
-// kicked compiler's butt here, didn't I? Yeah! This brings us to the
-// following statement. It's damn shame that this routine isn't called
-// very often nowadays! According to the profiler most CPU time is
-// consumed by bn_mul_add_words called from BN_from_montgomery. In
-// order to estimate what we're missing, I've compared the performance
-// of this routine against "traditional" implementation, i.e. against
-// following routine:
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-// {    r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-//      r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-//      r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-//      r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-//      r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-//      r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-//      r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-//      r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-// }
-//
-// The one below is over 8 times faster than the one above:-( Even
-// more reasons to "combafy" bn_mul_add_mont...
-//
-// And yes, this routine really made me wish there were an optimizing
-// assembler! It also feels like it deserves a dedication.
-//
-//      To my wife for being there and to my kids...
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define carry1  r14
-#define carry2  r15
-#define carry3  r34
-.global bn_mul_comba8#
-.proc   bn_mul_comba8#
-.align  64
-bn_mul_comba8:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii; alloc   r2=ar.pfs,3,0,0,0
-        addp4   r33=0,r33
-        addp4   r34=0,r34               };;
-{ .mii; addp4   r32=0,r32
-#else
-{ .mii; alloc   r2=ar.pfs,3,0,0,0
-#endif
-        add     r14=8,r33
-        add     r17=8,r34               }
-        .body
-{ .mii; add     r15=16,r33
-        add     r18=16,r34
-        add     r16=24,r33              }
-.L_cheat_entry_point8:
-{ .mmi; add     r19=24,r34
-
-        ldf8    f32=[r33],32            };;
-
-{ .mmi; ldf8    f120=[r34],32
-        ldf8    f121=[r17],32           }
-{ .mmi; ldf8    f122=[r18],32
-        ldf8    f123=[r19],32           };;
-{ .mmi; ldf8    f124=[r34]
-        ldf8    f125=[r17]              }
-{ .mmi; ldf8    f126=[r18]
-        ldf8    f127=[r19]              }
-
-{ .mmi; ldf8    f33=[r14],32
-        ldf8    f34=[r15],32            }
-{ .mmi; ldf8    f35=[r16],32;;
-        ldf8    f36=[r33]               }
-{ .mmi; ldf8    f37=[r14]
-        ldf8    f38=[r15]               }
-{ .mfi; ldf8    f39=[r16]
-// -------\ Entering multiplier's heaven /-------
-// ------------\                    /------------
-// -----------------\          /-----------------
-// ----------------------\/----------------------
-                xma.hu  f41=f32,f120,f0         }
-{ .mfi;         xma.lu  f40=f32,f120,f0         };; // (*)
-{ .mfi;         xma.hu  f51=f32,f121,f0         }
-{ .mfi;         xma.lu  f50=f32,f121,f0         };;
-{ .mfi;         xma.hu  f61=f32,f122,f0         }
-{ .mfi;         xma.lu  f60=f32,f122,f0         };;
-{ .mfi;         xma.hu  f71=f32,f123,f0         }
-{ .mfi;         xma.lu  f70=f32,f123,f0         };;
-{ .mfi;         xma.hu  f81=f32,f124,f0         }
-{ .mfi;         xma.lu  f80=f32,f124,f0         };;
-{ .mfi;         xma.hu  f91=f32,f125,f0         }
-{ .mfi;         xma.lu  f90=f32,f125,f0         };;
-{ .mfi;         xma.hu  f101=f32,f126,f0        }
-{ .mfi;         xma.lu  f100=f32,f126,f0        };;
-{ .mfi;         xma.hu  f111=f32,f127,f0        }
-{ .mfi;         xma.lu  f110=f32,f127,f0        };;//
-// (*)  You can argue that splitting at every second bundle would
-//      prevent "wider" IA-64 implementations from achieving the peak
-//      performance. Well, not really... The catch is that if you
-//      intend to keep 4 FP units busy by splitting at every fourth
-//      bundle and thus perform these 16 multiplications in 4 ticks,
-//      the first bundle *below* would stall because the result from
-//      the first xma bundle *above* won't be available for another 3
-//      ticks (if not more, being an optimist, I assume that "wider"
-//      implementation will have same latency:-). This stall will hold
-//      you back and the performance would be as if every second bundle
-//      were split *anyway*...
-{ .mfi; getf.sig        r16=f40
-                xma.hu  f42=f33,f120,f41
-        add             r33=8,r32               }
-{ .mfi;         xma.lu  f41=f33,f120,f41        };;
-{ .mfi; getf.sig        r24=f50
-                xma.hu  f52=f33,f121,f51        }
-{ .mfi;         xma.lu  f51=f33,f121,f51        };;
-{ .mfi; st8             [r32]=r16,16
-                xma.hu  f62=f33,f122,f61        }
-{ .mfi;         xma.lu  f61=f33,f122,f61        };;
-{ .mfi;         xma.hu  f72=f33,f123,f71        }
-{ .mfi;         xma.lu  f71=f33,f123,f71        };;
-{ .mfi;         xma.hu  f82=f33,f124,f81        }
-{ .mfi;         xma.lu  f81=f33,f124,f81        };;
-{ .mfi;         xma.hu  f92=f33,f125,f91        }
-{ .mfi;         xma.lu  f91=f33,f125,f91        };;
-{ .mfi;         xma.hu  f102=f33,f126,f101      }
-{ .mfi;         xma.lu  f101=f33,f126,f101      };;
-{ .mfi;         xma.hu  f112=f33,f127,f111      }
-{ .mfi;         xma.lu  f111=f33,f127,f111      };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r25=f41
-                xma.hu  f43=f34,f120,f42        }
-{ .mfi;         xma.lu  f42=f34,f120,f42        };;
-{ .mfi; getf.sig        r16=f60
-                xma.hu  f53=f34,f121,f52        }
-{ .mfi;         xma.lu  f52=f34,f121,f52        };;
-{ .mfi; getf.sig        r17=f51
-                xma.hu  f63=f34,f122,f62
-        add             r25=r25,r24             }
-{ .mfi;         xma.lu  f62=f34,f122,f62
-        mov             carry1=0                };;
-{ .mfi; cmp.ltu         p6,p0=r25,r24
-                xma.hu  f73=f34,f123,f72        }
-{ .mfi;         xma.lu  f72=f34,f123,f72        };;
-{ .mfi; st8             [r33]=r25,16
-                xma.hu  f83=f34,f124,f82
-(p6)    add             carry1=1,carry1         }
-{ .mfi;         xma.lu  f82=f34,f124,f82        };;
-{ .mfi;         xma.hu  f93=f34,f125,f92        }
-{ .mfi;         xma.lu  f92=f34,f125,f92        };;
-{ .mfi;         xma.hu  f103=f34,f126,f102      }
-{ .mfi;         xma.lu  f102=f34,f126,f102      };;
-{ .mfi;         xma.hu  f113=f34,f127,f112      }
-{ .mfi;         xma.lu  f112=f34,f127,f112      };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r18=f42
-                xma.hu  f44=f35,f120,f43
-        add             r17=r17,r16             }
-{ .mfi;         xma.lu  f43=f35,f120,f43        };;
-{ .mfi; getf.sig        r24=f70
-                xma.hu  f54=f35,f121,f53        }
-{ .mfi; mov             carry2=0
-                xma.lu  f53=f35,f121,f53        };;
-{ .mfi; getf.sig        r25=f61
-                xma.hu  f64=f35,f122,f63
-        cmp.ltu         p7,p0=r17,r16           }
-{ .mfi; add             r18=r18,r17
-                xma.lu  f63=f35,f122,f63        };;
-{ .mfi; getf.sig        r26=f52
-                xma.hu  f74=f35,f123,f73
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r18,r17
-                xma.lu  f73=f35,f123,f73
-        add             r18=r18,carry1          };;
-{ .mfi;
-                xma.hu  f84=f35,f124,f83
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r18,carry1
-                xma.lu  f83=f35,f124,f83        };;
-{ .mfi; st8             [r32]=r18,16
-                xma.hu  f94=f35,f125,f93
-(p7)    add             carry2=1,carry2         }
-{ .mfi;         xma.lu  f93=f35,f125,f93        };;
-{ .mfi;         xma.hu  f104=f35,f126,f103      }
-{ .mfi;         xma.lu  f103=f35,f126,f103      };;
-{ .mfi;         xma.hu  f114=f35,f127,f113      }
-{ .mfi; mov             carry1=0
-                xma.lu  f113=f35,f127,f113
-        add             r25=r25,r24             };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r27=f43
-                xma.hu  f45=f36,f120,f44
-        cmp.ltu         p6,p0=r25,r24           }
-{ .mfi;         xma.lu  f44=f36,f120,f44        
-        add             r26=r26,r25             };;
-{ .mfi; getf.sig        r16=f80
-                xma.hu  f55=f36,f121,f54
-(p6)    add             carry1=1,carry1         }
-{ .mfi;         xma.lu  f54=f36,f121,f54        };;
-{ .mfi; getf.sig        r17=f71
-                xma.hu  f65=f36,f122,f64
-        cmp.ltu         p6,p0=r26,r25           }
-{ .mfi;         xma.lu  f64=f36,f122,f64
-        add             r27=r27,r26             };;
-{ .mfi; getf.sig        r18=f62
-                xma.hu  f75=f36,f123,f74
-(p6)    add             carry1=1,carry1         }
-{ .mfi; cmp.ltu         p6,p0=r27,r26
-                xma.lu  f74=f36,f123,f74
-        add             r27=r27,carry2          };;
-{ .mfi; getf.sig        r19=f53
-                xma.hu  f85=f36,f124,f84
-(p6)    add             carry1=1,carry1         }
-{ .mfi;         xma.lu  f84=f36,f124,f84
-        cmp.ltu         p6,p0=r27,carry2        };;
-{ .mfi; st8             [r33]=r27,16
-                xma.hu  f95=f36,f125,f94
-(p6)    add             carry1=1,carry1         }
-{ .mfi;         xma.lu  f94=f36,f125,f94        };;
-{ .mfi;         xma.hu  f105=f36,f126,f104      }
-{ .mfi; mov             carry2=0
-                xma.lu  f104=f36,f126,f104
-        add             r17=r17,r16             };;
-{ .mfi;         xma.hu  f115=f36,f127,f114
-        cmp.ltu         p7,p0=r17,r16           }
-{ .mfi;         xma.lu  f114=f36,f127,f114
-        add             r18=r18,r17             };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r20=f44
-                xma.hu  f46=f37,f120,f45
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r18,r17
-                xma.lu  f45=f37,f120,f45
-        add             r19=r19,r18             };;
-{ .mfi; getf.sig        r24=f90
-                xma.hu  f56=f37,f121,f55        }
-{ .mfi;         xma.lu  f55=f37,f121,f55        };;
-{ .mfi; getf.sig        r25=f81
-                xma.hu  f66=f37,f122,f65
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r19,r18
-                xma.lu  f65=f37,f122,f65
-        add             r20=r20,r19             };;
-{ .mfi; getf.sig        r26=f72
-                xma.hu  f76=f37,f123,f75
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r20,r19
-                xma.lu  f75=f37,f123,f75
-        add             r20=r20,carry1          };;
-{ .mfi; getf.sig        r27=f63
-                xma.hu  f86=f37,f124,f85
-(p7)    add             carry2=1,carry2         }
-{ .mfi;         xma.lu  f85=f37,f124,f85
-        cmp.ltu         p7,p0=r20,carry1        };;
-{ .mfi; getf.sig        r28=f54
-                xma.hu  f96=f37,f125,f95
-(p7)    add             carry2=1,carry2         }
-{ .mfi; st8             [r32]=r20,16
-                xma.lu  f95=f37,f125,f95        };;
-{ .mfi;         xma.hu  f106=f37,f126,f105      }
-{ .mfi; mov             carry1=0
-                xma.lu  f105=f37,f126,f105
-        add             r25=r25,r24             };;
-{ .mfi;         xma.hu  f116=f37,f127,f115
-        cmp.ltu         p6,p0=r25,r24           }
-{ .mfi;         xma.lu  f115=f37,f127,f115
-        add             r26=r26,r25             };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r29=f45
-                xma.hu  f47=f38,f120,f46
-(p6)    add             carry1=1,carry1         }
-{ .mfi; cmp.ltu         p6,p0=r26,r25
-                xma.lu  f46=f38,f120,f46
-        add             r27=r27,r26             };;
-{ .mfi; getf.sig        r16=f100
-                xma.hu  f57=f38,f121,f56
-(p6)    add             carry1=1,carry1         }
-{ .mfi; cmp.ltu         p6,p0=r27,r26
-                xma.lu  f56=f38,f121,f56
-        add             r28=r28,r27             };;
-{ .mfi; getf.sig        r17=f91
-                xma.hu  f67=f38,f122,f66
-(p6)    add             carry1=1,carry1         }
-{ .mfi; cmp.ltu         p6,p0=r28,r27
-                xma.lu  f66=f38,f122,f66
-        add             r29=r29,r28             };;
-{ .mfi; getf.sig        r18=f82
-                xma.hu  f77=f38,f123,f76
-(p6)    add             carry1=1,carry1         }
-{ .mfi; cmp.ltu         p6,p0=r29,r28
-                xma.lu  f76=f38,f123,f76
-        add             r29=r29,carry2          };;
-{ .mfi; getf.sig        r19=f73
-                xma.hu  f87=f38,f124,f86
-(p6)    add             carry1=1,carry1         }
-{ .mfi;         xma.lu  f86=f38,f124,f86
-        cmp.ltu         p6,p0=r29,carry2        };;
-{ .mfi; getf.sig        r20=f64
-                xma.hu  f97=f38,f125,f96
-(p6)    add             carry1=1,carry1         }
-{ .mfi; st8             [r33]=r29,16
-                xma.lu  f96=f38,f125,f96        };;
-{ .mfi; getf.sig        r21=f55
-                xma.hu  f107=f38,f126,f106      }
-{ .mfi; mov             carry2=0
-                xma.lu  f106=f38,f126,f106
-        add             r17=r17,r16             };;
-{ .mfi;         xma.hu  f117=f38,f127,f116
-        cmp.ltu         p7,p0=r17,r16           }
-{ .mfi;         xma.lu  f116=f38,f127,f116
-        add             r18=r18,r17             };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r22=f46
-                xma.hu  f48=f39,f120,f47
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r18,r17
-                xma.lu  f47=f39,f120,f47
-        add             r19=r19,r18             };;
-{ .mfi; getf.sig        r24=f110
-                xma.hu  f58=f39,f121,f57
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r19,r18
-                xma.lu  f57=f39,f121,f57
-        add             r20=r20,r19             };;
-{ .mfi; getf.sig        r25=f101
-                xma.hu  f68=f39,f122,f67
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r20,r19
-                xma.lu  f67=f39,f122,f67
-        add             r21=r21,r20             };;
-{ .mfi; getf.sig        r26=f92
-                xma.hu  f78=f39,f123,f77
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r21,r20
-                xma.lu  f77=f39,f123,f77
-        add             r22=r22,r21             };;
-{ .mfi; getf.sig        r27=f83
-                xma.hu  f88=f39,f124,f87
-(p7)    add             carry2=1,carry2         }
-{ .mfi; cmp.ltu         p7,p0=r22,r21
-                xma.lu  f87=f39,f124,f87
-        add             r22=r22,carry1          };;
-{ .mfi; getf.sig        r28=f74
-                xma.hu  f98=f39,f125,f97
-(p7)    add             carry2=1,carry2         }
-{ .mfi;         xma.lu  f97=f39,f125,f97
-        cmp.ltu         p7,p0=r22,carry1        };;
-{ .mfi; getf.sig        r29=f65
-                xma.hu  f108=f39,f126,f107
-(p7)    add             carry2=1,carry2         }
-{ .mfi; st8             [r32]=r22,16
-                xma.lu  f107=f39,f126,f107      };;
-{ .mfi; getf.sig        r30=f56
-                xma.hu  f118=f39,f127,f117      }
-{ .mfi;         xma.lu  f117=f39,f127,f117      };;//
-//-------------------------------------------------//
-// Leaving muliplier's heaven... Quite a ride, huh?
-
-{ .mii; getf.sig        r31=f47
-        add             r25=r25,r24
-        mov             carry1=0                };;
-{ .mii;         getf.sig        r16=f111
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mfb;         getf.sig        r17=f102        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r27=r27,r26             };;
-{ .mfb; nop.m   0x0                             }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r27,r26
-        add             r28=r28,r27             };;
-{ .mii;         getf.sig        r18=f93
-                add             r17=r17,r16
-                mov             carry3=0        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r28,r27
-        add             r29=r29,r28             };;
-{ .mii;         getf.sig        r19=f84
-                cmp.ltu         p7,p0=r17,r16   }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r29,r28
-        add             r30=r30,r29             };;
-{ .mii;         getf.sig        r20=f75
-                add             r18=r18,r17     }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r30,r29
-        add             r31=r31,r30             };;
-{ .mfb;         getf.sig        r21=f66         }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r18,r17
-                add             r19=r19,r18     }
-{ .mfb; nop.m   0x0                             }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r31,r30
-        add             r31=r31,carry2          };;
-{ .mfb;         getf.sig        r22=f57         }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r19,r18
-                add             r20=r20,r19     }
-{ .mfb; nop.m   0x0                             }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r31,carry2        };;
-{ .mfb;         getf.sig        r23=f48         }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r20,r19
-                add             r21=r21,r20     }
-{ .mii;
-(p6)    add             carry1=1,carry1         }
-{ .mfb; st8             [r33]=r31,16            };;
-
-{ .mfb; getf.sig        r24=f112                }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r21,r20
-                add             r22=r22,r21     };;
-{ .mfb; getf.sig        r25=f103                }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r22,r21
-                add             r23=r23,r22     };;
-{ .mfb; getf.sig        r26=f94                 }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r23,r22
-                add             r23=r23,carry1  };;
-{ .mfb; getf.sig        r27=f85                 }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p8=r23,carry1};;
-{ .mii; getf.sig        r28=f76
-        add             r25=r25,r24
-        mov             carry1=0                }
-{ .mii;         st8             [r32]=r23,16
-        (p7)    add             carry2=1,carry3
-        (p8)    add             carry2=0,carry3 };;
-
-{ .mfb; nop.m   0x0                             }
-{ .mii; getf.sig        r29=f67
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mfb; getf.sig        r30=f58                 }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r27=r27,r26             };;
-{ .mfb;         getf.sig        r16=f113        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r27,r26
-        add             r28=r28,r27             };;
-{ .mfb;         getf.sig        r17=f104        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r28,r27
-        add             r29=r29,r28             };;
-{ .mfb;         getf.sig        r18=f95         }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r29,r28
-        add             r30=r30,r29             };;
-{ .mii;         getf.sig        r19=f86
-                add             r17=r17,r16
-                mov             carry3=0        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r30,r29
-        add             r30=r30,carry2          };;
-{ .mii;         getf.sig        r20=f77
-                cmp.ltu         p7,p0=r17,r16
-                add             r18=r18,r17     }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r30,carry2        };;
-{ .mfb;         getf.sig        r21=f68         }
-{ .mii; st8             [r33]=r30,16
-(p6)    add             carry1=1,carry1         };;
-
-{ .mfb; getf.sig        r24=f114                }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r18,r17
-                add             r19=r19,r18     };;
-{ .mfb; getf.sig        r25=f105                }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r19,r18
-                add             r20=r20,r19     };;
-{ .mfb; getf.sig        r26=f96                 }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r20,r19
-                add             r21=r21,r20     };;
-{ .mfb; getf.sig        r27=f87                 }
-{ .mii; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p0=r21,r20
-                add             r21=r21,carry1  };;
-{ .mib; getf.sig        r28=f78                 
-        add             r25=r25,r24             }
-{ .mib; (p7)    add             carry3=1,carry3
-                cmp.ltu         p7,p8=r21,carry1};;
-{ .mii;         st8             [r32]=r21,16
-        (p7)    add             carry2=1,carry3
-        (p8)    add             carry2=0,carry3 }
-
-{ .mii; mov             carry1=0
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mfb;         getf.sig        r16=f115        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r27=r27,r26             };;
-{ .mfb;         getf.sig        r17=f106        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r27,r26
-        add             r28=r28,r27             };;
-{ .mfb;         getf.sig        r18=f97         }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r28,r27
-        add             r28=r28,carry2          };;
-{ .mib;         getf.sig        r19=f88
-                add             r17=r17,r16     }
-{ .mib;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r28,carry2        };;
-{ .mii; st8             [r33]=r28,16
-(p6)    add             carry1=1,carry1         }
-
-{ .mii;         mov             carry2=0
-                cmp.ltu         p7,p0=r17,r16
-                add             r18=r18,r17     };;
-{ .mfb; getf.sig        r24=f116                }
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r18,r17
-                add             r19=r19,r18     };;
-{ .mfb; getf.sig        r25=f107                }
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r19,r18
-                add             r19=r19,carry1  };;
-{ .mfb; getf.sig        r26=f98                 }
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r19,carry1};;
-{ .mii;         st8             [r32]=r19,16
-        (p7)    add             carry2=1,carry2 }
-
-{ .mfb; add             r25=r25,r24             };;
-
-{ .mfb;         getf.sig        r16=f117        }
-{ .mii; mov             carry1=0
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mfb;         getf.sig        r17=f108        }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r26=r26,carry2          };;
-{ .mfb; nop.m   0x0                             }
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,carry2        };;
-{ .mii; st8             [r33]=r26,16
-(p6)    add             carry1=1,carry1         }
-
-{ .mfb;         add             r17=r17,r16     };;
-{ .mfb; getf.sig        r24=f118                }
-{ .mii;         mov             carry2=0
-                cmp.ltu         p7,p0=r17,r16
-                add             r17=r17,carry1  };;
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r17,carry1};;
-{ .mii;         st8             [r32]=r17
-        (p7)    add             carry2=1,carry2 };;
-{ .mfb; add             r24=r24,carry2          };;
-{ .mib; st8             [r33]=r24               }
-
-{ .mib; rum             1<<5            // clear um.mfh
-        br.ret.sptk.many        b0      };;
-.endp   bn_mul_comba8#
-#undef  carry3
-#undef  carry2
-#undef  carry1
-#endif
-
-#if 1
-// It's possible to make it faster (see comment to bn_sqr_comba8), but
-// I reckon it doesn't worth the effort. Basically because the routine
-// (actually both of them) practically never called... So I just play
-// same trick as with bn_sqr_comba8.
-//
-// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-//
-.global bn_sqr_comba4#
-.proc   bn_sqr_comba4#
-.align  64
-bn_sqr_comba4:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii; alloc   r2=ar.pfs,2,1,0,0
-        addp4   r32=0,r32
-        addp4   r33=0,r33               };;
-{ .mii;
-#else
-{ .mii; alloc   r2=ar.pfs,2,1,0,0
-#endif
-        mov     r34=r33
-        add     r14=8,r33               };;
-        .body
-{ .mii; add     r17=8,r34
-        add     r15=16,r33
-        add     r18=16,r34              }
-{ .mfb; add     r16=24,r33
-        br      .L_cheat_entry_point4   };;
-.endp   bn_sqr_comba4#
-#endif
-
-#if 1
-// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
-//
-// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define carry1  r14
-#define carry2  r15
-.global bn_mul_comba4#
-.proc   bn_mul_comba4#
-.align  64
-bn_mul_comba4:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii; alloc   r2=ar.pfs,3,0,0,0
-        addp4   r33=0,r33
-        addp4   r34=0,r34               };;
-{ .mii; addp4   r32=0,r32
-#else
-{ .mii; alloc   r2=ar.pfs,3,0,0,0
-#endif
-        add     r14=8,r33
-        add     r17=8,r34               }
-        .body
-{ .mii; add     r15=16,r33
-        add     r18=16,r34
-        add     r16=24,r33              };;
-.L_cheat_entry_point4:
-{ .mmi; add     r19=24,r34
-
-        ldf8    f32=[r33]               }
-
-{ .mmi; ldf8    f120=[r34]
-        ldf8    f121=[r17]              };;
-{ .mmi; ldf8    f122=[r18]
-        ldf8    f123=[r19]              }
-
-{ .mmi; ldf8    f33=[r14]
-        ldf8    f34=[r15]               }
-{ .mfi; ldf8    f35=[r16]
-
-                xma.hu  f41=f32,f120,f0         }
-{ .mfi;         xma.lu  f40=f32,f120,f0         };;
-{ .mfi;         xma.hu  f51=f32,f121,f0         }
-{ .mfi;         xma.lu  f50=f32,f121,f0         };;
-{ .mfi;         xma.hu  f61=f32,f122,f0         }
-{ .mfi;         xma.lu  f60=f32,f122,f0         };;
-{ .mfi;         xma.hu  f71=f32,f123,f0         }
-{ .mfi;         xma.lu  f70=f32,f123,f0         };;//
-// Major stall takes place here, and 3 more places below. Result from
-// first xma is not available for another 3 ticks.
-{ .mfi; getf.sig        r16=f40
-                xma.hu  f42=f33,f120,f41
-        add             r33=8,r32               }
-{ .mfi;         xma.lu  f41=f33,f120,f41        };;
-{ .mfi; getf.sig        r24=f50
-                xma.hu  f52=f33,f121,f51        }
-{ .mfi;         xma.lu  f51=f33,f121,f51        };;
-{ .mfi; st8             [r32]=r16,16
-                xma.hu  f62=f33,f122,f61        }
-{ .mfi;         xma.lu  f61=f33,f122,f61        };;
-{ .mfi;         xma.hu  f72=f33,f123,f71        }
-{ .mfi;         xma.lu  f71=f33,f123,f71        };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r25=f41
-                xma.hu  f43=f34,f120,f42        }
-{ .mfi;         xma.lu  f42=f34,f120,f42        };;
-{ .mfi; getf.sig        r16=f60
-                xma.hu  f53=f34,f121,f52        }
-{ .mfi;         xma.lu  f52=f34,f121,f52        };;
-{ .mfi; getf.sig        r17=f51
-                xma.hu  f63=f34,f122,f62
-        add             r25=r25,r24             }
-{ .mfi; mov             carry1=0
-                xma.lu  f62=f34,f122,f62        };;
-{ .mfi; st8             [r33]=r25,16
-                xma.hu  f73=f34,f123,f72
-        cmp.ltu         p6,p0=r25,r24           }
-{ .mfi;         xma.lu  f72=f34,f123,f72        };;//
-//-------------------------------------------------//
-{ .mfi; getf.sig        r18=f42
-                xma.hu  f44=f35,f120,f43
-(p6)    add             carry1=1,carry1         }
-{ .mfi; add             r17=r17,r16
-                xma.lu  f43=f35,f120,f43
-        mov             carry2=0                };;
-{ .mfi; getf.sig        r24=f70
-                xma.hu  f54=f35,f121,f53
-        cmp.ltu         p7,p0=r17,r16           }
-{ .mfi;         xma.lu  f53=f35,f121,f53        };;
-{ .mfi; getf.sig        r25=f61
-                xma.hu  f64=f35,f122,f63
-        add             r18=r18,r17             }
-{ .mfi;         xma.lu  f63=f35,f122,f63
-(p7)    add             carry2=1,carry2         };;
-{ .mfi; getf.sig        r26=f52
-                xma.hu  f74=f35,f123,f73
-        cmp.ltu         p7,p0=r18,r17           }
-{ .mfi;         xma.lu  f73=f35,f123,f73
-        add             r18=r18,carry1          };;
-//-------------------------------------------------//
-{ .mii; st8             [r32]=r18,16
-(p7)    add             carry2=1,carry2
-        cmp.ltu         p7,p0=r18,carry1        };;
-
-{ .mfi; getf.sig        r27=f43 // last major stall
-(p7)    add             carry2=1,carry2         };;
-{ .mii;         getf.sig        r16=f71
-        add             r25=r25,r24
-        mov             carry1=0                };;
-{ .mii;         getf.sig        r17=f62 
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r27=r27,r26             };;
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r27,r26
-        add             r27=r27,carry2          };;
-{ .mii;         getf.sig        r18=f53
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r27,carry2        };;
-{ .mfi; st8             [r33]=r27,16
-(p6)    add             carry1=1,carry1         }
-
-{ .mii;         getf.sig        r19=f44
-                add             r17=r17,r16
-                mov             carry2=0        };;
-{ .mii; getf.sig        r24=f72
-                cmp.ltu         p7,p0=r17,r16
-                add             r18=r18,r17     };;
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r18,r17
-                add             r19=r19,r18     };;
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r19,r18
-                add             r19=r19,carry1  };;
-{ .mii; getf.sig        r25=f63
-        (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r19,carry1};;
-{ .mii;         st8             [r32]=r19,16
-        (p7)    add             carry2=1,carry2 }
-
-{ .mii; getf.sig        r26=f54
-        add             r25=r25,r24
-        mov             carry1=0                };;
-{ .mii;         getf.sig        r16=f73
-        cmp.ltu         p6,p0=r25,r24
-        add             r26=r26,r25             };;
-{ .mii;
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,r25
-        add             r26=r26,carry2          };;
-{ .mii;         getf.sig        r17=f64
-(p6)    add             carry1=1,carry1
-        cmp.ltu         p6,p0=r26,carry2        };;
-{ .mii; st8             [r33]=r26,16
-(p6)    add             carry1=1,carry1         }
-
-{ .mii; getf.sig        r24=f74
-                add             r17=r17,r16     
-                mov             carry2=0        };;
-{ .mii;         cmp.ltu         p7,p0=r17,r16
-                add             r17=r17,carry1  };;
-
-{ .mii; (p7)    add             carry2=1,carry2
-                cmp.ltu         p7,p0=r17,carry1};;
-{ .mii;         st8             [r32]=r17,16
-        (p7)    add             carry2=1,carry2 };;
-
-{ .mii; add             r24=r24,carry2          };;
-{ .mii; st8             [r33]=r24               }
-
-{ .mib; rum             1<<5            // clear um.mfh
-        br.ret.sptk.many        b0      };;
-.endp   bn_mul_comba4#
-#undef  carry2
-#undef  carry1
-#endif
-
-#if 1
-//
-// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-//
-// In the nutshell it's a port of my MIPS III/IV implementation.
-//
-#define AT      r14
-#define H       r16
-#define HH      r20
-#define L       r17
-#define D       r18
-#define DH      r22
-#define I       r21
-
-#if 0
-// Some preprocessors (most notably HP-UX) appear to be allergic to
-// macros enclosed to parenthesis [as these three were].
-#define cont    p16
-#define break   p0      // p20
-#define equ     p24
-#else
-cont=p16
-break=p0
-equ=p24
-#endif
-
-.global abort#
-.global bn_div_words#
-.proc   bn_div_words#
-.align  64
-bn_div_words:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r2
-        .save   b0,r3
-{ .mii; alloc           r2=ar.pfs,3,5,0,8
-        mov             r3=b0
-        mov             r10=pr          };;
-{ .mmb; cmp.eq          p6,p0=r34,r0
-        mov             r8=-1
-(p6)    br.ret.spnt.many        b0      };;
-
-        .body
-{ .mii; mov             H=r32           // save h
-        mov             ar.ec=0         // don't rotate at exit
-        mov             pr.rot=0        }
-{ .mii; mov             L=r33           // save l
-        mov             r36=r0          };;
-
-.L_divw_shift:  // -vv- note signed comparison
-{ .mfi; (p0)    cmp.lt          p16,p0=r0,r34   // d
-        (p0)    shladd          r33=r34,1,r0    }
-{ .mfb; (p0)    add             r35=1,r36
-        (p0)    nop.f           0x0
-(p16)   br.wtop.dpnt            .L_divw_shift   };;
-
-{ .mii; mov             D=r34
-        shr.u           DH=r34,32
-        sub             r35=64,r36              };;
-{ .mii; setf.sig        f7=DH
-        shr.u           AT=H,r35
-        mov             I=r36                   };;
-{ .mib; cmp.ne          p6,p0=r0,AT
-        shl             H=H,r36
-(p6)    br.call.spnt.clr        b0=abort        };;     // overflow, die...
-
-{ .mfi; fcvt.xuf.s1     f7=f7
-        shr.u           AT=L,r35                };;
-{ .mii; shl             L=L,r36
-        or              H=H,AT                  };;
-
-{ .mii; nop.m           0x0
-        cmp.leu         p6,p0=D,H;;
-(p6)    sub             H=H,D                   }
-
-{ .mlx; setf.sig        f14=D
-        movl            AT=0xffffffff           };;
-///////////////////////////////////////////////////////////
-{ .mii; setf.sig        f6=H
-        shr.u           HH=H,32;;
-        cmp.eq          p6,p7=HH,DH             };;
-{ .mfb;
-(p6)    setf.sig        f8=AT
-(p7)    fcvt.xuf.s1     f6=f6
-(p7)    br.call.sptk    b6=.L_udiv64_32_b6      };;
-
-{ .mfi; getf.sig        r33=f8                          // q
-        xmpy.lu         f9=f8,f14               }
-{ .mfi; xmpy.hu         f10=f8,f14
-        shrp            H=H,L,32                };;
-
-{ .mmi; getf.sig        r35=f9                          // tl
-        getf.sig        r31=f10                 };;     // th
-
-.L_divw_1st_iter:
-{ .mii; (p0)    add             r32=-1,r33
-        (p0)    cmp.eq          equ,cont=HH,r31         };;
-{ .mii; (p0)    cmp.ltu         p8,p0=r35,D
-        (p0)    sub             r34=r35,D
-        (equ)   cmp.leu         break,cont=r35,H        };;
-{ .mib; (cont)  cmp.leu         cont,break=HH,r31
-        (p8)    add             r31=-1,r31
-(cont)  br.wtop.spnt            .L_divw_1st_iter        };;
-///////////////////////////////////////////////////////////
-{ .mii; sub             H=H,r35
-        shl             r8=r33,32
-        shl             L=L,32                  };;
-///////////////////////////////////////////////////////////
-{ .mii; setf.sig        f6=H
-        shr.u           HH=H,32;;
-        cmp.eq          p6,p7=HH,DH             };;
-{ .mfb;
-(p6)    setf.sig        f8=AT
-(p7)    fcvt.xuf.s1     f6=f6
-(p7)    br.call.sptk    b6=.L_udiv64_32_b6      };;
-
-{ .mfi; getf.sig        r33=f8                          // q
-        xmpy.lu         f9=f8,f14               }
-{ .mfi; xmpy.hu         f10=f8,f14
-        shrp            H=H,L,32                };;
-
-{ .mmi; getf.sig        r35=f9                          // tl
-        getf.sig        r31=f10                 };;     // th
-
-.L_divw_2nd_iter:
-{ .mii; (p0)    add             r32=-1,r33
-        (p0)    cmp.eq          equ,cont=HH,r31         };;
-{ .mii; (p0)    cmp.ltu         p8,p0=r35,D
-        (p0)    sub             r34=r35,D
-        (equ)   cmp.leu         break,cont=r35,H        };;
-{ .mib; (cont)  cmp.leu         cont,break=HH,r31
-        (p8)    add             r31=-1,r31
-(cont)  br.wtop.spnt            .L_divw_2nd_iter        };;
-///////////////////////////////////////////////////////////
-{ .mii; sub     H=H,r35
-        or      r8=r8,r33
-        mov     ar.pfs=r2               };;
-{ .mii; shr.u   r9=H,I                  // remainder if anybody wants it
-        mov     pr=r10,0x1ffff          }
-{ .mfb; br.ret.sptk.many        b0      };;
-
-// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
-// procedure.
-//
-// inputs:      f6 = (double)a, f7 = (double)b
-// output:      f8 = (int)(a/b)
-// clobbered:   f8,f9,f10,f11,pred
-pred=p15
-// One can argue that this snippet is copyrighted to Intel
-// Corporation, as it's essentially identical to one of those
-// found in "Divide, Square Root and Remainder" section at
-// http://www.intel.com/software/products/opensource/libraries/num.htm.
-// Yes, I admit that the referred code was used as template,
-// but after I realized that there hardly is any other instruction
-// sequence which would perform this operation. I mean I figure that
-// any independent attempt to implement high-performance division
-// will result in code virtually identical to the Intel code. It
-// should be noted though that below division kernel is 1 cycle
-// faster than Intel one (note commented splits:-), not to mention
-// original prologue (rather lack of one) and epilogue.
-.align  32
-.skip   16
-.L_udiv64_32_b6:
-        frcpa.s1        f8,pred=f6,f7;;         // [0]  y0 = 1 / b
-
-(pred)  fnma.s1         f9=f7,f8,f1             // [5]  e0 = 1 - b * y0
-(pred)  fmpy.s1         f10=f6,f8;;             // [5]  q0 = a * y0
-(pred)  fmpy.s1         f11=f9,f9               // [10] e1 = e0 * e0
-(pred)  fma.s1          f10=f9,f10,f10;;        // [10] q1 = q0 + e0 * q0
-(pred)  fma.s1          f8=f9,f8,f8     //;;    // [15] y1 = y0 + e0 * y0
-(pred)  fma.s1          f9=f11,f10,f10;;        // [15] q2 = q1 + e1 * q1
-(pred)  fma.s1          f8=f11,f8,f8    //;;    // [20] y2 = y1 + e1 * y1
-(pred)  fnma.s1         f10=f7,f9,f6;;          // [20] r2 = a - b * q2
-(pred)  fma.s1          f8=f10,f8,f9;;          // [25] q3 = q2 + r2 * y2
-
-        fcvt.fxu.trunc.s1       f8=f8           // [30] q = trunc(q3)
-        br.ret.sptk.many        b6;;
-.endp   bn_div_words#
-#endif
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2.s b/src/lib/libcrypto/bn/asm/pa-risc2.s
deleted file mode 100644
index f3b16290eb..0000000000
--- a/src/lib/libcrypto/bn/asm/pa-risc2.s
+++ /dev/null
@@ -1,1618 +0,0 @@
-;
-; PA-RISC 2.0 implementation of bn_asm code, based on the
-; 64-bit version of the code.  This code is effectively the
-; same as the 64-bit version except the register model is
-; slightly different given all values must be 32-bit between
-; function calls.  Thus the 64-bit return values are returned
-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
-;
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-        .level  2.0N
-        .space  $TEXT$
-        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 32-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28,r29  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-n           .reg %r23
-
-;
-; Note that the "w" argument for bn_mul_add_words and bn_mul_words
-; is passed on the stack at a delta of -56 from the top of stack
-; as the routine is entered.
-;
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r23
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;                                                               int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg3 = num
-; -56(sp) =  w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-        .proc
-        .callinfo frame=128
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-        NOP                         ; Needed to make the loop 16-byte aligned
-        NOP                         ; needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-        NOP
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-
-    STD     %r8,40(%sp)         ; save r8  
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-        LDO     128(%sp),%sp        ; bump stack
-
-        ;
-        ; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-        ;
-        CMPIB,= 1,num,bn_mul_add_words_single_top
-        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
-        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-        LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret1            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-        
-    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg3 = num
-; w on stack at -56(sp)
-
-bn_mul_words
-        .proc
-        .callinfo frame=128
-    .entry
-        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-        NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-        LDO     128(%sp),%sp    ; bump stack
-
-        ;
-        ; See if only 1 word to do, thus just do cleanup
-        ;
-        CMPIB,= 1,num,bn_mul_words_single_top
-        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-        ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
-        ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-        COPY    ht_1,%ret1                ; carry = ht
-        LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-        CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret1                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-        .PROCEND        
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-        NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-        LDO     128(%sp),%sp       ; bump stack
-
-        ;
-        ; If only 1, the goto straight to cleanup
-        ;
-        CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-        LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-        CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-        .proc
-    .entry
-        .callinfo
-        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-        .align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-        ;
-        ; If 2 or more numbers do the loop
-        ;
-        CMPIB,= 1,n,bn_add_words_single_top
-        NOP
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-bn_add_words_unroll2
-        LDD     0(a_ptr),t
-        LDD     0(b_ptr),b
-        ADD     t,%ret1,t                    ; t = t+c;
-        ADD,DC  %r0,%r0,%ret1                ; set c to carry
-        ADD     t,b,l                        ; l = t + b[0]
-        ADD,DC  %ret1,%r0,%ret1              ; c+= carry
-        STD     l,0(r_ptr)
-
-        LDD     8(a_ptr),t
-        LDD     8(b_ptr),b
-        ADD     t,%ret1,t                     ; t = t+c;
-        ADD,DC  %r0,%r0,%ret1                 ; set c to carry
-        ADD     t,b,l                         ; l = t + b[0]
-        ADD,DC  %ret1,%r0,%ret1               ; c+= carry
-        STD     l,8(r_ptr)
-
-        LDO     -2(n),n
-        LDO     16(a_ptr),a_ptr
-        LDO     16(b_ptr),b_ptr
-
-        CMPIB,<= 2,n,bn_add_words_unroll2
-        LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-        LDD     0(a_ptr),t
-        LDD     0(b_ptr),b
-
-        ADD     t,%ret1,t                 ; t = t+c;
-        ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
-        ADD     t,b,l                     ; l = t + b[0]
-        ADD,DC  %ret1,%r0,%ret1           ; c+= carry
-        STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-        .proc
-        .callinfo 
-        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-        ;
-        ; If 2 or more numbers do the loop
-        ;
-        CMPIB,= 1,n,bn_sub_words_single_top
-        NOP
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-bn_sub_words_unroll2
-        LDD     0(a_ptr),t1
-        LDD     0(b_ptr),t2
-        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
-
-        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret1
-        STD     sub_tmp1,0(r_ptr)
-
-        LDD     8(a_ptr),t1
-        LDD     8(b_ptr),t2
-        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret1
-        STD     sub_tmp1,8(r_ptr)
-
-        LDO     -2(n),n
-        LDO     16(a_ptr),a_ptr
-        LDO     16(b_ptr),b_ptr
-
-        CMPIB,<= 2,n,bn_sub_words_unroll2
-        LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-        LDD     0(a_ptr),t1
-        LDD     0(b_ptr),t2
-        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret1
-
-        STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just output from the HP C compiler.  
-;
-;------------------------------------------------------------------------------
-bn_div_words
-        .PROC
-        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
-        .IMPORT BN_num_bits_word,CODE
-        ;--- not PIC    .IMPORT __iob,DATA
-        ;--- not PIC    .IMPORT fprintf,CODE
-        .IMPORT abort,CODE
-        .IMPORT $$div2U,MILLICODE
-        .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-        .ENTRY
-        STW     %r2,-20(%r30)   ;offset 0x8ec
-        STW,MA  %r3,192(%r30)   ;offset 0x8f0
-        STW     %r4,-188(%r30)  ;offset 0x8f4
-        DEPD    %r5,31,32,%r6   ;offset 0x8f8
-        STD     %r6,-184(%r30)  ;offset 0x8fc
-        DEPD    %r7,31,32,%r8   ;offset 0x900
-        STD     %r8,-176(%r30)  ;offset 0x904
-        STW     %r9,-168(%r30)  ;offset 0x908
-        LDD     -248(%r30),%r3  ;offset 0x90c
-        COPY    %r26,%r4        ;offset 0x910
-        COPY    %r24,%r5        ;offset 0x914
-        DEPD    %r25,31,32,%r4  ;offset 0x918
-        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
-        DEPD    %r23,31,32,%r5  ;offset 0x920
-        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
-        EXTRD,U %r29,31,32,%r28 ;offset 0x928
-$0006002A
-        LDO     -1(%r29),%r29   ;offset 0x92c
-        SUB     %r23,%r7,%r23   ;offset 0x930
-$00060024
-        SUB     %r4,%r31,%r25   ;offset 0x934
-        AND     %r25,%r19,%r26  ;offset 0x938
-        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
-        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
-        OR      %r20,%r24,%r21  ;offset 0x944
-        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
-        SUB     %r31,%r2,%r31   ;offset 0x94c
-$00060046
-$0006002E
-        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
-        EXTRD,U %r23,31,32,%r26 ;offset 0x954
-        AND     %r25,%r19,%r24  ;offset 0x958
-        ADD,L   %r31,%r26,%r31  ;offset 0x95c
-        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
-        LDO     1(%r31),%r31    ;offset 0x964
-$00060032
-        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
-        LDO     -1(%r29),%r29   ;offset 0x96c
-        ADD,L   %r4,%r3,%r4     ;offset 0x970
-$00060036
-        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
-        SUB     %r5,%r24,%r28   ;offset 0x978
-$0006003A
-        SUB     %r4,%r31,%r24   ;offset 0x97c
-        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
-        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
-        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
-$0006001C
-        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
-        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
-        MOVB,TR %r6,%r29,$D1    ;offset 0x994
-        STD     %r29,-152(%r30) ;offset 0x998
-$0006000C
-        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
-        COPY    %r3,%r26        ;offset 0x9a0
-        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
-        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
-        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
-        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
-        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
-        LDI     64,%r20 ;offset 0x9b4
-        DEPD    %r7,31,32,%r5   ;offset 0x9b8
-        DEPD    %r8,31,32,%r4   ;offset 0x9bc
-        DEPD    %r9,31,32,%r3   ;offset 0x9c0
-        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
-        COPY    %r28,%r24       ;offset 0x9c8
-        MTSARCM %r24    ;offset 0x9cc
-        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
-        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
-$00060012
-        SUBI    64,%r24,%r31    ;offset 0x9d8
-        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
-        SUB     %r4,%r3,%r4     ;offset 0x9e0
-$00060016
-        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
-        COPY    %r0,%r9 ;offset 0x9e8
-        MTSARCM %r31    ;offset 0x9ec
-        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
-        SUBI    64,%r31,%r26    ;offset 0x9f4
-        MTSAR   %r26    ;offset 0x9f8
-        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
-        MTSARCM %r31    ;offset 0xa00
-        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
-$0006001A
-        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
-        AND     %r3,%r19,%r29   ;offset 0xa0c
-        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
-        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
-        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
-        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
-$D2
-        ;--- not PIC    ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
-        ;--- not PIC    LDIL    LR'C$7,%r21     ;offset 0xa24
-        ;--- not PIC    LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
-        ;--- not PIC    .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
-        ;--- not PIC    B,L     fprintf,%r2     ;offset 0xa2c
-        ;--- not PIC    LDO     RR'C$7(%r21),%r25       ;offset 0xa30
-        .CALL           ;
-        B,L     abort,%r2       ;offset 0xa34
-        NOP             ;offset 0xa38
-        B       $D3     ;offset 0xa3c
-        LDW     -212(%r30),%r2  ;offset 0xa40
-$00060020
-        COPY    %r4,%r26        ;offset 0xa44
-        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
-        COPY    %r2,%r24        ;offset 0xa4c
-        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-        B,L     $$div2U,%r31    ;offset 0xa50
-        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
-        DEPD    %r28,31,32,%r29 ;offset 0xa58
-$00060022
-        STD     %r29,-152(%r30) ;offset 0xa5c
-$D1
-        AND     %r5,%r19,%r24   ;offset 0xa60
-        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
-        STW     %r2,-160(%r30)  ;offset 0xa68
-        STW     %r7,-128(%r30)  ;offset 0xa6c
-        FLDD    -152(%r30),%fr4 ;offset 0xa70
-        FLDD    -152(%r30),%fr7 ;offset 0xa74
-        FLDW    -160(%r30),%fr8L        ;offset 0xa78
-        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
-        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
-        FSTD    %fr10,-136(%r30)        ;offset 0xa84
-        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
-        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
-        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
-        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
-        FSTD    %fr11,-112(%r30)        ;offset 0xa98
-        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
-        LDD     -136(%r30),%r28 ;offset 0xaa0
-        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
-        LDD     -144(%r30),%r20 ;offset 0xaa8
-        ADD,L   %r20,%r31,%r31  ;offset 0xaac
-        LDD     -112(%r30),%r22 ;offset 0xab0
-        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
-        LDD     -120(%r30),%r21 ;offset 0xab8
-        B       $00060024       ;offset 0xabc
-        ADD,L   %r21,%r22,%r23  ;offset 0xac0
-$D0
-        OR      %r9,%r29,%r29   ;offset 0xac4
-$00060040
-        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
-$00060002
-$L2
-        LDW     -212(%r30),%r2  ;offset 0xacc
-$D3
-        LDW     -168(%r30),%r9  ;offset 0xad0
-        LDD     -176(%r30),%r8  ;offset 0xad4
-        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
-        LDD     -184(%r30),%r6  ;offset 0xadc
-        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
-        LDW     -188(%r30),%r4  ;offset 0xae4
-        BVE     (%r2)   ;offset 0xae8
-        .EXIT
-        LDW,MB  -192(%r30),%r3  ;offset 0xaec
-        .PROCEND        ;in=23,25;out=28,29;fpin=105,107;
-
-
-
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-        .PROC
-        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-        SQR_ADD_C a0L,a0R,c1,c2,c3
-        STD     c1,0(r_ptr)          ; r[0] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-        STD     c2,8(r_ptr)          ; r[1] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-        STD     c3,16(r_ptr)            ; r[2] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-        STD     c1,24(r_ptr)           ; r[3] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-        STD     c2,32(r_ptr)          ; r[4] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-        STD     c3,40(r_ptr)          ; r[5] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C a3L,a3R,c1,c2,c3
-        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-        STD     c1,48(r_ptr)          ; r[6] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-        STD     c2,56(r_ptr)          ; r[7] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a4L,a4R,c3,c1,c2
-        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-        STD     c3,64(r_ptr)          ; r[8] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-        STD     c1,72(r_ptr)          ; r[9] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a5L,a5R,c2,c3,c1
-        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-        STD     c2,80(r_ptr)          ; r[10] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-        STD     c3,88(r_ptr)          ; r[11] = c3;
-        COPY    %r0,c3
-        
-        SQR_ADD_C a6L,a6R,c1,c2,c3
-        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-        STD     c1,96(r_ptr)          ; r[12] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-        STD     c2,104(r_ptr)         ; r[13] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a7L,a7R,c3,c1,c2
-        STD     c3, 112(r_ptr)       ; r[14] = c3
-        STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-        SQR_ADD_C a0L,a0R,c1,c2,c3
-
-        STD     c1,0(r_ptr)          ; r[0] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-        STD     c2,8(r_ptr)          ; r[1] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-        STD     c3,16(r_ptr)            ; r[2] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-        STD     c1,24(r_ptr)           ; r[3] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-        STD     c2,32(r_ptr)           ; r[4] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-        STD     c3,40(r_ptr)           ; r[5] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C a3L,a3R,c1,c2,c3
-        STD     c1,48(r_ptr)           ; r[6] = c1;
-        STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-        STD       c1,0(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-        STD       c2,8(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-        STD       c3,16(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-        STD       c1,24(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-        STD       c2,32(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-        STD       c3,40(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-        STD       c1,48(r_ptr)
-        COPY      %r0,c1
-        
-        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-        STD       c2,56(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-        STD       c3,64(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-        STD       c1,72(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-        STD       c2,80(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-        STD       c3,88(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-        STD       c1,96(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-        STD       c2,104(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-        STD       c3,112(r_ptr)
-        STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-        STD       c1,0(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-        STD       c2,8(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-        STD       c3,16(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-        STD       c1,24(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-        STD       c2,32(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-        STD       c3,40(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-        STD       c1,48(r_ptr)
-        STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-
-;--- not PIC    .SPACE  $TEXT$
-;--- not PIC    .SUBSPA $CODE$
-;--- not PIC    .SPACE  $PRIVATE$,SORT=16
-;--- not PIC    .IMPORT $global$,DATA
-;--- not PIC    .SPACE  $TEXT$
-;--- not PIC    .SUBSPA $CODE$
-;--- not PIC    .SUBSPA $LIT$,ACCESS=0x2c
-;--- not PIC    C$7
-;--- not PIC    .ALIGN  8
-;--- not PIC    .STRINGZ        "Division would overflow (%d)\n"
-        .END
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2W.s b/src/lib/libcrypto/bn/asm/pa-risc2W.s
deleted file mode 100644
index a99545754d..0000000000
--- a/src/lib/libcrypto/bn/asm/pa-risc2W.s
+++ /dev/null
@@ -1,1605 +0,0 @@
-;
-; PA-RISC 64-bit implementation of bn_asm code
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-        .level  2.0W
-        .space  $TEXT$
-        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 64-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     global data pointer    ; r27  (dp)
-;     argument pointer       ; r29  (ap)
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-w           .reg %r23
-n           .reg %r23
-
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r29
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;                                                               int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = num
-; arg3 = w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-        .proc
-        .callinfo frame=128
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-        NOP                         ; Needed to make the loop 16-byte aligned
-        NOP                         ; Needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    STD     %r8,40(%sp)         ; save r8  
-
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-        STD     w,56(%sp)           ; store w on stack
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-        LDO     128(%sp),%sp       ; bump stack
-
-        ;
-        ; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-        ;
-        CMPIB,= 1,num,bn_mul_add_words_single_top
-        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
-        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-        LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret0            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-; arg3 = w
-
-bn_mul_words
-        .proc
-        .callinfo frame=128
-    .entry
-        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-        STD     w,56(%sp)           ; w on stack
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-        LDO     128(%sp),%sp       ; bump stack
-
-        ;
-        ; See if only 1 word to do, thus just do cleanup
-        ;
-        CMPIB,= 1,num,bn_mul_words_single_top
-        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-        ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
-        ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-        COPY    ht_1,%ret0                ; carry = ht
-        LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-        CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret0                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-        NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-        LDO     128(%sp),%sp       ; bump stack
-
-        ;
-        ; If only 1, the goto straight to cleanup
-        ;
-        CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-        LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-        CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-        ;
-        ; Top of loop aligned on 64-byte boundary
-        ;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-        .proc
-    .entry
-        .callinfo
-        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-        .align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-        ;
-        ; If 2 or more numbers do the loop
-        ;
-        CMPIB,= 1,n,bn_add_words_single_top
-        NOP
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-bn_add_words_unroll2
-        LDD     0(a_ptr),t
-        LDD     0(b_ptr),b
-        ADD     t,%ret0,t                    ; t = t+c;
-        ADD,DC  %r0,%r0,%ret0                ; set c to carry
-        ADD     t,b,l                        ; l = t + b[0]
-        ADD,DC  %ret0,%r0,%ret0              ; c+= carry
-        STD     l,0(r_ptr)
-
-        LDD     8(a_ptr),t
-        LDD     8(b_ptr),b
-        ADD     t,%ret0,t                     ; t = t+c;
-        ADD,DC  %r0,%r0,%ret0                 ; set c to carry
-        ADD     t,b,l                         ; l = t + b[0]
-        ADD,DC  %ret0,%r0,%ret0               ; c+= carry
-        STD     l,8(r_ptr)
-
-        LDO     -2(n),n
-        LDO     16(a_ptr),a_ptr
-        LDO     16(b_ptr),b_ptr
-
-        CMPIB,<= 2,n,bn_add_words_unroll2
-        LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-        LDD     0(a_ptr),t
-        LDD     0(b_ptr),b
-
-        ADD     t,%ret0,t                 ; t = t+c;
-        ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
-        ADD     t,b,l                     ; l = t + b[0]
-        ADD,DC  %ret0,%r0,%ret0           ; c+= carry
-        STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-        NOP
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-        .proc
-        .callinfo 
-        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-        ;
-        ; If 2 or more numbers do the loop
-        ;
-        CMPIB,= 1,n,bn_sub_words_single_top
-        NOP
-
-        ;
-        ; This loop is unrolled 2 times (64-byte aligned as well)
-        ;
-bn_sub_words_unroll2
-        LDD     0(a_ptr),t1
-        LDD     0(b_ptr),t2
-        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
-
-        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret0
-        STD     sub_tmp1,0(r_ptr)
-
-        LDD     8(a_ptr),t1
-        LDD     8(b_ptr),t2
-        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret0
-        STD     sub_tmp1,8(r_ptr)
-
-        LDO     -2(n),n
-        LDO     16(a_ptr),a_ptr
-        LDO     16(b_ptr),b_ptr
-
-        CMPIB,<= 2,n,bn_sub_words_unroll2
-        LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-        LDD     0(a_ptr),t1
-        LDD     0(b_ptr),t2
-        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-        LDO      1(%r0),sub_tmp2
-        
-        CMPCLR,*= t1,t2,%r0
-        COPY    sub_tmp2,%ret0
-
-        STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-        NOP
-        .PROCEND        ;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just modified assembly from the compiler, thus the
-; lack of variable names.
-;
-;------------------------------------------------------------------------------
-bn_div_words
-        .proc
-        .callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-        .IMPORT BN_num_bits_word,CODE,NO_RELOCATION
-        .IMPORT __iob,DATA
-        .IMPORT fprintf,CODE,NO_RELOCATION
-        .IMPORT abort,CODE,NO_RELOCATION
-        .IMPORT $$div2U,MILLICODE
-    .entry
-    STD     %r2,-16(%r30)   
-    STD,MA  %r3,352(%r30)   
-    STD     %r4,-344(%r30)  
-    STD     %r5,-336(%r30)  
-    STD     %r6,-328(%r30)  
-    STD     %r7,-320(%r30)  
-    STD     %r8,-312(%r30)  
-    STD     %r9,-304(%r30)  
-    STD     %r10,-296(%r30)
-
-    STD     %r27,-288(%r30)             ; save gp
-
-    COPY    %r24,%r3           ; save d 
-    COPY    %r26,%r4           ; save h (high 64-bits)
-    LDO      -1(%r0),%ret0     ; return -1 by default   
-
-    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
-    COPY    %r25,%r5           ; save l (low 64-bits)
-
-    LDO     -48(%r30),%r29     ; create ap 
-    .CALL   ;in=26,29;out=28;
-    B,L     BN_num_bits_word,%r2 
-    COPY    %r3,%r26        
-    LDD     -288(%r30),%r27    ; restore gp 
-    LDI     64,%r21 
-
-    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
-    COPY    %ret0,%r24             ; i   
-    MTSARCM %r24    
-    DEPDI,Z -1,%sar,1,%r29  
-    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
-
-$00000012
-    SUBI    64,%r24,%r31                       ; i = 64 - i;
-    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
-    SUB     %r4,%r3,%r4                        ; h -= d
-    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
-    COPY    %r0,%r10                           ; ret = 0
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
-    SUBI    64,%r31,%r19                       ; 64 - i; redundent
-    MTSAR   %r19                               ; (64 -i) to shift
-    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
-
-$0000001A
-    DEPDI,Z -1,31,32,%r19                      
-    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
-    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
-    LDO     2(%r0),%r9
-    STD    %r3,-280(%r30)                      ; "d" to stack
-
-$0000001C
-    DEPDI,Z -1,63,32,%r29                      ; 
-    EXTRD,U %r4,31,32,%r31                     ; h >> 32
-    CMPB,*=,N  %r31,%r6,$D2                    ; if ((h>>32) != dh)(forward) div
-    COPY    %r4,%r26       
-    EXTRD,U %r4,31,32,%r25 
-    COPY    %r6,%r24      
-    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-    B,L     $$div2U,%r2     
-    EXTRD,U %r6,31,32,%r23  
-    DEPD    %r28,31,32,%r29 
-$D2
-    STD     %r29,-272(%r30)                   ; q
-    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
-    EXTRD,U %r24,31,32,%r24                 ; ??? 
-    FLDD    -272(%r30),%fr7                 ; q
-    FLDD    -280(%r30),%fr8                 ; d
-    XMPYU   %fr8L,%fr7L,%fr10  
-    FSTD    %fr10,-256(%r30)   
-    XMPYU   %fr8L,%fr7R,%fr22  
-    FSTD    %fr22,-264(%r30)   
-    XMPYU   %fr8R,%fr7L,%fr11 
-    XMPYU   %fr8R,%fr7R,%fr23
-    FSTD    %fr11,-232(%r30)
-    FSTD    %fr23,-240(%r30)
-    LDD     -256(%r30),%r28
-    DEPD,Z  %r28,31,32,%r2 
-    LDD     -264(%r30),%r20
-    ADD,L   %r20,%r2,%r31   
-    LDD     -232(%r30),%r22 
-    DEPD,Z  %r22,31,32,%r22 
-    LDD     -240(%r30),%r21 
-    B       $00000024       ; enter loop  
-    ADD,L   %r21,%r22,%r23 
-
-$0000002A
-    LDO     -1(%r29),%r29   
-    SUB     %r23,%r8,%r23   
-$00000024
-    SUB     %r4,%r31,%r25   
-    AND     %r25,%r19,%r26  
-    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
-    DEPD,Z  %r25,31,32,%r20 
-    OR      %r20,%r24,%r21  
-    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
-    SUB     %r31,%r6,%r31   
-;-------------Break path---------------------
-
-$00000046
-    DEPD,Z  %r23,31,32,%r25              ;tl
-    EXTRD,U %r23,31,32,%r26              ;t
-    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
-    ADD,L   %r31,%r26,%r31               ;th += t; 
-    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
-    LDO     1(%r31),%r31                 ; th++;
-    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
-    LDO     -1(%r29),%r29                ;q--; 
-    ADD,L   %r4,%r3,%r4                  ;h += d;
-$00000036
-    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
-    SUB     %r5,%r24,%r28                ; l -= tl;
-    SUB     %r4,%r31,%r24                ; h -= th;
-    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
-    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
-    b      $0000001C
-    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
-
-$D1
-    OR      %r10,%r29,%r28           ; ret |= q
-$D3
-    LDD     -368(%r30),%r2  
-$D0
-    LDD     -296(%r30),%r10 
-    LDD     -304(%r30),%r9  
-    LDD     -312(%r30),%r8  
-    LDD     -320(%r30),%r7  
-    LDD     -328(%r30),%r6  
-    LDD     -336(%r30),%r5  
-    LDD     -344(%r30),%r4  
-    BVE     (%r2)   
-        .EXIT
-    LDD,MB  -352(%r30),%r3 
-
-bn_div_err_case
-    MFIA    %r6     
-    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
-    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
-    ADDIL   LT'__iob,%r27,%r1       
-    LDD     RT'__iob(%r1),%r26      
-    ADDIL   L'C$4-bn_div_words,%r6,%r1    
-    LDO     R'C$4-bn_div_words(%r1),%r25  
-    LDO     64(%r26),%r26   
-    .CALL           ;in=24,25,26,29;out=28;
-    B,L     fprintf,%r2    
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    .CALL           ;in=29;
-    B,L     abort,%r2      
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    B       $D0         
-    LDD     -368(%r30),%r2  
-        .PROCEND        ;in=24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-        .PROC
-        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-        SQR_ADD_C a0L,a0R,c1,c2,c3
-        STD     c1,0(r_ptr)          ; r[0] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-        STD     c2,8(r_ptr)          ; r[1] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-        STD     c3,16(r_ptr)            ; r[2] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-        STD     c1,24(r_ptr)           ; r[3] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-        STD     c2,32(r_ptr)          ; r[4] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-        STD     c3,40(r_ptr)          ; r[5] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C a3L,a3R,c1,c2,c3
-        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-        STD     c1,48(r_ptr)          ; r[6] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-        STD     c2,56(r_ptr)          ; r[7] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a4L,a4R,c3,c1,c2
-        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-        STD     c3,64(r_ptr)          ; r[8] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-        STD     c1,72(r_ptr)          ; r[9] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a5L,a5R,c2,c3,c1
-        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-        STD     c2,80(r_ptr)          ; r[10] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-        STD     c3,88(r_ptr)          ; r[11] = c3;
-        COPY    %r0,c3
-        
-        SQR_ADD_C a6L,a6R,c1,c2,c3
-        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-        STD     c1,96(r_ptr)          ; r[12] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-        STD     c2,104(r_ptr)         ; r[13] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a7L,a7R,c3,c1,c2
-        STD     c3, 112(r_ptr)       ; r[14] = c3
-        STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-        SQR_ADD_C a0L,a0R,c1,c2,c3
-
-        STD     c1,0(r_ptr)          ; r[0] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-        STD     c2,8(r_ptr)          ; r[1] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C a1L,a1R,c3,c1,c2
-        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-        STD     c3,16(r_ptr)            ; r[2] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-        STD     c1,24(r_ptr)           ; r[3] = c1;
-        COPY    %r0,c1
-
-        SQR_ADD_C a2L,a2R,c2,c3,c1
-        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-        STD     c2,32(r_ptr)           ; r[4] = c2;
-        COPY    %r0,c2
-
-        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-        STD     c3,40(r_ptr)           ; r[5] = c3;
-        COPY    %r0,c3
-
-        SQR_ADD_C a3L,a3R,c1,c2,c3
-        STD     c1,48(r_ptr)           ; r[6] = c1;
-        STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-        STD       c1,0(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-        STD       c2,8(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-        STD       c3,16(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-        STD       c1,24(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-        STD       c2,32(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-        STD       c3,40(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-        STD       c1,48(r_ptr)
-        COPY      %r0,c1
-        
-        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-        STD       c2,56(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-        STD       c3,64(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-        STD       c1,72(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-        STD       c2,80(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-        STD       c3,88(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-        STD       c1,96(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-        STD       c2,104(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-        STD       c3,112(r_ptr)
-        STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-        .proc
-        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-        .align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-        ;
-        ; Zero out carries
-        ;
-        COPY     %r0,c1
-        COPY     %r0,c2
-        COPY     %r0,c3
-
-        LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-        ;
-        ; Load up all of the values we are going to use
-        ;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-        STD       c1,0(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-        STD       c2,8(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-        STD       c3,16(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-        STD       c1,24(r_ptr)
-        COPY      %r0,c1
-
-        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-        STD       c2,32(r_ptr)
-        COPY      %r0,c2
-
-        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-        STD       c3,40(r_ptr)
-        COPY      %r0,c3
-
-        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-        STD       c1,48(r_ptr)
-        STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-        .PROCEND        
-
-
-        .SPACE  $TEXT$
-        .SUBSPA $CODE$
-        .SPACE  $PRIVATE$,SORT=16
-        .IMPORT $global$,DATA
-        .SPACE  $TEXT$
-        .SUBSPA $CODE$
-        .SUBSPA $LIT$,ACCESS=0x2c
-C$4
-        .ALIGN  8
-        .STRINGZ        "Division would overflow (%d)\n"
-        .END
diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
deleted file mode 100644
index 08e0053473..0000000000
--- a/src/lib/libcrypto/bn/asm/ppc.pl
+++ /dev/null
@@ -1,2078 +0,0 @@
-#!/usr/bin/env perl
-#
-# Implemented as a Perl wrapper as we want to support several different
-# architectures with single file. We pick up the target based on the
-# file name we are asked to generate.
-#
-# It should be noted though that this perl code is nothing like
-# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
-# as pre-processor to cover for platform differences in name decoration,
-# linker tables, 32-/64-bit instruction sets...
-#
-# As you might know there're several PowerPC ABI in use. Most notably
-# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
-# are similar enough to implement leaf(!) functions, which would be ABI
-# neutral. And that's what you find here: ABI neutral leaf functions.
-# In case you wonder what that is...
-#
-#       AIX performance
-#
-#       MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
-#
-#       The following is the performance of 32-bit compiler
-#       generated code:
-#
-#       OpenSSL 0.9.6c 21 dec 2001
-#       built on: Tue Jun 11 11:06:51 EDT 2002
-#       options:bn(64,32) ...
-#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
-#                  sign    verify    sign/s verify/s
-#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
-#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
-#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
-#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
-#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
-#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0    
-#
-#       Same bechmark with this assembler code:
-#
-#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
-#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
-#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
-#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
-#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
-#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
-#
-#       Number of operations increases by at almost 75%
-#
-#       Here are performance numbers for 64-bit compiler
-#       generated code:
-#
-#       OpenSSL 0.9.6g [engine] 9 Aug 2002
-#       built on: Fri Apr 18 16:59:20 EDT 2003
-#       options:bn(64,64) ...
-#       compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
-#                  sign    verify    sign/s verify/s
-#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
-#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
-#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
-#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
-#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
-#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
-#
-#       Same benchmark with this assembler code:
-#
-#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
-#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
-#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
-#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
-#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
-#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
-#       
-#       Again, performance increases by at about 75%
-#
-#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
-#       OpenSSL 0.9.7c 30 Sep 2003
-#
-#       Original code.
-#
-#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
-#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
-#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
-#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
-#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
-#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
-#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
-#
-#       Same benchmark with this assembler code:
-#
-#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
-#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
-#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
-#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
-#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
-#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
-#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
-#
-#        Performance increase of ~60%
-#
-#       If you have comments or suggestions to improve code send
-#       me a note at schari@us.ibm.com
-#
-
-$opf = shift;
-
-if ($opf =~ /32\.s/) {
-        $BITS=  32;
-        $BNSZ=  $BITS/8;
-        $ISA=   "\"ppc\"";
-
-        $LD=    "lwz";          # load
-        $LDU=   "lwzu";         # load and update
-        $ST=    "stw";          # store
-        $STU=   "stwu";         # store and update
-        $UMULL= "mullw";        # unsigned multiply low
-        $UMULH= "mulhwu";       # unsigned multiply high
-        $UDIV=  "divwu";        # unsigned divide
-        $UCMPI= "cmplwi";       # unsigned compare with immediate
-        $UCMP=  "cmplw";        # unsigned compare
-        $CNTLZ= "cntlzw";       # count leading zeros
-        $SHL=   "slw";          # shift left
-        $SHR=   "srw";          # unsigned shift right
-        $SHRI=  "srwi";         # unsigned shift right by immediate     
-        $SHLI=  "slwi";         # shift left by immediate
-        $CLRU=  "clrlwi";       # clear upper bits
-        $INSR=  "insrwi";       # insert right
-        $ROTL=  "rotlwi";       # rotate left by immediate
-        $TR=    "tw";           # conditional trap
-} elsif ($opf =~ /64\.s/) {
-        $BITS=  64;
-        $BNSZ=  $BITS/8;
-        $ISA=   "\"ppc64\"";
-
-        # same as above, but 64-bit mnemonics...
-        $LD=    "ld";           # load
-        $LDU=   "ldu";          # load and update
-        $ST=    "std";          # store
-        $STU=   "stdu";         # store and update
-        $UMULL= "mulld";        # unsigned multiply low
-        $UMULH= "mulhdu";       # unsigned multiply high
-        $UDIV=  "divdu";        # unsigned divide
-        $UCMPI= "cmpldi";       # unsigned compare with immediate
-        $UCMP=  "cmpld";        # unsigned compare
-        $CNTLZ= "cntlzd";       # count leading zeros
-        $SHL=   "sld";          # shift left
-        $SHR=   "srd";          # unsigned shift right
-        $SHRI=  "srdi";         # unsigned shift right by immediate     
-        $SHLI=  "sldi";         # shift left by immediate
-        $CLRU=  "clrldi";       # clear upper bits
-        $INSR=  "insrdi";       # insert right 
-        $ROTL=  "rotldi";       # rotate left by immediate
-        $TR=    "td";           # conditional trap
-} else { die "nonsense $opf"; }
-
-( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
-
-# function entry points from the AIX code
-#
-# There are other, more elegant, ways to handle this. We (IBM) chose
-# this approach as it plays well with scripts we run to 'namespace'
-# OpenSSL .i.e. we add a prefix to all the public symbols so we can
-# co-exist in the same process with other implementations of OpenSSL.
-# 'cleverer' ways of doing these substitutions tend to hide data we
-# need to be obvious.
-#
-my @items = ("bn_sqr_comba4",
-             "bn_sqr_comba8",
-             "bn_mul_comba4",
-             "bn_mul_comba8",
-             "bn_sub_words",
-             "bn_add_words",
-             "bn_div_words",
-             "bn_sqr_words",
-             "bn_mul_words",
-             "bn_mul_add_words");
-
-if    ($opf =~ /linux/) {  do_linux();  }
-elsif ($opf =~ /aix/)   {  do_aix();    }
-elsif ($opf =~ /osx/)   {  do_osx();    }
-else                    {  do_bsd();    }
-
-sub do_linux {
-    $d=&data();
-
-    if ($BITS==64) {
-      foreach $t (@items) {
-        $d =~ s/\.$t:/\
-\t.section\t".opd","aw"\
-\t.align\t3\
-\t.globl\t$t\
-$t:\
-\t.quad\t.$t,.TOC.\@tocbase,0\
-\t.size\t$t,24\
-\t.previous\n\
-\t.type\t.$t,\@function\
-\t.globl\t.$t\
-.$t:/g;
-      }
-    }
-    else {
-      foreach $t (@items) {
-        $d=~s/\.$t/$t/g;
-      }
-    }
-    # hide internal labels to avoid pollution of name table...
-    $d=~s/Lppcasm_/.Lppcasm_/gm;
-    print $d;
-}
-
-sub do_aix {
-    # AIX assembler is smart enough to please the linker without
-    # making us do something special...
-    print &data();
-}
-
-# MacOSX 32 bit
-sub do_osx {
-    $d=&data();
-    # Change the bn symbol prefix from '.' to '_'
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    # Change .machine to something OS X asm will accept
-    $d=~s/\.machine.*/.text/g;
-    $d=~s/\#/;/g; # change comment from '#' to ';'
-    print $d;
-}
-
-# BSD (Untested)
-sub do_bsd {
-    $d=&data();
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    print $d;
-}
-
-sub data {
-        local($data)=<<EOF;
-#--------------------------------------------------------------------
-#
-#
-#
-#
-#       File:           ppc32.s
-#
-#       Created by:     Suresh Chari
-#                       IBM Thomas J. Watson Research Library
-#                       Hawthorne, NY
-#
-#
-#       Description:    Optimized assembly routines for OpenSSL crypto
-#                       on the 32 bitPowerPC platform.
-#
-#
-#       Version History
-#
-#       2. Fixed bn_add,bn_sub and bn_div_words, added comments,
-#          cleaned up code. Also made a single version which can
-#          be used for both the AIX and Linux compilers. See NOTE
-#          below.
-#                               12/05/03                Suresh Chari
-#                       (with lots of help from)        Andy Polyakov
-##      
-#       1. Initial version      10/20/02                Suresh Chari
-#
-#
-#       The following file works for the xlc,cc
-#       and gcc compilers.
-#
-#       NOTE:   To get the file to link correctly with the gcc compiler
-#               you have to change the names of the routines and remove
-#               the first .(dot) character. This should automatically
-#               be done in the build process.
-#
-#       Hand optimized assembly code for the following routines
-#       
-#       bn_sqr_comba4
-#       bn_sqr_comba8
-#       bn_mul_comba4
-#       bn_mul_comba8
-#       bn_sub_words
-#       bn_add_words
-#       bn_div_words
-#       bn_sqr_words
-#       bn_mul_words
-#       bn_mul_add_words
-#
-#       NOTE:   It is possible to optimize this code more for
-#       specific PowerPC or Power architectures. On the Northstar
-#       architecture the optimizations in this file do
-#        NOT provide much improvement.
-#
-#       If you have comments or suggestions to improve code send
-#       me a note at schari\@us.ibm.com
-#
-#--------------------------------------------------------------------------
-#
-#       Defines to be used in the assembly code.
-#       
-.set r0,0       # we use it as storage for value of 0
-.set SP,1       # preserved
-.set RTOC,2     # preserved 
-.set r3,3       # 1st argument/return value
-.set r4,4       # 2nd argument/volatile register
-.set r5,5       # 3rd argument/volatile register
-.set r6,6       # ...
-.set r7,7
-.set r8,8
-.set r9,9
-.set r10,10
-.set r11,11
-.set r12,12
-.set r13,13     # not used, nor any other "below" it...
-
-.set BO_IF_NOT,4
-.set BO_IF,12
-.set BO_dCTR_NZERO,16
-.set BO_dCTR_ZERO,18
-.set BO_ALWAYS,20
-.set CR0_LT,0;
-.set CR0_GT,1;
-.set CR0_EQ,2
-.set CR1_FX,4;
-.set CR1_FEX,5;
-.set CR1_VX,6
-.set LR,8
-
-#       Declare function names to be global
-#       NOTE:   For gcc these names MUST be changed to remove
-#               the first . i.e. for example change ".bn_sqr_comba4"
-#               to "bn_sqr_comba4". This should be automatically done
-#               in the build.
-        
-        .globl  .bn_sqr_comba4
-        .globl  .bn_sqr_comba8
-        .globl  .bn_mul_comba4
-        .globl  .bn_mul_comba8
-        .globl  .bn_sub_words
-        .globl  .bn_add_words
-        .globl  .bn_div_words
-        .globl  .bn_sqr_words
-        .globl  .bn_mul_words
-        .globl  .bn_mul_add_words
-        
-# .text section
-        
-        .machine        $ISA
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_sqr_comba4" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4
-.bn_sqr_comba4:
-#
-# Optimized version of bn_sqr_comba4.
-#
-# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-# r3 contains r
-# r4 contains a
-#
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:       
-# 
-# r5,r6 are the two BN_ULONGs being multiplied.
-# r7,r8 are the results of the 32x32 giving 64 bit multiply.
-# r9,r10, r11 are the equivalents of c1,c2, c3.
-# Here's the assembly
-#
-#
-        xor             r0,r0,r0                # set r0 = 0. Used in the addze
-                                                # instructions below
-        
-                                                #sqr_add_c(a,0,c1,c2,c3)
-        $LD             r5,`0*$BNSZ`(r4)                
-        $UMULL          r9,r5,r5                
-        $UMULH          r10,r5,r5               #in first iteration. No need
-                                                #to add since c1=c2=c3=0.
-                                                # Note c3(r11) is NOT set to 0
-                                                # but will be.
-
-        $ST             r9,`0*$BNSZ`(r3)        # r[0]=c1;
-                                                # sqr_add_c2(a,1,0,c2,c3,c1);
-        $LD             r6,`1*$BNSZ`(r4)                
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-                                        
-        addc            r7,r7,r7                # compute (r7,r8)=2*(r7,r8)
-        adde            r8,r8,r8
-        addze           r9,r0                   # catch carry if any.
-                                                # r9= r0(=0) and carry 
-        
-        addc            r10,r7,r10              # now add to temp result.
-        addze           r11,r8                  # r8 added to r11 which is 0 
-        addze           r9,r9
-        
-        $ST             r10,`1*$BNSZ`(r3)       #r[1]=c2; 
-                                                #sqr_add_c(a,1,c3,c1,c2)
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r0
-                                                #sqr_add_c2(a,2,0,c3,c1,c2)
-        $LD             r6,`2*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r7,r7,r7
-        adde            r8,r8,r8
-        addze           r10,r10
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        $ST             r11,`2*$BNSZ`(r3)       #r[2]=c3 
-                                                #sqr_add_c2(a,3,0,c1,c2,c3);
-        $LD             r6,`3*$BNSZ`(r4)                
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r7,r7,r7
-        adde            r8,r8,r8
-        addze           r11,r0
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,2,1,c1,c2,c3);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`2*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r7,r7,r7
-        adde            r8,r8,r8
-        addze           r11,r11
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        $ST             r9,`3*$BNSZ`(r3)        #r[3]=c1
-                                                #sqr_add_c(a,2,c2,c3,c1);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r0
-                                                #sqr_add_c2(a,3,1,c2,c3,c1);
-        $LD             r6,`3*$BNSZ`(r4)                
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r7,r7,r7
-        adde            r8,r8,r8
-        addze           r9,r9
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        $ST             r10,`4*$BNSZ`(r3)       #r[4]=c2
-                                                #sqr_add_c2(a,3,2,c3,c1,c2);
-        $LD             r5,`2*$BNSZ`(r4)                
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r7,r7,r7
-        adde            r8,r8,r8
-        addze           r10,r0
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        $ST             r11,`5*$BNSZ`(r3)       #r[5] = c3
-                                                #sqr_add_c(a,3,c1,c2,c3);
-        $UMULL          r7,r6,r6                
-        $UMULH          r8,r6,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-
-        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
-        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_sqr_comba8" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-        
-.align  4
-.bn_sqr_comba8:
-#
-# This is an optimized version of the bn_sqr_comba8 routine.
-# Tightly uses the adde instruction
-#
-#
-# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-# r3 contains r
-# r4 contains a
-#
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:       
-# 
-# r5,r6 are the two BN_ULONGs being multiplied.
-# r7,r8 are the results of the 32x32 giving 64 bit multiply.
-# r9,r10, r11 are the equivalents of c1,c2, c3.
-#
-# Possible optimization of loading all 8 longs of a into registers
-# doesnt provide any speedup
-# 
-
-        xor             r0,r0,r0                #set r0 = 0.Used in addze
-                                                #instructions below.
-
-                                                #sqr_add_c(a,0,c1,c2,c3);
-        $LD             r5,`0*$BNSZ`(r4)
-        $UMULL          r9,r5,r5                #1st iteration: no carries.
-        $UMULH          r10,r5,r5
-        $ST             r9,`0*$BNSZ`(r3)        # r[0]=c1;
-                                                #sqr_add_c2(a,1,0,c2,c3,c1);
-        $LD             r6,`1*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6        
-        
-        addc            r10,r7,r10              #add the two register number
-        adde            r11,r8,r0               # (r8,r7) to the three register
-        addze           r9,r0                   # number (r9,r11,r10).NOTE:r0=0
-        
-        addc            r10,r7,r10              #add the two register number
-        adde            r11,r8,r11              # (r8,r7) to the three register
-        addze           r9,r9                   # number (r9,r11,r10).
-        
-        $ST             r10,`1*$BNSZ`(r3)       # r[1]=c2
-                                
-                                                #sqr_add_c(a,1,c3,c1,c2);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r0
-                                                #sqr_add_c2(a,2,0,c3,c1,c2);
-        $LD             r6,`2*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        
-        $ST             r11,`2*$BNSZ`(r3)       #r[2]=c3
-                                                #sqr_add_c2(a,3,0,c1,c2,c3);
-        $LD             r6,`3*$BNSZ`(r4)        #r6 = a[3]. r5 is already a[0].
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r0
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,2,1,c1,c2,c3);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`2*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        
-        $ST             r9,`3*$BNSZ`(r3)        #r[3]=c1;
-                                                #sqr_add_c(a,2,c2,c3,c1);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r0
-                                                #sqr_add_c2(a,3,1,c2,c3,c1);
-        $LD             r6,`3*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-                                                #sqr_add_c2(a,4,0,c2,c3,c1);
-        $LD             r5,`0*$BNSZ`(r4)
-        $LD             r6,`4*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        $ST             r10,`4*$BNSZ`(r3)       #r[4]=c2;
-                                                #sqr_add_c2(a,5,0,c3,c1,c2);
-        $LD             r6,`5*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r0
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-                                                #sqr_add_c2(a,4,1,c3,c1,c2);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`4*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-                                                #sqr_add_c2(a,3,2,c3,c1,c2);
-        $LD             r5,`2*$BNSZ`(r4)
-        $LD             r6,`3*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        $ST             r11,`5*$BNSZ`(r3)       #r[5]=c3;
-                                                #sqr_add_c(a,3,c1,c2,c3);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r0
-                                                #sqr_add_c2(a,4,2,c1,c2,c3);
-        $LD             r6,`4*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,5,1,c1,c2,c3);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`5*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,6,0,c1,c2,c3);
-        $LD             r5,`0*$BNSZ`(r4)
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1;
-                                                #sqr_add_c2(a,7,0,c2,c3,c1);
-        $LD             r6,`7*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r0
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-                                                #sqr_add_c2(a,6,1,c2,c3,c1);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-                                                #sqr_add_c2(a,5,2,c2,c3,c1);
-        $LD             r5,`2*$BNSZ`(r4)
-        $LD             r6,`5*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-                                                #sqr_add_c2(a,4,3,c2,c3,c1);
-        $LD             r5,`3*$BNSZ`(r4)
-        $LD             r6,`4*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2;
-                                                #sqr_add_c(a,4,c3,c1,c2);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r0
-                                                #sqr_add_c2(a,5,3,c3,c1,c2);
-        $LD             r6,`5*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-                                                #sqr_add_c2(a,6,2,c3,c1,c2);
-        $LD             r5,`2*$BNSZ`(r4)
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-                                                #sqr_add_c2(a,7,1,c3,c1,c2);
-        $LD             r5,`1*$BNSZ`(r4)
-        $LD             r6,`7*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        $ST             r11,`8*$BNSZ`(r3)       #r[8]=c3;
-                                                #sqr_add_c2(a,7,2,c1,c2,c3);
-        $LD             r5,`2*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r0
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,6,3,c1,c2,c3);
-        $LD             r5,`3*$BNSZ`(r4)
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-                                                #sqr_add_c2(a,5,4,c1,c2,c3);
-        $LD             r5,`4*$BNSZ`(r4)
-        $LD             r6,`5*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        $ST             r9,`9*$BNSZ`(r3)        #r[9]=c1;
-                                                #sqr_add_c(a,5,c2,c3,c1);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r0
-                                                #sqr_add_c2(a,6,4,c2,c3,c1);
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-                                                #sqr_add_c2(a,7,3,c2,c3,c1);
-        $LD             r5,`3*$BNSZ`(r4)
-        $LD             r6,`7*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        $ST             r10,`10*$BNSZ`(r3)      #r[10]=c2;
-                                                #sqr_add_c2(a,7,4,c3,c1,c2);
-        $LD             r5,`4*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r0
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-                                                #sqr_add_c2(a,6,5,c3,c1,c2);
-        $LD             r5,`5*$BNSZ`(r4)
-        $LD             r6,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        addze           r10,r10
-        $ST             r11,`11*$BNSZ`(r3)      #r[11]=c3;
-                                                #sqr_add_c(a,6,c1,c2,c3);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r0
-                                                #sqr_add_c2(a,7,5,c1,c2,c3)
-        $LD             r6,`7*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        addc            r9,r7,r9
-        adde            r10,r8,r10
-        addze           r11,r11
-        $ST             r9,`12*$BNSZ`(r3)       #r[12]=c1;
-        
-                                                #sqr_add_c2(a,7,6,c2,c3,c1)
-        $LD             r5,`6*$BNSZ`(r4)
-        $UMULL          r7,r5,r6
-        $UMULH          r8,r5,r6
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r0
-        addc            r10,r7,r10
-        adde            r11,r8,r11
-        addze           r9,r9
-        $ST             r10,`13*$BNSZ`(r3)      #r[13]=c2;
-                                                #sqr_add_c(a,7,c3,c1,c2);
-        $UMULL          r7,r6,r6
-        $UMULH          r8,r6,r6
-        addc            r11,r7,r11
-        adde            r9,r8,r9
-        $ST             r11,`14*$BNSZ`(r3)      #r[14]=c3;
-        $ST             r9, `15*$BNSZ`(r3)      #r[15]=c1;
-
-
-        bclr    BO_ALWAYS,CR0_LT
-
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_mul_comba4" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4
-.bn_mul_comba4:
-#
-# This is an optimized version of the bn_mul_comba4 routine.
-#
-# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-# r3 contains r
-# r4 contains a
-# r5 contains b
-# r6, r7 are the 2 BN_ULONGs being multiplied.
-# r8, r9 are the results of the 32x32 giving 64 multiply.
-# r10, r11, r12 are the equivalents of c1, c2, and c3.
-#
-        xor     r0,r0,r0                #r0=0. Used in addze below.
-                                        #mul_add_c(a[0],b[0],c1,c2,c3);
-        $LD     r6,`0*$BNSZ`(r4)                
-        $LD     r7,`0*$BNSZ`(r5)                
-        $UMULL  r10,r6,r7               
-        $UMULH  r11,r6,r7               
-        $ST     r10,`0*$BNSZ`(r3)       #r[0]=c1
-                                        #mul_add_c(a[0],b[1],c2,c3,c1);
-        $LD     r7,`1*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r8,r11
-        adde    r12,r9,r0
-        addze   r10,r0
-                                        #mul_add_c(a[1],b[0],c2,c3,c1);
-        $LD     r6, `1*$BNSZ`(r4)               
-        $LD     r7, `0*$BNSZ`(r5)               
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r8,r11
-        adde    r12,r9,r12
-        addze   r10,r10
-        $ST     r11,`1*$BNSZ`(r3)       #r[1]=c2
-                                        #mul_add_c(a[2],b[0],c3,c1,c2);
-        $LD     r6,`2*$BNSZ`(r4)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r8,r12
-        adde    r10,r9,r10
-        addze   r11,r0
-                                        #mul_add_c(a[1],b[1],c3,c1,c2);
-        $LD     r6,`1*$BNSZ`(r4)                
-        $LD     r7,`1*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r8,r12
-        adde    r10,r9,r10
-        addze   r11,r11
-                                        #mul_add_c(a[0],b[2],c3,c1,c2);
-        $LD     r6,`0*$BNSZ`(r4)                
-        $LD     r7,`2*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r8,r12
-        adde    r10,r9,r10
-        addze   r11,r11
-        $ST     r12,`2*$BNSZ`(r3)       #r[2]=c3
-                                        #mul_add_c(a[0],b[3],c1,c2,c3);
-        $LD     r7,`3*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r8,r10
-        adde    r11,r9,r11
-        addze   r12,r0
-                                        #mul_add_c(a[1],b[2],c1,c2,c3);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r8,r10
-        adde    r11,r9,r11
-        addze   r12,r12
-                                        #mul_add_c(a[2],b[1],c1,c2,c3);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r8,r10
-        adde    r11,r9,r11
-        addze   r12,r12
-                                        #mul_add_c(a[3],b[0],c1,c2,c3);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`0*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r8,r10
-        adde    r11,r9,r11
-        addze   r12,r12
-        $ST     r10,`3*$BNSZ`(r3)       #r[3]=c1
-                                        #mul_add_c(a[3],b[1],c2,c3,c1);
-        $LD     r7,`1*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r8,r11
-        adde    r12,r9,r12
-        addze   r10,r0
-                                        #mul_add_c(a[2],b[2],c2,c3,c1);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r8,r11
-        adde    r12,r9,r12
-        addze   r10,r10
-                                        #mul_add_c(a[1],b[3],c2,c3,c1);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r8,r11
-        adde    r12,r9,r12
-        addze   r10,r10
-        $ST     r11,`4*$BNSZ`(r3)       #r[4]=c2
-                                        #mul_add_c(a[2],b[3],c3,c1,c2);
-        $LD     r6,`2*$BNSZ`(r4)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r8,r12
-        adde    r10,r9,r10
-        addze   r11,r0
-                                        #mul_add_c(a[3],b[2],c3,c1,c2);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r8,r12
-        adde    r10,r9,r10
-        addze   r11,r11
-        $ST     r12,`5*$BNSZ`(r3)       #r[5]=c3
-                                        #mul_add_c(a[3],b[3],c1,c2,c3);
-        $LD     r7,`3*$BNSZ`(r5)                
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r8,r10
-        adde    r11,r9,r11
-
-        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
-        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_mul_comba8" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-        
-.align  4
-.bn_mul_comba8:
-#
-# Optimized version of the bn_mul_comba8 routine.
-#
-# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-# r3 contains r
-# r4 contains a
-# r5 contains b
-# r6, r7 are the 2 BN_ULONGs being multiplied.
-# r8, r9 are the results of the 32x32 giving 64 multiply.
-# r10, r11, r12 are the equivalents of c1, c2, and c3.
-#
-        xor     r0,r0,r0                #r0=0. Used in addze below.
-        
-                                        #mul_add_c(a[0],b[0],c1,c2,c3);
-        $LD     r6,`0*$BNSZ`(r4)        #a[0]
-        $LD     r7,`0*$BNSZ`(r5)        #b[0]
-        $UMULL  r10,r6,r7
-        $UMULH  r11,r6,r7
-        $ST     r10,`0*$BNSZ`(r3)       #r[0]=c1;
-                                        #mul_add_c(a[0],b[1],c2,c3,c1);
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        addze   r12,r9                  # since we didnt set r12 to zero before.
-        addze   r10,r0
-                                        #mul_add_c(a[1],b[0],c2,c3,c1);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`0*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-        $ST     r11,`1*$BNSZ`(r3)       #r[1]=c2;
-                                        #mul_add_c(a[2],b[0],c3,c1,c2);
-        $LD     r6,`2*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r0
-                                        #mul_add_c(a[1],b[1],c3,c1,c2);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[0],b[2],c3,c1,c2);
-        $LD     r6,`0*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-        $ST     r12,`2*$BNSZ`(r3)       #r[2]=c3;
-                                        #mul_add_c(a[0],b[3],c1,c2,c3);
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r0
-                                        #mul_add_c(a[1],b[2],c1,c2,c3);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                
-                                        #mul_add_c(a[2],b[1],c1,c2,c3);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[3],b[0],c1,c2,c3);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`0*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-        $ST     r10,`3*$BNSZ`(r3)       #r[3]=c1;
-                                        #mul_add_c(a[4],b[0],c2,c3,c1);
-        $LD     r6,`4*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r0
-                                        #mul_add_c(a[3],b[1],c2,c3,c1);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[2],b[2],c2,c3,c1);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[1],b[3],c2,c3,c1);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[0],b[4],c2,c3,c1);
-        $LD     r6,`0*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-        $ST     r11,`4*$BNSZ`(r3)       #r[4]=c2;
-                                        #mul_add_c(a[0],b[5],c3,c1,c2);
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r0
-                                        #mul_add_c(a[1],b[4],c3,c1,c2);
-        $LD     r6,`1*$BNSZ`(r4)                
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[2],b[3],c3,c1,c2);
-        $LD     r6,`2*$BNSZ`(r4)                
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[3],b[2],c3,c1,c2);
-        $LD     r6,`3*$BNSZ`(r4)                
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[4],b[1],c3,c1,c2);
-        $LD     r6,`4*$BNSZ`(r4)                
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[5],b[0],c3,c1,c2);
-        $LD     r6,`5*$BNSZ`(r4)                
-        $LD     r7,`0*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-        $ST     r12,`5*$BNSZ`(r3)       #r[5]=c3;
-                                        #mul_add_c(a[6],b[0],c1,c2,c3);
-        $LD     r6,`6*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r0
-                                        #mul_add_c(a[5],b[1],c1,c2,c3);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[4],b[2],c1,c2,c3);
-        $LD     r6,`4*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[3],b[3],c1,c2,c3);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[2],b[4],c1,c2,c3);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[1],b[5],c1,c2,c3);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[0],b[6],c1,c2,c3);
-        $LD     r6,`0*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1;
-                                        #mul_add_c(a[0],b[7],c2,c3,c1);
-        $LD     r7,`7*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r0
-                                        #mul_add_c(a[1],b[6],c2,c3,c1);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[2],b[5],c2,c3,c1);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[3],b[4],c2,c3,c1);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[4],b[3],c2,c3,c1);
-        $LD     r6,`4*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[5],b[2],c2,c3,c1);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[6],b[1],c2,c3,c1);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[7],b[0],c2,c3,c1);
-        $LD     r6,`7*$BNSZ`(r4)
-        $LD     r7,`0*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2;
-                                        #mul_add_c(a[7],b[1],c3,c1,c2);
-        $LD     r7,`1*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r0
-                                        #mul_add_c(a[6],b[2],c3,c1,c2);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[5],b[3],c3,c1,c2);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[4],b[4],c3,c1,c2);
-        $LD     r6,`4*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[3],b[5],c3,c1,c2);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[2],b[6],c3,c1,c2);
-        $LD     r6,`2*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[1],b[7],c3,c1,c2);
-        $LD     r6,`1*$BNSZ`(r4)
-        $LD     r7,`7*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-        $ST     r12,`8*$BNSZ`(r3)       #r[8]=c3;
-                                        #mul_add_c(a[2],b[7],c1,c2,c3);
-        $LD     r6,`2*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r0
-                                        #mul_add_c(a[3],b[6],c1,c2,c3);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[4],b[5],c1,c2,c3);
-        $LD     r6,`4*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[5],b[4],c1,c2,c3);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[6],b[3],c1,c2,c3);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[7],b[2],c1,c2,c3);
-        $LD     r6,`7*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-        $ST     r10,`9*$BNSZ`(r3)       #r[9]=c1;
-                                        #mul_add_c(a[7],b[3],c2,c3,c1);
-        $LD     r7,`3*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r0
-                                        #mul_add_c(a[6],b[4],c2,c3,c1);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[5],b[5],c2,c3,c1);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[4],b[6],c2,c3,c1);
-        $LD     r6,`4*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-                                        #mul_add_c(a[3],b[7],c2,c3,c1);
-        $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`7*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-        $ST     r11,`10*$BNSZ`(r3)      #r[10]=c2;
-                                        #mul_add_c(a[4],b[7],c3,c1,c2);
-        $LD     r6,`4*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r0
-                                        #mul_add_c(a[5],b[6],c3,c1,c2);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[6],b[5],c3,c1,c2);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-                                        #mul_add_c(a[7],b[4],c3,c1,c2);
-        $LD     r6,`7*$BNSZ`(r4)
-        $LD     r7,`4*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        addze   r11,r11
-        $ST     r12,`11*$BNSZ`(r3)      #r[11]=c3;
-                                        #mul_add_c(a[7],b[5],c1,c2,c3);
-        $LD     r7,`5*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r0
-                                        #mul_add_c(a[6],b[6],c1,c2,c3);
-        $LD     r6,`6*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-                                        #mul_add_c(a[5],b[7],c1,c2,c3);
-        $LD     r6,`5*$BNSZ`(r4)
-        $LD     r7,`7*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r10,r10,r8
-        adde    r11,r11,r9
-        addze   r12,r12
-        $ST     r10,`12*$BNSZ`(r3)      #r[12]=c1;
-                                        #mul_add_c(a[6],b[7],c2,c3,c1);
-        $LD     r6,`6*$BNSZ`(r4)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r0
-                                        #mul_add_c(a[7],b[6],c2,c3,c1);
-        $LD     r6,`7*$BNSZ`(r4)
-        $LD     r7,`6*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r11,r11,r8
-        adde    r12,r12,r9
-        addze   r10,r10
-        $ST     r11,`13*$BNSZ`(r3)      #r[13]=c2;
-                                        #mul_add_c(a[7],b[7],c3,c1,c2);
-        $LD     r7,`7*$BNSZ`(r5)
-        $UMULL  r8,r6,r7
-        $UMULH  r9,r6,r7
-        addc    r12,r12,r8
-        adde    r10,r10,r9
-        $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
-        $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_sub_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-#
-.align  4
-.bn_sub_words:
-#
-#       Handcoded version of bn_sub_words
-#
-#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-#
-#       r3 = r
-#       r4 = a
-#       r5 = b
-#       r6 = n
-#
-#       Note:   No loop unrolling done since this is not a performance
-#               critical loop.
-
-        xor     r0,r0,r0        #set r0 = 0
-#
-#       check for r6 = 0 AND set carry bit.
-#
-        subfc.  r7,r0,r6        # If r6 is 0 then result is 0.
-                                # if r6 > 0 then result !=0
-                                # In either case carry bit is set.
-        bc      BO_IF,CR0_EQ,Lppcasm_sub_adios
-        addi    r4,r4,-$BNSZ
-        addi    r3,r3,-$BNSZ
-        addi    r5,r5,-$BNSZ
-        mtctr   r6
-Lppcasm_sub_mainloop:   
-        $LDU    r7,$BNSZ(r4)
-        $LDU    r8,$BNSZ(r5)
-        subfe   r6,r8,r7        # r6 = r7+carry bit + onescomplement(r8)
-                                # if carry = 1 this is r7-r8. Else it
-                                # is r7-r8 -1 as we need.
-        $STU    r6,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
-Lppcasm_sub_adios:      
-        subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
-        andi.   r3,r3,1         # keep only last bit.
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_add_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4
-.bn_add_words:
-#
-#       Handcoded version of bn_add_words
-#
-#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-#
-#       r3 = r
-#       r4 = a
-#       r5 = b
-#       r6 = n
-#
-#       Note:   No loop unrolling done since this is not a performance
-#               critical loop.
-
-        xor     r0,r0,r0
-#
-#       check for r6 = 0. Is this needed?
-#
-        addic.  r6,r6,0         #test r6 and clear carry bit.
-        bc      BO_IF,CR0_EQ,Lppcasm_add_adios
-        addi    r4,r4,-$BNSZ
-        addi    r3,r3,-$BNSZ
-        addi    r5,r5,-$BNSZ
-        mtctr   r6
-Lppcasm_add_mainloop:   
-        $LDU    r7,$BNSZ(r4)
-        $LDU    r8,$BNSZ(r5)
-        adde    r8,r7,r8
-        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
-Lppcasm_add_adios:      
-        addze   r3,r0                   #return carry bit.
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_div_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4
-.bn_div_words:
-#
-#       This is a cleaned up version of code generated by
-#       the AIX compiler. The only optimization is to use
-#       the PPC instruction to count leading zeros instead
-#       of call to num_bits_word. Since this was compiled
-#       only at level -O2 we can possibly squeeze it more?
-#       
-#       r3 = h
-#       r4 = l
-#       r5 = d
-        
-        $UCMPI  0,r5,0                  # compare r5 and 0
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div1   # proceed if d!=0
-        li      r3,-1                   # d=0 return -1
-        bclr    BO_ALWAYS,CR0_LT        
-Lppcasm_div1:
-        xor     r0,r0,r0                #r0=0
-        li      r8,$BITS
-        $CNTLZ. r7,r5                   #r7 = num leading 0s in d.
-        bc      BO_IF,CR0_EQ,Lppcasm_div2       #proceed if no leading zeros
-        subf    r8,r7,r8                #r8 = BN_num_bits_word(d)
-        $SHR.   r9,r3,r8                #are there any bits above r8'th?
-        $TR     16,r9,r0                #if there're, signal to dump core...
-Lppcasm_div2:
-        $UCMP   0,r3,r5                 #h>=d?
-        bc      BO_IF,CR0_LT,Lppcasm_div3       #goto Lppcasm_div3 if not
-        subf    r3,r5,r3                #h-=d ; 
-Lppcasm_div3:                           #r7 = BN_BITS2-i. so r7=i
-        cmpi    0,0,r7,0                # is (i == 0)?
-        bc      BO_IF,CR0_EQ,Lppcasm_div4
-        $SHL    r3,r3,r7                # h = (h<< i)
-        $SHR    r8,r4,r8                # r8 = (l >> BN_BITS2 -i)
-        $SHL    r5,r5,r7                # d<<=i
-        or      r3,r3,r8                # h = (h<<i)|(l>>(BN_BITS2-i))
-        $SHL    r4,r4,r7                # l <<=i
-Lppcasm_div4:
-        $SHRI   r9,r5,`$BITS/2`         # r9 = dh
-                                        # dl will be computed when needed
-                                        # as it saves registers.
-        li      r6,2                    #r6=2
-        mtctr   r6                      #counter will be in count.
-Lppcasm_divouterloop: 
-        $SHRI   r8,r3,`$BITS/2`         #r8 = (h>>BN_BITS4)
-        $SHRI   r11,r4,`$BITS/2`        #r11= (l&BN_MASK2h)>>BN_BITS4
-                                        # compute here for innerloop.
-        $UCMP   0,r8,r9                 # is (h>>BN_BITS4)==dh
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div5   # goto Lppcasm_div5 if not
-
-        li      r8,-1
-        $CLRU   r8,r8,`$BITS/2`         #q = BN_MASK2l 
-        b       Lppcasm_div6
-Lppcasm_div5:
-        $UDIV   r8,r3,r9                #q = h/dh
-Lppcasm_div6:
-        $UMULL  r12,r9,r8               #th = q*dh
-        $CLRU   r10,r5,`$BITS/2`        #r10=dl
-        $UMULL  r6,r8,r10               #tl = q*dl
-        
-Lppcasm_divinnerloop:
-        subf    r10,r12,r3              #t = h -th
-        $SHRI   r7,r10,`$BITS/2`        #r7= (t &BN_MASK2H), sort of...
-        addic.  r7,r7,0                 #test if r7 == 0. used below.
-                                        # now want to compute
-                                        # r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
-                                        # the following 2 instructions do that
-        $SHLI   r7,r10,`$BITS/2`        # r7 = (t<<BN_BITS4)
-        or      r7,r7,r11               # r7|=((l&BN_MASK2h)>>BN_BITS4)
-        $UCMP   1,r6,r7                 # compare (tl <= r7)
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
-        bc      BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
-        addi    r8,r8,-1                #q--
-        subf    r12,r9,r12              #th -=dh
-        $CLRU   r10,r5,`$BITS/2`        #r10=dl. t is no longer needed in loop.
-        subf    r6,r10,r6               #tl -=dl
-        b       Lppcasm_divinnerloop
-Lppcasm_divinnerexit:
-        $SHRI   r10,r6,`$BITS/2`        #t=(tl>>BN_BITS4)
-        $SHLI   r11,r6,`$BITS/2`        #tl=(tl<<BN_BITS4)&BN_MASK2h;
-        $UCMP   1,r4,r11                # compare l and tl
-        add     r12,r12,r10             # th+=t
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
-        addi    r12,r12,1               # th++
-Lppcasm_div7:
-        subf    r11,r11,r4              #r11=l-tl
-        $UCMP   1,r3,r12                #compare h and th
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div8   #if (h>=th) goto Lppcasm_div8
-        addi    r8,r8,-1                # q--
-        add     r3,r5,r3                # h+=d
-Lppcasm_div8:
-        subf    r12,r12,r3              #r12 = h-th
-        $SHLI   r4,r11,`$BITS/2`        #l=(l&BN_MASK2l)<<BN_BITS4
-                                        # want to compute
-                                        # h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
-                                        # the following 2 instructions will do this.
-        $INSR   r11,r12,`$BITS/2`,`$BITS/2`     # r11 is the value we want rotated $BITS/2.
-        $ROTL   r3,r11,`$BITS/2`        # rotate by $BITS/2 and store in r3
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
-        $SHLI   r0,r8,`$BITS/2`         #ret =q<<BN_BITS4
-        b       Lppcasm_divouterloop
-Lppcasm_div9:
-        or      r3,r8,r0
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_sqr_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-.align  4
-.bn_sqr_words:
-#
-#       Optimized version of bn_sqr_words
-#
-#       void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
-#
-#       r3 = r
-#       r4 = a
-#       r5 = n
-#
-#       r6 = a[i].
-#       r7,r8 = product.
-#
-#       No unrolling done here. Not performance critical.
-
-        addic.  r5,r5,0                 #test r5.
-        bc      BO_IF,CR0_EQ,Lppcasm_sqr_adios
-        addi    r4,r4,-$BNSZ
-        addi    r3,r3,-$BNSZ
-        mtctr   r5
-Lppcasm_sqr_mainloop:   
-                                        #sqr(r[0],r[1],a[0]);
-        $LDU    r6,$BNSZ(r4)
-        $UMULL  r7,r6,r6
-        $UMULH  r8,r6,r6
-        $STU    r7,$BNSZ(r3)
-        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
-Lppcasm_sqr_adios:      
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_mul_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4       
-.bn_mul_words:
-#
-# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-#
-# r3 = rp
-# r4 = ap
-# r5 = num
-# r6 = w
-        xor     r0,r0,r0
-        xor     r12,r12,r12             # used for carry
-        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_REM
-        mtctr   r7
-Lppcasm_mw_LOOP:        
-                                        #mul(rp[0],ap[0],w,c1);
-        $LD     r8,`0*$BNSZ`(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        addc    r9,r9,r12
-        #addze  r10,r10                 #carry is NOT ignored.
-                                        #will be taken care of
-                                        #in second spin below
-                                        #using adde.
-        $ST     r9,`0*$BNSZ`(r3)
-                                        #mul(rp[1],ap[1],w,c1);
-        $LD     r8,`1*$BNSZ`(r4)        
-        $UMULL  r11,r6,r8
-        $UMULH  r12,r6,r8
-        adde    r11,r11,r10
-        #addze  r12,r12
-        $ST     r11,`1*$BNSZ`(r3)
-                                        #mul(rp[2],ap[2],w,c1);
-        $LD     r8,`2*$BNSZ`(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        adde    r9,r9,r12
-        #addze  r10,r10
-        $ST     r9,`2*$BNSZ`(r3)
-                                        #mul_add(rp[3],ap[3],w,c1);
-        $LD     r8,`3*$BNSZ`(r4)
-        $UMULL  r11,r6,r8
-        $UMULH  r12,r6,r8
-        adde    r11,r11,r10
-        addze   r12,r12                 #this spin we collect carry into
-                                        #r12
-        $ST     r11,`3*$BNSZ`(r3)
-        
-        addi    r3,r3,`4*$BNSZ`
-        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
-
-Lppcasm_mw_REM:
-        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
-                                        #mul(rp[0],ap[0],w,c1);
-        $LD     r8,`0*$BNSZ`(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        addc    r9,r9,r12
-        addze   r10,r10
-        $ST     r9,`0*$BNSZ`(r3)
-        addi    r12,r10,0
-        
-        addi    r5,r5,-1
-        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
-
-        
-                                        #mul(rp[1],ap[1],w,c1);
-        $LD     r8,`1*$BNSZ`(r4)        
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        addc    r9,r9,r12
-        addze   r10,r10
-        $ST     r9,`1*$BNSZ`(r3)
-        addi    r12,r10,0
-        
-        addi    r5,r5,-1
-        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
-        
-                                        #mul_add(rp[2],ap[2],w,c1);
-        $LD     r8,`2*$BNSZ`(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        addc    r9,r9,r12
-        addze   r10,r10
-        $ST     r9,`2*$BNSZ`(r3)
-        addi    r12,r10,0
-                
-Lppcasm_mw_OVER:        
-        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-
-#
-#       NOTE:   The following label name should be changed to
-#               "bn_mul_add_words" i.e. remove the first dot
-#               for the gcc compiler. This should be automatically
-#               done in the build
-#
-
-.align  4
-.bn_mul_add_words:
-#
-# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-#
-# r3 = rp
-# r4 = ap
-# r5 = num
-# r6 = w
-#
-# empirical evidence suggests that unrolled version performs best!!
-#
-        xor     r0,r0,r0                #r0 = 0
-        xor     r12,r12,r12             #r12 = 0 . used for carry               
-        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_leftover       # if (num < 4) go LPPCASM_maw_leftover
-        mtctr   r7
-Lppcasm_maw_mainloop:   
-                                        #mul_add(rp[0],ap[0],w,c1);
-        $LD     r8,`0*$BNSZ`(r4)
-        $LD     r11,`0*$BNSZ`(r3)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        addc    r9,r9,r12               #r12 is carry.
-        addze   r10,r10
-        addc    r9,r9,r11
-        #addze  r10,r10
-                                        #the above instruction addze
-                                        #is NOT needed. Carry will NOT
-                                        #be ignored. It's not affected
-                                        #by multiply and will be collected
-                                        #in the next spin
-        $ST     r9,`0*$BNSZ`(r3)
-        
-                                        #mul_add(rp[1],ap[1],w,c1);
-        $LD     r8,`1*$BNSZ`(r4)        
-        $LD     r9,`1*$BNSZ`(r3)
-        $UMULL  r11,r6,r8
-        $UMULH  r12,r6,r8
-        adde    r11,r11,r10             #r10 is carry.
-        addze   r12,r12
-        addc    r11,r11,r9
-        #addze  r12,r12
-        $ST     r11,`1*$BNSZ`(r3)
-        
-                                        #mul_add(rp[2],ap[2],w,c1);
-        $LD     r8,`2*$BNSZ`(r4)
-        $UMULL  r9,r6,r8
-        $LD     r11,`2*$BNSZ`(r3)
-        $UMULH  r10,r6,r8
-        adde    r9,r9,r12
-        addze   r10,r10
-        addc    r9,r9,r11
-        #addze  r10,r10
-        $ST     r9,`2*$BNSZ`(r3)
-        
-                                        #mul_add(rp[3],ap[3],w,c1);
-        $LD     r8,`3*$BNSZ`(r4)
-        $UMULL  r11,r6,r8
-        $LD     r9,`3*$BNSZ`(r3)
-        $UMULH  r12,r6,r8
-        adde    r11,r11,r10
-        addze   r12,r12
-        addc    r11,r11,r9
-        addze   r12,r12
-        $ST     r11,`3*$BNSZ`(r3)
-        addi    r3,r3,`4*$BNSZ`
-        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
-        
-Lppcasm_maw_leftover:
-        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_adios
-        addi    r3,r3,-$BNSZ
-        addi    r4,r4,-$BNSZ
-                                        #mul_add(rp[0],ap[0],w,c1);
-        mtctr   r5
-        $LDU    r8,$BNSZ(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        $LDU    r11,$BNSZ(r3)
-        addc    r9,r9,r11
-        addze   r10,r10
-        addc    r9,r9,r12
-        addze   r12,r10
-        $ST     r9,0(r3)
-        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
-                                        #mul_add(rp[1],ap[1],w,c1);
-        $LDU    r8,$BNSZ(r4)    
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        $LDU    r11,$BNSZ(r3)
-        addc    r9,r9,r11
-        addze   r10,r10
-        addc    r9,r9,r12
-        addze   r12,r10
-        $ST     r9,0(r3)
-        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
-                                        #mul_add(rp[2],ap[2],w,c1);
-        $LDU    r8,$BNSZ(r4)
-        $UMULL  r9,r6,r8
-        $UMULH  r10,r6,r8
-        $LDU    r11,$BNSZ(r3)
-        addc    r9,r9,r11
-        addze   r10,r10
-        addc    r9,r9,r12
-        addze   r12,r10
-        $ST     r9,0(r3)
-                
-Lppcasm_maw_adios:      
-        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
-        .long   0x00000000
-        .align  4
-EOF
-        $data =~ s/\`([^\`]*)\`/eval $1/gem;
-
-        # if some assembler chokes on some simplified mnemonic,
-        # this is the spot to fix it up, e.g.:
-        # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
-        $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
-        # assembler X doesn't accept li, load immediate value
-        #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
-        return($data);
-}
diff --git a/src/lib/libcrypto/bn/asm/sparcv8.S b/src/lib/libcrypto/bn/asm/sparcv8.S
deleted file mode 100644
index 88c5dc480a..0000000000
--- a/src/lib/libcrypto/bn/asm/sparcv8.S
+++ /dev/null
@@ -1,1458 +0,0 @@
-.ident  "sparcv8.s, Version 1.4"
-.ident  "SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * See bn_asm.sparc.v8plus.S for more details.
- */
-
-/*
- * Revision history.
- *
- * 1.1  - new loop unrolling model(*);
- * 1.2  - made gas friendly;
- * 1.3  - fixed problem with /usr/ccs/lib/cpp;
- * 1.4  - some retunes;
- *
- * (*)  see bn_asm.sparc.v8plus.S for details
- */
-
-.section        ".text",#alloc,#execinstr
-.file           "bn_asm.sparc.v8.S"
-
-.align  32
-
-.global bn_mul_add_words
-/*
- * BN_ULONG bn_mul_add_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_add_words:
-        cmp     %o2,0
-        bg,a    .L_bn_mul_add_words_proceed
-        ld      [%o1],%g2
-        retl
-        clr     %o0
-
-.L_bn_mul_add_words_proceed:
-        andcc   %o2,-4,%g0
-        bz      .L_bn_mul_add_words_tail
-        clr     %o5
-
-.L_bn_mul_add_words_loop:
-        ld      [%o0],%o4
-        ld      [%o1+4],%g3
-        umul    %o3,%g2,%g2
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g2,%o4
-        st      %o4,[%o0]
-        addx    %g1,0,%o5
-
-        ld      [%o0+4],%o4
-        ld      [%o1+8],%g2
-        umul    %o3,%g3,%g3
-        dec     4,%o2
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g3,%o4
-        st      %o4,[%o0+4]
-        addx    %g1,0,%o5
-
-        ld      [%o0+8],%o4
-        ld      [%o1+12],%g3
-        umul    %o3,%g2,%g2
-        inc     16,%o1
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g2,%o4
-        st      %o4,[%o0+8]
-        addx    %g1,0,%o5
-
-        ld      [%o0+12],%o4
-        umul    %o3,%g3,%g3
-        inc     16,%o0
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g3,%o4
-        st      %o4,[%o0-4]
-        addx    %g1,0,%o5
-        andcc   %o2,-4,%g0
-        bnz,a   .L_bn_mul_add_words_loop
-        ld      [%o1],%g2
-
-        tst     %o2
-        bnz,a   .L_bn_mul_add_words_tail
-        ld      [%o1],%g2
-.L_bn_mul_add_words_return:
-        retl
-        mov     %o5,%o0
-        nop
-
-.L_bn_mul_add_words_tail:
-        ld      [%o0],%o4
-        umul    %o3,%g2,%g2
-        addcc   %o4,%o5,%o4
-        rd      %y,%g1
-        addx    %g1,0,%g1
-        addcc   %o4,%g2,%o4
-        addx    %g1,0,%o5
-        deccc   %o2
-        bz      .L_bn_mul_add_words_return
-        st      %o4,[%o0]
-
-        ld      [%o1+4],%g2
-        ld      [%o0+4],%o4
-        umul    %o3,%g2,%g2
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g2,%o4
-        addx    %g1,0,%o5
-        deccc   %o2
-        bz      .L_bn_mul_add_words_return
-        st      %o4,[%o0+4]
-
-        ld      [%o1+8],%g2
-        ld      [%o0+8],%o4
-        umul    %o3,%g2,%g2
-        rd      %y,%g1
-        addcc   %o4,%o5,%o4
-        addx    %g1,0,%g1
-        addcc   %o4,%g2,%o4
-        st      %o4,[%o0+8]
-        retl
-        addx    %g1,0,%o0
-
-.type   bn_mul_add_words,#function
-.size   bn_mul_add_words,(.-bn_mul_add_words)
-
-.align  32
-
-.global bn_mul_words
-/*
- * BN_ULONG bn_mul_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_words:
-        cmp     %o2,0
-        bg,a    .L_bn_mul_words_proceeed
-        ld      [%o1],%g2
-        retl
-        clr     %o0
-
-.L_bn_mul_words_proceeed:
-        andcc   %o2,-4,%g0
-        bz      .L_bn_mul_words_tail
-        clr     %o5
-
-.L_bn_mul_words_loop:
-        ld      [%o1+4],%g3
-        umul    %o3,%g2,%g2
-        addcc   %g2,%o5,%g2
-        rd      %y,%g1
-        addx    %g1,0,%o5
-        st      %g2,[%o0]
-
-        ld      [%o1+8],%g2
-        umul    %o3,%g3,%g3
-        addcc   %g3,%o5,%g3
-        rd      %y,%g1
-        dec     4,%o2
-        addx    %g1,0,%o5
-        st      %g3,[%o0+4]
-
-        ld      [%o1+12],%g3
-        umul    %o3,%g2,%g2
-        addcc   %g2,%o5,%g2
-        rd      %y,%g1
-        inc     16,%o1
-        st      %g2,[%o0+8]
-        addx    %g1,0,%o5
-
-        umul    %o3,%g3,%g3
-        addcc   %g3,%o5,%g3
-        rd      %y,%g1
-        inc     16,%o0
-        addx    %g1,0,%o5
-        st      %g3,[%o0-4]
-        andcc   %o2,-4,%g0
-        nop
-        bnz,a   .L_bn_mul_words_loop
-        ld      [%o1],%g2
-
-        tst     %o2
-        bnz,a   .L_bn_mul_words_tail
-        ld      [%o1],%g2
-.L_bn_mul_words_return:
-        retl
-        mov     %o5,%o0
-        nop
-
-.L_bn_mul_words_tail:
-        umul    %o3,%g2,%g2
-        addcc   %g2,%o5,%g2
-        rd      %y,%g1
-        addx    %g1,0,%o5
-        deccc   %o2
-        bz      .L_bn_mul_words_return
-        st      %g2,[%o0]
-        nop
-
-        ld      [%o1+4],%g2
-        umul    %o3,%g2,%g2
-        addcc   %g2,%o5,%g2
-        rd      %y,%g1
-        addx    %g1,0,%o5
-        deccc   %o2
-        bz      .L_bn_mul_words_return
-        st      %g2,[%o0+4]
-
-        ld      [%o1+8],%g2
-        umul    %o3,%g2,%g2
-        addcc   %g2,%o5,%g2
-        rd      %y,%g1
-        st      %g2,[%o0+8]
-        retl
-        addx    %g1,0,%o0
-
-.type   bn_mul_words,#function
-.size   bn_mul_words,(.-bn_mul_words)
-
-.align  32
-.global bn_sqr_words
-/*
- * void bn_sqr_words(r,a,n)
- * BN_ULONG *r,*a;
- * int n;
- */
-bn_sqr_words:
-        cmp     %o2,0
-        bg,a    .L_bn_sqr_words_proceeed
-        ld      [%o1],%g2
-        retl
-        clr     %o0
-
-.L_bn_sqr_words_proceeed:
-        andcc   %o2,-4,%g0
-        bz      .L_bn_sqr_words_tail
-        clr     %o5
-
-.L_bn_sqr_words_loop:
-        ld      [%o1+4],%g3
-        umul    %g2,%g2,%o4
-        st      %o4,[%o0]
-        rd      %y,%o5
-        st      %o5,[%o0+4]
-
-        ld      [%o1+8],%g2
-        umul    %g3,%g3,%o4
-        dec     4,%o2
-        st      %o4,[%o0+8]
-        rd      %y,%o5
-        st      %o5,[%o0+12]
-        nop
-
-        ld      [%o1+12],%g3
-        umul    %g2,%g2,%o4
-        st      %o4,[%o0+16]
-        rd      %y,%o5
-        inc     16,%o1
-        st      %o5,[%o0+20]
-
-        umul    %g3,%g3,%o4
-        inc     32,%o0
-        st      %o4,[%o0-8]
-        rd      %y,%o5
-        st      %o5,[%o0-4]
-        andcc   %o2,-4,%g2
-        bnz,a   .L_bn_sqr_words_loop
-        ld      [%o1],%g2
-
-        tst     %o2
-        nop
-        bnz,a   .L_bn_sqr_words_tail
-        ld      [%o1],%g2
-.L_bn_sqr_words_return:
-        retl
-        clr     %o0
-
-.L_bn_sqr_words_tail:
-        umul    %g2,%g2,%o4
-        st      %o4,[%o0]
-        deccc   %o2
-        rd      %y,%o5
-        bz      .L_bn_sqr_words_return
-        st      %o5,[%o0+4]
-
-        ld      [%o1+4],%g2
-        umul    %g2,%g2,%o4
-        st      %o4,[%o0+8]
-        deccc   %o2
-        rd      %y,%o5
-        nop
-        bz      .L_bn_sqr_words_return
-        st      %o5,[%o0+12]
-
-        ld      [%o1+8],%g2
-        umul    %g2,%g2,%o4
-        st      %o4,[%o0+16]
-        rd      %y,%o5
-        st      %o5,[%o0+20]
-        retl
-        clr     %o0
-
-.type   bn_sqr_words,#function
-.size   bn_sqr_words,(.-bn_sqr_words)
-
-.align  32
-
-.global bn_div_words
-/*
- * BN_ULONG bn_div_words(h,l,d)
- * BN_ULONG h,l,d;
- */
-bn_div_words:
-        wr      %o0,%y
-        udiv    %o1,%o2,%o0
-        retl
-        nop
-
-.type   bn_div_words,#function
-.size   bn_div_words,(.-bn_div_words)
-
-.align  32
-
-.global bn_add_words
-/*
- * BN_ULONG bn_add_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_add_words:
-        cmp     %o3,0
-        bg,a    .L_bn_add_words_proceed
-        ld      [%o1],%o4
-        retl
-        clr     %o0
-
-.L_bn_add_words_proceed:
-        andcc   %o3,-4,%g0
-        bz      .L_bn_add_words_tail
-        clr     %g1
-        ba      .L_bn_add_words_warn_loop
-        addcc   %g0,0,%g0       ! clear carry flag
-
-.L_bn_add_words_loop:
-        ld      [%o1],%o4
-.L_bn_add_words_warn_loop:
-        ld      [%o2],%o5
-        ld      [%o1+4],%g3
-        ld      [%o2+4],%g4
-        dec     4,%o3
-        addxcc  %o5,%o4,%o5
-        st      %o5,[%o0]
-
-        ld      [%o1+8],%o4
-        ld      [%o2+8],%o5
-        inc     16,%o1
-        addxcc  %g3,%g4,%g3
-        st      %g3,[%o0+4]
-        
-        ld      [%o1-4],%g3
-        ld      [%o2+12],%g4
-        inc     16,%o2
-        addxcc  %o5,%o4,%o5
-        st      %o5,[%o0+8]
-
-        inc     16,%o0
-        addxcc  %g3,%g4,%g3
-        st      %g3,[%o0-4]
-        addx    %g0,0,%g1
-        andcc   %o3,-4,%g0
-        bnz,a   .L_bn_add_words_loop
-        addcc   %g1,-1,%g0
-
-        tst     %o3
-        bnz,a   .L_bn_add_words_tail
-        ld      [%o1],%o4
-.L_bn_add_words_return:
-        retl
-        mov     %g1,%o0
-
-.L_bn_add_words_tail:
-        addcc   %g1,-1,%g0
-        ld      [%o2],%o5
-        addxcc  %o5,%o4,%o5
-        addx    %g0,0,%g1
-        deccc   %o3
-        bz      .L_bn_add_words_return
-        st      %o5,[%o0]
-
-        ld      [%o1+4],%o4
-        addcc   %g1,-1,%g0
-        ld      [%o2+4],%o5
-        addxcc  %o5,%o4,%o5
-        addx    %g0,0,%g1
-        deccc   %o3
-        bz      .L_bn_add_words_return
-        st      %o5,[%o0+4]
-
-        ld      [%o1+8],%o4
-        addcc   %g1,-1,%g0
-        ld      [%o2+8],%o5
-        addxcc  %o5,%o4,%o5
-        st      %o5,[%o0+8]
-        retl
-        addx    %g0,0,%o0
-
-.type   bn_add_words,#function
-.size   bn_add_words,(.-bn_add_words)
-
-.align  32
-
-.global bn_sub_words
-/*
- * BN_ULONG bn_sub_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_sub_words:
-        cmp     %o3,0
-        bg,a    .L_bn_sub_words_proceed
-        ld      [%o1],%o4
-        retl
-        clr     %o0
-
-.L_bn_sub_words_proceed:
-        andcc   %o3,-4,%g0
-        bz      .L_bn_sub_words_tail
-        clr     %g1
-        ba      .L_bn_sub_words_warm_loop
-        addcc   %g0,0,%g0       ! clear carry flag
-
-.L_bn_sub_words_loop:
-        ld      [%o1],%o4
-.L_bn_sub_words_warm_loop:
-        ld      [%o2],%o5
-        ld      [%o1+4],%g3
-        ld      [%o2+4],%g4
-        dec     4,%o3
-        subxcc  %o4,%o5,%o5
-        st      %o5,[%o0]
-
-        ld      [%o1+8],%o4
-        ld      [%o2+8],%o5
-        inc     16,%o1
-        subxcc  %g3,%g4,%g4
-        st      %g4,[%o0+4]
-        
-        ld      [%o1-4],%g3
-        ld      [%o2+12],%g4
-        inc     16,%o2
-        subxcc  %o4,%o5,%o5
-        st      %o5,[%o0+8]
-
-        inc     16,%o0
-        subxcc  %g3,%g4,%g4
-        st      %g4,[%o0-4]
-        addx    %g0,0,%g1
-        andcc   %o3,-4,%g0
-        bnz,a   .L_bn_sub_words_loop
-        addcc   %g1,-1,%g0
-
-        tst     %o3
-        nop
-        bnz,a   .L_bn_sub_words_tail
-        ld      [%o1],%o4
-.L_bn_sub_words_return:
-        retl
-        mov     %g1,%o0
-
-.L_bn_sub_words_tail:
-        addcc   %g1,-1,%g0
-        ld      [%o2],%o5
-        subxcc  %o4,%o5,%o5
-        addx    %g0,0,%g1
-        deccc   %o3
-        bz      .L_bn_sub_words_return
-        st      %o5,[%o0]
-        nop
-
-        ld      [%o1+4],%o4
-        addcc   %g1,-1,%g0
-        ld      [%o2+4],%o5
-        subxcc  %o4,%o5,%o5
-        addx    %g0,0,%g1
-        deccc   %o3
-        bz      .L_bn_sub_words_return
-        st      %o5,[%o0+4]
-
-        ld      [%o1+8],%o4
-        addcc   %g1,-1,%g0
-        ld      [%o2+8],%o5
-        subxcc  %o4,%o5,%o5
-        st      %o5,[%o0+8]
-        retl
-        addx    %g0,0,%o0
-
-.type   bn_sub_words,#function
-.size   bn_sub_words,(.-bn_sub_words)
-
-#define FRAME_SIZE      -96
-
-/*
- * Here is register usage map for *all* routines below.
- */
-#define t_1     %o0
-#define t_2     %o1
-#define c_1     %o2
-#define c_2     %o3
-#define c_3     %o4
-
-#define ap(I)   [%i1+4*I]
-#define bp(I)   [%i2+4*I]
-#define rp(I)   [%i0+4*I]
-
-#define a_0     %l0
-#define a_1     %l1
-#define a_2     %l2
-#define a_3     %l3
-#define a_4     %l4
-#define a_5     %l5
-#define a_6     %l6
-#define a_7     %l7
-
-#define b_0     %i3
-#define b_1     %i4
-#define b_2     %i5
-#define b_3     %o5
-#define b_4     %g1
-#define b_5     %g2
-#define b_6     %g3
-#define b_7     %g4
-
-.align  32
-.global bn_mul_comba8
-/*
- * void bn_mul_comba8(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba8:
-        save    %sp,FRAME_SIZE,%sp
-        ld      ap(0),a_0
-        ld      bp(0),b_0
-        umul    a_0,b_0,c_1     !=!mul_add_c(a[0],b[0],c1,c2,c3);
-        ld      bp(1),b_1
-        rd      %y,c_2
-        st      c_1,rp(0)       !r[0]=c1;
-
-        umul    a_0,b_1,t_1     !=!mul_add_c(a[0],b[1],c2,c3,c1);
-        ld      ap(1),a_1
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  %g0,t_2,c_3     !=
-        addx    %g0,%g0,c_1
-        ld      ap(2),a_2
-        umul    a_1,b_0,t_1     !mul_add_c(a[1],b[0],c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        st      c_2,rp(1)       !r[1]=c2;
-        addx    c_1,%g0,c_1     !=
-
-        umul    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    %g0,%g0,c_2
-        ld      bp(2),b_2
-        umul    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        ld      bp(3),b_3
-        addx    c_2,%g0,c_2     !=
-        umul    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        st      c_3,rp(2)       !r[2]=c3;
-
-        umul    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3
-        umul    a_1,b_2,t_1     !=!mul_add_c(a[1],b[2],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        ld      ap(3),a_3
-        umul    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2          !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        ld      ap(4),a_4
-        umul    a_3,b_0,t_1     !mul_add_c(a[3],b[0],c1,c2,c3);!=
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(3)       !r[3]=c1;
-
-        umul    a_4,b_0,t_1     !mul_add_c(a[4],b[0],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        umul    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        umul    a_2,b_2,t_1     !=!mul_add_c(a[2],b[2],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        ld      bp(4),b_4
-        umul    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        ld      bp(5),b_5
-        umul    a_0,b_4,t_1     !=!mul_add_c(a[0],b[4],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        st      c_2,rp(4)       !r[4]=c2;
-
-        umul    a_0,b_5,t_1     !mul_add_c(a[0],b[5],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        umul    a_1,b_4,t_1     !mul_add_c(a[1],b[4],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_2,b_3,t_1     !=!mul_add_c(a[2],b[3],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        umul    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        ld      ap(5),a_5
-        umul    a_4,b_1,t_1     !mul_add_c(a[4],b[1],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        ld      ap(6),a_6
-        addx    c_2,%g0,c_2     !=
-        umul    a_5,b_0,t_1     !mul_add_c(a[5],b[0],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        st      c_3,rp(5)       !r[5]=c3;
-
-        umul    a_6,b_0,t_1     !mul_add_c(a[6],b[0],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3
-        umul    a_5,b_1,t_1     !=!mul_add_c(a[5],b[1],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_4,b_2,t_1     !mul_add_c(a[4],b[2],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        umul    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2          !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_2,b_4,t_1     !mul_add_c(a[2],b[4],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        ld      bp(6),b_6
-        addx    c_3,%g0,c_3     !=
-        umul    a_1,b_5,t_1     !mul_add_c(a[1],b[5],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        ld      bp(7),b_7
-        umul    a_0,b_6,t_1     !mul_add_c(a[0],b[6],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        st      c_1,rp(6)       !r[6]=c1;
-        addx    c_3,%g0,c_3     !=
-
-        umul    a_0,b_7,t_1     !mul_add_c(a[0],b[7],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    %g0,%g0,c_1
-        umul    a_1,b_6,t_1     !mul_add_c(a[1],b[6],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        umul    a_2,b_5,t_1     !mul_add_c(a[2],b[5],c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        umul    a_3,b_4,t_1     !=!mul_add_c(a[3],b[4],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        umul    a_4,b_3,t_1     !mul_add_c(a[4],b[3],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_5,b_2,t_1     !mul_add_c(a[5],b[2],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        ld      ap(7),a_7
-        umul    a_6,b_1,t_1     !=!mul_add_c(a[6],b[1],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        umul    a_7,b_0,t_1     !mul_add_c(a[7],b[0],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        st      c_2,rp(7)       !r[7]=c2;
-
-        umul    a_7,b_1,t_1     !mul_add_c(a[7],b[1],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        umul    a_6,b_2,t_1     !=!mul_add_c(a[6],b[2],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        umul    a_5,b_3,t_1     !mul_add_c(a[5],b[3],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        umul    a_4,b_4,t_1     !mul_add_c(a[4],b[4],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_3,b_5,t_1     !mul_add_c(a[3],b[5],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_2,b_6,t_1     !=!mul_add_c(a[2],b[6],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        umul    a_1,b_7,t_1     !mul_add_c(a[1],b[7],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !
-        addx    c_2,%g0,c_2
-        st      c_3,rp(8)       !r[8]=c3;
-
-        umul    a_2,b_7,t_1     !mul_add_c(a[2],b[7],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3
-        umul    a_3,b_6,t_1     !=!mul_add_c(a[3],b[6],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_4,b_5,t_1     !mul_add_c(a[4],b[5],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        umul    a_5,b_4,t_1     !mul_add_c(a[5],b[4],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2          !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_6,b_3,t_1     !mul_add_c(a[6],b[3],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_7,b_2,t_1     !=!mul_add_c(a[7],b[2],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(9)       !r[9]=c1;
-
-        umul    a_7,b_3,t_1     !mul_add_c(a[7],b[3],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        umul    a_6,b_4,t_1     !mul_add_c(a[6],b[4],c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        umul    a_5,b_5,t_1     !=!mul_add_c(a[5],b[5],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        umul    a_4,b_6,t_1     !mul_add_c(a[4],b[6],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_3,b_7,t_1     !mul_add_c(a[3],b[7],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        st      c_2,rp(10)      !r[10]=c2;
-
-        umul    a_4,b_7,t_1     !=!mul_add_c(a[4],b[7],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2     !=
-        umul    a_5,b_6,t_1     !mul_add_c(a[5],b[6],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        umul    a_6,b_5,t_1     !mul_add_c(a[6],b[5],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_7,b_4,t_1     !mul_add_c(a[7],b[4],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(11)      !r[11]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_7,b_5,t_1     !mul_add_c(a[7],b[5],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    %g0,%g0,c_3
-        umul    a_6,b_6,t_1     !mul_add_c(a[6],b[6],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2          !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_5,b_7,t_1     !mul_add_c(a[5],b[7],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        st      c_1,rp(12)      !r[12]=c1;
-        addx    c_3,%g0,c_3     !=
-
-        umul    a_6,b_7,t_1     !mul_add_c(a[6],b[7],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    %g0,%g0,c_1
-        umul    a_7,b_6,t_1     !mul_add_c(a[7],b[6],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        st      c_2,rp(13)      !r[13]=c2;
-
-        umul    a_7,b_7,t_1     !=!mul_add_c(a[7],b[7],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        nop                     !=
-        st      c_3,rp(14)      !r[14]=c3;
-        st      c_1,rp(15)      !r[15]=c1;
-
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_mul_comba8,#function
-.size   bn_mul_comba8,(.-bn_mul_comba8)
-
-.align  32
-
-.global bn_mul_comba4
-/*
- * void bn_mul_comba4(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba4:
-        save    %sp,FRAME_SIZE,%sp
-        ld      ap(0),a_0
-        ld      bp(0),b_0
-        umul    a_0,b_0,c_1     !=!mul_add_c(a[0],b[0],c1,c2,c3);
-        ld      bp(1),b_1
-        rd      %y,c_2
-        st      c_1,rp(0)       !r[0]=c1;
-
-        umul    a_0,b_1,t_1     !=!mul_add_c(a[0],b[1],c2,c3,c1);
-        ld      ap(1),a_1
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  %g0,t_2,c_3
-        addx    %g0,%g0,c_1
-        ld      ap(2),a_2
-        umul    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        st      c_2,rp(1)       !r[1]=c2;
-
-        umul    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        ld      bp(2),b_2
-        umul    a_1,b_1,t_1     !=!mul_add_c(a[1],b[1],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        ld      bp(3),b_3
-        umul    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        st      c_3,rp(2)       !r[2]=c3;
-
-        umul    a_0,b_3,t_1     !=!mul_add_c(a[0],b[3],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3     !=
-        umul    a_1,b_2,t_1     !mul_add_c(a[1],b[2],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        ld      ap(3),a_3
-        umul    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_3,b_0,t_1     !=!mul_add_c(a[3],b[0],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(3)       !r[3]=c1;
-
-        umul    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        umul    a_2,b_2,t_1     !mul_add_c(a[2],b[2],c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        umul    a_1,b_3,t_1     !=!mul_add_c(a[1],b[3],c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        st      c_2,rp(4)       !r[4]=c2;
-
-        umul    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        umul    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(5)       !r[5]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        st      c_1,rp(6)       !r[6]=c1;
-        st      c_2,rp(7)       !r[7]=c2;
-        
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_mul_comba4,#function
-.size   bn_mul_comba4,(.-bn_mul_comba4)
-
-.align  32
-
-.global bn_sqr_comba8
-bn_sqr_comba8:
-        save    %sp,FRAME_SIZE,%sp
-        ld      ap(0),a_0
-        ld      ap(1),a_1
-        umul    a_0,a_0,c_1     !=!sqr_add_c(a,0,c1,c2,c3);
-        rd      %y,c_2
-        st      c_1,rp(0)       !r[0]=c1;
-
-        ld      ap(2),a_2
-        umul    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  %g0,t_2,c_3
-        addx    %g0,%g0,c_1     !=
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3
-        st      c_2,rp(1)       !r[1]=c2;
-        addx    c_1,%g0,c_1     !=
-
-        umul    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    %g0,%g0,c_2
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        ld      ap(3),a_3
-        umul    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        st      c_3,rp(2)       !r[2]=c3;
-
-        umul    a_0,a_3,t_1     !=!sqr_add_c2(a,3,0,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3     !=
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        ld      ap(4),a_4
-        addx    c_3,%g0,c_3     !=
-        umul    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(3)       !r[3]=c1;
-
-        umul    a_4,a_0,t_1     !sqr_add_c2(a,4,0,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        ld      ap(5),a_5
-        umul    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        st      c_2,rp(4)       !r[4]=c2;
-        addx    c_1,%g0,c_1     !=
-
-        umul    a_0,a_5,t_1     !sqr_add_c2(a,5,0,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    %g0,%g0,c_2
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        umul    a_1,a_4,t_1     !sqr_add_c2(a,4,1,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        ld      ap(6),a_6
-        umul    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        st      c_3,rp(5)       !r[5]=c3;
-
-        umul    a_6,a_0,t_1     !sqr_add_c2(a,6,0,c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    %g0,%g0,c_3
-        addcc   c_1,t_1,c_1     !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_5,a_1,t_1     !sqr_add_c2(a,5,1,c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1     !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        umul    a_4,a_2,t_1     !sqr_add_c2(a,4,2,c1,c2,c3);
-        addcc   c_1,t_1,c_1     !=
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1     !=
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3
-        ld      ap(7),a_7
-        umul    a_3,a_3,t_1     !=!sqr_add_c(a,3,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(6)       !r[6]=c1;
-
-        umul    a_0,a_7,t_1     !sqr_add_c2(a,7,0,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_1,a_6,t_1     !sqr_add_c2(a,6,1,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_2,a_5,t_1     !sqr_add_c2(a,5,2,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_3,a_4,t_1     !sqr_add_c2(a,4,3,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        st      c_2,rp(7)       !r[7]=c2;
-
-        umul    a_7,a_1,t_1     !sqr_add_c2(a,7,1,c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        addcc   c_3,t_1,c_3     !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_6,a_2,t_1     !sqr_add_c2(a,6,2,c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        addcc   c_3,t_1,c_3     !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_5,a_3,t_1     !sqr_add_c2(a,5,3,c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        addcc   c_3,t_1,c_3     !=
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_4,a_4,t_1     !sqr_add_c(a,4,c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(8)       !r[8]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_2,a_7,t_1     !sqr_add_c2(a,7,2,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    %g0,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_3,a_6,t_1     !sqr_add_c2(a,6,3,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_4,a_5,t_1     !sqr_add_c2(a,5,4,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(9)       !r[9]=c1;
-
-        umul    a_7,a_3,t_1     !sqr_add_c2(a,7,3,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_6,a_4,t_1     !sqr_add_c2(a,6,4,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_5,a_5,t_1     !sqr_add_c(a,5,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        st      c_2,rp(10)      !r[10]=c2;
-
-        umul    a_4,a_7,t_1     !=!sqr_add_c2(a,7,4,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2     !=
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2
-        umul    a_5,a_6,t_1     !=!sqr_add_c2(a,6,5,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    c_2,%g0,c_2     !=
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(11)      !r[11]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_7,a_5,t_1     !sqr_add_c2(a,7,5,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    %g0,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_6,a_6,t_1     !sqr_add_c(a,6,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        st      c_1,rp(12)      !r[12]=c1;
-
-        umul    a_6,a_7,t_1     !sqr_add_c2(a,7,6,c2,c3,c1);
-        addcc   c_2,t_1,c_2     !=
-        rd      %y,t_2
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        addcc   c_2,t_1,c_2     !=
-        addxcc  c_3,t_2,c_3
-        st      c_2,rp(13)      !r[13]=c2;
-        addx    c_1,%g0,c_1     !=
-
-        umul    a_7,a_7,t_1     !sqr_add_c(a,7,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1     !=
-        st      c_3,rp(14)      !r[14]=c3;
-        st      c_1,rp(15)      !r[15]=c1;
-
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_sqr_comba8,#function
-.size   bn_sqr_comba8,(.-bn_sqr_comba8)
-
-.align  32
-
-.global bn_sqr_comba4
-/*
- * void bn_sqr_comba4(r,a)
- * BN_ULONG *r,*a;
- */
-bn_sqr_comba4:
-        save    %sp,FRAME_SIZE,%sp
-        ld      ap(0),a_0
-        umul    a_0,a_0,c_1     !sqr_add_c(a,0,c1,c2,c3);
-        ld      ap(1),a_1       !=
-        rd      %y,c_2
-        st      c_1,rp(0)       !r[0]=c1;
-
-        ld      ap(2),a_2
-        umul    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2
-        addxcc  %g0,t_2,c_3
-        addx    %g0,%g0,c_1     !=
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1     !=
-        st      c_2,rp(1)       !r[1]=c2;
-
-        umul    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2          !=
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1     !=
-        addx    c_2,%g0,c_2
-        ld      ap(3),a_3
-        umul    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
-        addcc   c_3,t_1,c_3     !=
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(2)       !r[2]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    %g0,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        umul    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        addx    c_3,%g0,c_3
-        addcc   c_1,t_1,c_1
-        addxcc  c_2,t_2,c_2
-        addx    c_3,%g0,c_3     !=
-        st      c_1,rp(3)       !r[3]=c1;
-
-        umul    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    %g0,%g0,c_1
-        addcc   c_2,t_1,c_2
-        addxcc  c_3,t_2,c_3     !=
-        addx    c_1,%g0,c_1
-        umul    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
-        addcc   c_2,t_1,c_2
-        rd      %y,t_2          !=
-        addxcc  c_3,t_2,c_3
-        addx    c_1,%g0,c_1
-        st      c_2,rp(4)       !r[4]=c2;
-
-        umul    a_2,a_3,t_1     !=!sqr_add_c2(a,3,2,c3,c1,c2);
-        addcc   c_3,t_1,c_3
-        rd      %y,t_2
-        addxcc  c_1,t_2,c_1
-        addx    %g0,%g0,c_2     !=
-        addcc   c_3,t_1,c_3
-        addxcc  c_1,t_2,c_1
-        st      c_3,rp(5)       !r[5]=c3;
-        addx    c_2,%g0,c_2     !=
-
-        umul    a_3,a_3,t_1     !sqr_add_c(a,3,c1,c2,c3);
-        addcc   c_1,t_1,c_1
-        rd      %y,t_2
-        addxcc  c_2,t_2,c_2     !=
-        st      c_1,rp(6)       !r[6]=c1;
-        st      c_2,rp(7)       !r[7]=c2;
-        
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_sqr_comba4,#function
-.size   bn_sqr_comba4,(.-bn_sqr_comba4)
-
-.align  32
diff --git a/src/lib/libcrypto/bn/asm/sparcv8plus.S b/src/lib/libcrypto/bn/asm/sparcv8plus.S
deleted file mode 100644
index 8c56e2e7e7..0000000000
--- a/src/lib/libcrypto/bn/asm/sparcv8plus.S
+++ /dev/null
@@ -1,1547 +0,0 @@
-.ident  "sparcv8plus.s, Version 1.4"
-.ident  "SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * Questions-n-answers.
- *
- * Q. How to compile?
- * A. With SC4.x/SC5.x:
- *
- *      cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *
- *    and with gcc:
- *
- *      gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *
- *    or if above fails (it does if you have gas installed):
- *
- *      gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
- *
- *    Quick-n-dirty way to fuse the module into the library.
- *    Provided that the library is already configured and built
- *    (in 0.9.2 case with no-asm option):
- *
- *      # cd crypto/bn
- *      # cp /some/place/bn_asm.sparc.v8plus.S .
- *      # cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *      # make
- *      # cd ../..
- *      # make; make test
- *
- *    Quick-n-dirty way to get rid of it:
- *
- *      # cd crypto/bn
- *      # touch bn_asm.c
- *      # make
- *      # cd ../..
- *      # make; make test
- *
- * Q. V8plus achitecture? What kind of beast is that?
- * A. Well, it's rather a programming model than an architecture...
- *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
- *    special conditions, namely when kernel doesn't preserve upper
- *    32 bits of otherwise 64-bit registers during a context switch.
- *
- * Q. Why just UltraSPARC? What about SuperSPARC?
- * A. Original release did target UltraSPARC only. Now SuperSPARC
- *    version is provided along. Both version share bn_*comba[48]
- *    implementations (see comment later in code for explanation).
- *    But what's so special about this UltraSPARC implementation?
- *    Why didn't I let compiler do the job? Trouble is that most of
- *    available compilers (well, SC5.0 is the only exception) don't
- *    attempt to take advantage of UltraSPARC's 64-bitness under
- *    32-bit kernels even though it's perfectly possible (see next
- *    question).
- *
- * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
- *    doesn't work?
- * A. You can't adress *all* registers as 64-bit wide:-( The catch is
- *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
- *    preserved if you're in a leaf function, i.e. such never calling
- *    any other functions. All functions in this module are leaf and
- *    10 registers is a handful. And as a matter of fact none-"comba"
- *    routines don't require even that much and I could even afford to
- *    not allocate own stack frame for 'em:-)
- *
- * Q. What about 64-bit kernels?
- * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
- *    under evaluation and development...
- *
- * Q. What about shared libraries?
- * A. What about 'em? Kidding again:-) Code does *not* contain any
- *    code position dependencies and it's safe to include it into
- *    shared library as is.
- *
- * Q. How much faster does it go?
- * A. Do you have a good benchmark? In either case below is what I
- *    experience with crypto/bn/expspeed.c test program:
- *
- *      v8plus module on U10/300MHz against bn_asm.c compiled with:
- *
- *      cc-5.0 -xarch=v8plus -xO5 -xdepend      +7-12%
- *      cc-4.2 -xarch=v8plus -xO5 -xdepend      +25-35%
- *      egcs-1.1.2 -mcpu=ultrasparc -O3         +35-45%
- *
- *      v8 module on SS10/60MHz against bn_asm.c compiled with:
- *
- *      cc-5.0 -xarch=v8 -xO5 -xdepend          +7-10%
- *      cc-4.2 -xarch=v8 -xO5 -xdepend          +10%
- *      egcs-1.1.2 -mv8 -O3                     +35-45%
- *
- *    As you can see it's damn hard to beat the new Sun C compiler
- *    and it's in first place GNU C users who will appreciate this
- *    assembler implementation:-)       
- */
-
-/*
- * Revision history.
- *
- * 1.0  - initial release;
- * 1.1  - new loop unrolling model(*);
- *      - some more fine tuning;
- * 1.2  - made gas friendly;
- *      - updates to documentation concerning v9;
- *      - new performance comparison matrix;
- * 1.3  - fixed problem with /usr/ccs/lib/cpp;
- * 1.4  - native V9 bn_*_comba[48] implementation (15% more efficient)
- *        resulting in slight overall performance kick;
- *      - some retunes;
- *      - support for GNU as added;
- *
- * (*)  Originally unrolled loop looked like this:
- *          for (;;) {
- *              op(p+0); if (--n==0) break;
- *              op(p+1); if (--n==0) break;
- *              op(p+2); if (--n==0) break;
- *              op(p+3); if (--n==0) break;
- *              p+=4;
- *          }
- *      I unroll according to following:
- *          while (n&~3) {
- *              op(p+0); op(p+1); op(p+2); op(p+3);
- *              p+=4; n=-4;
- *          }
- *          if (n) {
- *              op(p+0); if (--n==0) return;
- *              op(p+2); if (--n==0) return;
- *              op(p+3); return;
- *          }
- */
-
-/*
- * GNU assembler can't stand stuw:-(
- */
-#define stuw st
-
-.section        ".text",#alloc,#execinstr
-.file           "bn_asm.sparc.v8plus.S"
-
-.align  32
-
-.global bn_mul_add_words
-/*
- * BN_ULONG bn_mul_add_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_add_words:
-        sra     %o2,%g0,%o2     ! signx %o2
-        brgz,a  %o2,.L_bn_mul_add_words_proceed
-        lduw    [%o1],%g2
-        retl
-        clr     %o0
-        nop
-        nop
-        nop
-
-.L_bn_mul_add_words_proceed:
-        srl     %o3,%g0,%o3     ! clruw %o3
-        andcc   %o2,-4,%g0
-        bz,pn   %icc,.L_bn_mul_add_words_tail
-        clr     %o5
-
-.L_bn_mul_add_words_loop:       ! wow! 32 aligned!
-        lduw    [%o0],%g1
-        lduw    [%o1+4],%g3
-        mulx    %o3,%g2,%g2
-        add     %g1,%o5,%o4
-        nop
-        add     %o4,%g2,%o4
-        stuw    %o4,[%o0]
-        srlx    %o4,32,%o5
-
-        lduw    [%o0+4],%g1
-        lduw    [%o1+8],%g2
-        mulx    %o3,%g3,%g3
-        add     %g1,%o5,%o4
-        dec     4,%o2
-        add     %o4,%g3,%o4
-        stuw    %o4,[%o0+4]
-        srlx    %o4,32,%o5
-
-        lduw    [%o0+8],%g1
-        lduw    [%o1+12],%g3
-        mulx    %o3,%g2,%g2
-        add     %g1,%o5,%o4
-        inc     16,%o1
-        add     %o4,%g2,%o4
-        stuw    %o4,[%o0+8]
-        srlx    %o4,32,%o5
-
-        lduw    [%o0+12],%g1
-        mulx    %o3,%g3,%g3
-        add     %g1,%o5,%o4
-        inc     16,%o0
-        add     %o4,%g3,%o4
-        andcc   %o2,-4,%g0
-        stuw    %o4,[%o0-4]
-        srlx    %o4,32,%o5
-        bnz,a,pt        %icc,.L_bn_mul_add_words_loop
-        lduw    [%o1],%g2
-
-        brnz,a,pn       %o2,.L_bn_mul_add_words_tail
-        lduw    [%o1],%g2
-.L_bn_mul_add_words_return:
-        retl
-        mov     %o5,%o0
-
-.L_bn_mul_add_words_tail:
-        lduw    [%o0],%g1
-        mulx    %o3,%g2,%g2
-        add     %g1,%o5,%o4
-        dec     %o2
-        add     %o4,%g2,%o4
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_mul_add_words_return
-        stuw    %o4,[%o0]
-
-        lduw    [%o1+4],%g2
-        lduw    [%o0+4],%g1
-        mulx    %o3,%g2,%g2
-        add     %g1,%o5,%o4
-        dec     %o2
-        add     %o4,%g2,%o4
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_mul_add_words_return
-        stuw    %o4,[%o0+4]
-
-        lduw    [%o1+8],%g2
-        lduw    [%o0+8],%g1
-        mulx    %o3,%g2,%g2
-        add     %g1,%o5,%o4
-        add     %o4,%g2,%o4
-        stuw    %o4,[%o0+8]
-        retl
-        srlx    %o4,32,%o0
-
-.type   bn_mul_add_words,#function
-.size   bn_mul_add_words,(.-bn_mul_add_words)
-
-.align  32
-
-.global bn_mul_words
-/*
- * BN_ULONG bn_mul_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_words:
-        sra     %o2,%g0,%o2     ! signx %o2
-        brgz,a  %o2,.L_bn_mul_words_proceeed
-        lduw    [%o1],%g2
-        retl
-        clr     %o0
-        nop
-        nop
-        nop
-
-.L_bn_mul_words_proceeed:
-        srl     %o3,%g0,%o3     ! clruw %o3
-        andcc   %o2,-4,%g0
-        bz,pn   %icc,.L_bn_mul_words_tail
-        clr     %o5
-
-.L_bn_mul_words_loop:           ! wow! 32 aligned!
-        lduw    [%o1+4],%g3
-        mulx    %o3,%g2,%g2
-        add     %g2,%o5,%o4
-        nop
-        stuw    %o4,[%o0]
-        srlx    %o4,32,%o5
-
-        lduw    [%o1+8],%g2
-        mulx    %o3,%g3,%g3
-        add     %g3,%o5,%o4
-        dec     4,%o2
-        stuw    %o4,[%o0+4]
-        srlx    %o4,32,%o5
-
-        lduw    [%o1+12],%g3
-        mulx    %o3,%g2,%g2
-        add     %g2,%o5,%o4
-        inc     16,%o1
-        stuw    %o4,[%o0+8]
-        srlx    %o4,32,%o5
-
-        mulx    %o3,%g3,%g3
-        add     %g3,%o5,%o4
-        inc     16,%o0
-        stuw    %o4,[%o0-4]
-        srlx    %o4,32,%o5
-        andcc   %o2,-4,%g0
-        bnz,a,pt        %icc,.L_bn_mul_words_loop
-        lduw    [%o1],%g2
-        nop
-        nop
-
-        brnz,a,pn       %o2,.L_bn_mul_words_tail
-        lduw    [%o1],%g2
-.L_bn_mul_words_return:
-        retl
-        mov     %o5,%o0
-
-.L_bn_mul_words_tail:
-        mulx    %o3,%g2,%g2
-        add     %g2,%o5,%o4
-        dec     %o2
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_mul_words_return
-        stuw    %o4,[%o0]
-
-        lduw    [%o1+4],%g2
-        mulx    %o3,%g2,%g2
-        add     %g2,%o5,%o4
-        dec     %o2
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_mul_words_return
-        stuw    %o4,[%o0+4]
-
-        lduw    [%o1+8],%g2
-        mulx    %o3,%g2,%g2
-        add     %g2,%o5,%o4
-        stuw    %o4,[%o0+8]
-        retl
-        srlx    %o4,32,%o0
-
-.type   bn_mul_words,#function
-.size   bn_mul_words,(.-bn_mul_words)
-
-.align  32
-.global bn_sqr_words
-/*
- * void bn_sqr_words(r,a,n)
- * BN_ULONG *r,*a;
- * int n;
- */
-bn_sqr_words:
-        sra     %o2,%g0,%o2     ! signx %o2
-        brgz,a  %o2,.L_bn_sqr_words_proceeed
-        lduw    [%o1],%g2
-        retl
-        clr     %o0
-        nop
-        nop
-        nop
-
-.L_bn_sqr_words_proceeed:
-        andcc   %o2,-4,%g0
-        nop
-        bz,pn   %icc,.L_bn_sqr_words_tail
-        nop
-
-.L_bn_sqr_words_loop:           ! wow! 32 aligned!
-        lduw    [%o1+4],%g3
-        mulx    %g2,%g2,%o4
-        stuw    %o4,[%o0]
-        srlx    %o4,32,%o5
-        stuw    %o5,[%o0+4]
-        nop
-
-        lduw    [%o1+8],%g2
-        mulx    %g3,%g3,%o4
-        dec     4,%o2
-        stuw    %o4,[%o0+8]
-        srlx    %o4,32,%o5
-        stuw    %o5,[%o0+12]
-
-        lduw    [%o1+12],%g3
-        mulx    %g2,%g2,%o4
-        srlx    %o4,32,%o5
-        stuw    %o4,[%o0+16]
-        inc     16,%o1
-        stuw    %o5,[%o0+20]
-
-        mulx    %g3,%g3,%o4
-        inc     32,%o0
-        stuw    %o4,[%o0-8]
-        srlx    %o4,32,%o5
-        andcc   %o2,-4,%g2
-        stuw    %o5,[%o0-4]
-        bnz,a,pt        %icc,.L_bn_sqr_words_loop
-        lduw    [%o1],%g2
-        nop
-
-        brnz,a,pn       %o2,.L_bn_sqr_words_tail
-        lduw    [%o1],%g2
-.L_bn_sqr_words_return:
-        retl
-        clr     %o0
-
-.L_bn_sqr_words_tail:
-        mulx    %g2,%g2,%o4
-        dec     %o2
-        stuw    %o4,[%o0]
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_sqr_words_return
-        stuw    %o5,[%o0+4]
-
-        lduw    [%o1+4],%g2
-        mulx    %g2,%g2,%o4
-        dec     %o2
-        stuw    %o4,[%o0+8]
-        srlx    %o4,32,%o5
-        brz,pt  %o2,.L_bn_sqr_words_return
-        stuw    %o5,[%o0+12]
-
-        lduw    [%o1+8],%g2
-        mulx    %g2,%g2,%o4
-        srlx    %o4,32,%o5
-        stuw    %o4,[%o0+16]
-        stuw    %o5,[%o0+20]
-        retl
-        clr     %o0
-
-.type   bn_sqr_words,#function
-.size   bn_sqr_words,(.-bn_sqr_words)
-
-.align  32
-.global bn_div_words
-/*
- * BN_ULONG bn_div_words(h,l,d)
- * BN_ULONG h,l,d;
- */
-bn_div_words:
-        sllx    %o0,32,%o0
-        or      %o0,%o1,%o0
-        udivx   %o0,%o2,%o0
-        retl
-        srl     %o0,%g0,%o0     ! clruw %o0
-
-.type   bn_div_words,#function
-.size   bn_div_words,(.-bn_div_words)
-
-.align  32
-
-.global bn_add_words
-/*
- * BN_ULONG bn_add_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_add_words:
-        sra     %o3,%g0,%o3     ! signx %o3
-        brgz,a  %o3,.L_bn_add_words_proceed
-        lduw    [%o1],%o4
-        retl
-        clr     %o0
-
-.L_bn_add_words_proceed:
-        andcc   %o3,-4,%g0
-        bz,pn   %icc,.L_bn_add_words_tail
-        addcc   %g0,0,%g0       ! clear carry flag
-
-.L_bn_add_words_loop:           ! wow! 32 aligned!
-        dec     4,%o3
-        lduw    [%o2],%o5
-        lduw    [%o1+4],%g1
-        lduw    [%o2+4],%g2
-        lduw    [%o1+8],%g3
-        lduw    [%o2+8],%g4
-        addccc  %o5,%o4,%o5
-        stuw    %o5,[%o0]
-
-        lduw    [%o1+12],%o4
-        lduw    [%o2+12],%o5
-        inc     16,%o1
-        addccc  %g1,%g2,%g1
-        stuw    %g1,[%o0+4]
-        
-        inc     16,%o2
-        addccc  %g3,%g4,%g3
-        stuw    %g3,[%o0+8]
-
-        inc     16,%o0
-        addccc  %o5,%o4,%o5
-        stuw    %o5,[%o0-4]
-        and     %o3,-4,%g1
-        brnz,a,pt       %g1,.L_bn_add_words_loop
-        lduw    [%o1],%o4
-
-        brnz,a,pn       %o3,.L_bn_add_words_tail
-        lduw    [%o1],%o4
-.L_bn_add_words_return:
-        clr     %o0
-        retl
-        movcs   %icc,1,%o0
-        nop
-
-.L_bn_add_words_tail:
-        lduw    [%o2],%o5
-        dec     %o3
-        addccc  %o5,%o4,%o5
-        brz,pt  %o3,.L_bn_add_words_return
-        stuw    %o5,[%o0]
-
-        lduw    [%o1+4],%o4
-        lduw    [%o2+4],%o5
-        dec     %o3
-        addccc  %o5,%o4,%o5
-        brz,pt  %o3,.L_bn_add_words_return
-        stuw    %o5,[%o0+4]
-
-        lduw    [%o1+8],%o4
-        lduw    [%o2+8],%o5
-        addccc  %o5,%o4,%o5
-        stuw    %o5,[%o0+8]
-        clr     %o0
-        retl
-        movcs   %icc,1,%o0
-
-.type   bn_add_words,#function
-.size   bn_add_words,(.-bn_add_words)
-
-.global bn_sub_words
-/*
- * BN_ULONG bn_sub_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_sub_words:
-        sra     %o3,%g0,%o3     ! signx %o3
-        brgz,a  %o3,.L_bn_sub_words_proceed
-        lduw    [%o1],%o4
-        retl
-        clr     %o0
-
-.L_bn_sub_words_proceed:
-        andcc   %o3,-4,%g0
-        bz,pn   %icc,.L_bn_sub_words_tail
-        addcc   %g0,0,%g0       ! clear carry flag
-
-.L_bn_sub_words_loop:           ! wow! 32 aligned!
-        dec     4,%o3
-        lduw    [%o2],%o5
-        lduw    [%o1+4],%g1
-        lduw    [%o2+4],%g2
-        lduw    [%o1+8],%g3
-        lduw    [%o2+8],%g4
-        subccc  %o4,%o5,%o5
-        stuw    %o5,[%o0]
-
-        lduw    [%o1+12],%o4
-        lduw    [%o2+12],%o5
-        inc     16,%o1
-        subccc  %g1,%g2,%g2
-        stuw    %g2,[%o0+4]
-
-        inc     16,%o2
-        subccc  %g3,%g4,%g4
-        stuw    %g4,[%o0+8]
-
-        inc     16,%o0
-        subccc  %o4,%o5,%o5
-        stuw    %o5,[%o0-4]
-        and     %o3,-4,%g1
-        brnz,a,pt       %g1,.L_bn_sub_words_loop
-        lduw    [%o1],%o4
-
-        brnz,a,pn       %o3,.L_bn_sub_words_tail
-        lduw    [%o1],%o4
-.L_bn_sub_words_return:
-        clr     %o0
-        retl
-        movcs   %icc,1,%o0
-        nop
-
-.L_bn_sub_words_tail:           ! wow! 32 aligned!
-        lduw    [%o2],%o5
-        dec     %o3
-        subccc  %o4,%o5,%o5
-        brz,pt  %o3,.L_bn_sub_words_return
-        stuw    %o5,[%o0]
-
-        lduw    [%o1+4],%o4
-        lduw    [%o2+4],%o5
-        dec     %o3
-        subccc  %o4,%o5,%o5
-        brz,pt  %o3,.L_bn_sub_words_return
-        stuw    %o5,[%o0+4]
-
-        lduw    [%o1+8],%o4
-        lduw    [%o2+8],%o5
-        subccc  %o4,%o5,%o5
-        stuw    %o5,[%o0+8]
-        clr     %o0
-        retl
-        movcs   %icc,1,%o0
-
-.type   bn_sub_words,#function
-.size   bn_sub_words,(.-bn_sub_words)
-
-/*
- * Code below depends on the fact that upper parts of the %l0-%l7
- * and %i0-%i7 are zeroed by kernel after context switch. In
- * previous versions this comment stated that "the trouble is that
- * it's not feasible to implement the mumbo-jumbo in less V9
- * instructions:-(" which apparently isn't true thanks to
- * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
- * results not from the shorter code, but from elimination of
- * multicycle none-pairable 'rd %y,%rd' instructions.
- *
- *                                                      Andy.
- */
-
-#define FRAME_SIZE      -96
-
-/*
- * Here is register usage map for *all* routines below.
- */
-#define t_1     %o0
-#define t_2     %o1
-#define c_12    %o2
-#define c_3     %o3
-
-#define ap(I)   [%i1+4*I]
-#define bp(I)   [%i2+4*I]
-#define rp(I)   [%i0+4*I]
-
-#define a_0     %l0
-#define a_1     %l1
-#define a_2     %l2
-#define a_3     %l3
-#define a_4     %l4
-#define a_5     %l5
-#define a_6     %l6
-#define a_7     %l7
-
-#define b_0     %i3
-#define b_1     %i4
-#define b_2     %i5
-#define b_3     %o4
-#define b_4     %o5
-#define b_5     %o7
-#define b_6     %g1
-#define b_7     %g4
-
-.align  32
-.global bn_mul_comba8
-/*
- * void bn_mul_comba8(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba8:
-        save    %sp,FRAME_SIZE,%sp
-        mov     1,t_2
-        lduw    ap(0),a_0
-        sllx    t_2,32,t_2
-        lduw    bp(0),b_0       !=
-        lduw    bp(1),b_1
-        mulx    a_0,b_0,t_1     !mul_add_c(a[0],b[0],c1,c2,c3);
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(0)       !=!r[0]=c1;
-
-        lduw    ap(1),a_1
-        mulx    a_0,b_1,t_1     !mul_add_c(a[0],b[1],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3             !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(2),a_2
-        mulx    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(1)       !r[1]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
-        addcc   c_12,t_1,c_12   !=
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    bp(2),b_2       !=
-        mulx    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        lduw    bp(3),b_3
-        mulx    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(2)       !r[2]=c3;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_1,b_2,t_1     !=!mul_add_c(a[1],b[2],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        lduw    ap(3),a_3
-        mulx    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
-        addcc   c_12,t_1,c_12   !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(4),a_4
-        mulx    a_3,b_0,t_1     !=!mul_add_c(a[3],b[0],c1,c2,c3);!=
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(3)       !r[3]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_4,b_0,t_1     !mul_add_c(a[4],b[0],c2,c3,c1);
-        addcc   c_12,t_1,c_12   !=
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,b_1,t_1     !=!mul_add_c(a[3],b[1],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_2,b_2,t_1     !=!mul_add_c(a[2],b[2],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    bp(4),b_4       !=
-        mulx    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        lduw    bp(5),b_5
-        mulx    a_0,b_4,t_1     !mul_add_c(a[0],b[4],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(4)       !r[4]=c2;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_0,b_5,t_1     !mul_add_c(a[0],b[5],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_1,b_4,t_1     !mul_add_c(a[1],b[4],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        lduw    ap(5),a_5
-        mulx    a_4,b_1,t_1     !mul_add_c(a[4],b[1],c3,c1,c2);
-        addcc   c_12,t_1,c_12   !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(6),a_6
-        mulx    a_5,b_0,t_1     !=!mul_add_c(a[5],b[0],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(5)       !r[5]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_6,b_0,t_1     !mul_add_c(a[6],b[0],c1,c2,c3);
-        addcc   c_12,t_1,c_12   !=
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_5,b_1,t_1     !=!mul_add_c(a[5],b[1],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_4,b_2,t_1     !=!mul_add_c(a[4],b[2],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,b_3,t_1     !=!mul_add_c(a[3],b[3],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_2,b_4,t_1     !=!mul_add_c(a[2],b[4],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    bp(6),b_6       !=
-        mulx    a_1,b_5,t_1     !mul_add_c(a[1],b[5],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        lduw    bp(7),b_7
-        mulx    a_0,b_6,t_1     !mul_add_c(a[0],b[6],c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(6)       !r[6]=c1;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_0,b_7,t_1     !mul_add_c(a[0],b[7],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_1,b_6,t_1     !mul_add_c(a[1],b[6],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_2,b_5,t_1     !mul_add_c(a[2],b[5],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_3,b_4,t_1     !mul_add_c(a[3],b[4],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_4,b_3,t_1     !mul_add_c(a[4],b[3],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_5,b_2,t_1     !mul_add_c(a[5],b[2],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        lduw    ap(7),a_7
-        mulx    a_6,b_1,t_1     !=!mul_add_c(a[6],b[1],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_7,b_0,t_1     !=!mul_add_c(a[7],b[0],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(7)       !r[7]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_7,b_1,t_1     !=!mul_add_c(a[7],b[1],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_6,b_2,t_1     !mul_add_c(a[6],b[2],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_5,b_3,t_1     !mul_add_c(a[5],b[3],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_4,b_4,t_1     !mul_add_c(a[4],b[4],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_3,b_5,t_1     !mul_add_c(a[3],b[5],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_2,b_6,t_1     !mul_add_c(a[2],b[6],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_1,b_7,t_1     !mul_add_c(a[1],b[7],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(8)       !r[8]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,b_7,t_1     !=!mul_add_c(a[2],b[7],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        mulx    a_3,b_6,t_1     !mul_add_c(a[3],b[6],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_4,b_5,t_1     !mul_add_c(a[4],b[5],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_5,b_4,t_1     !mul_add_c(a[5],b[4],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_6,b_3,t_1     !mul_add_c(a[6],b[3],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_7,b_2,t_1     !mul_add_c(a[7],b[2],c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(9)       !r[9]=c1;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_7,b_3,t_1     !mul_add_c(a[7],b[3],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_6,b_4,t_1     !mul_add_c(a[6],b[4],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_5,b_5,t_1     !mul_add_c(a[5],b[5],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_4,b_6,t_1     !mul_add_c(a[4],b[6],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_3,b_7,t_1     !mul_add_c(a[3],b[7],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(10)      !r[10]=c2;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_4,b_7,t_1     !mul_add_c(a[4],b[7],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_5,b_6,t_1     !mul_add_c(a[5],b[6],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_6,b_5,t_1     !mul_add_c(a[6],b[5],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_7,b_4,t_1     !mul_add_c(a[7],b[4],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(11)      !r[11]=c3;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_7,b_5,t_1     !mul_add_c(a[7],b[5],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_6,b_6,t_1     !mul_add_c(a[6],b[6],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_5,b_7,t_1     !mul_add_c(a[5],b[7],c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(12)      !r[12]=c1;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_6,b_7,t_1     !mul_add_c(a[6],b[7],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_7,b_6,t_1     !mul_add_c(a[7],b[6],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        st      t_1,rp(13)      !r[13]=c2;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_7,b_7,t_1     !mul_add_c(a[7],b[7],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(14)      !r[14]=c3;
-        stuw    c_12,rp(15)     !r[15]=c1;
-
-        ret
-        restore %g0,%g0,%o0     !=
-
-.type   bn_mul_comba8,#function
-.size   bn_mul_comba8,(.-bn_mul_comba8)
-
-.align  32
-
-.global bn_mul_comba4
-/*
- * void bn_mul_comba4(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba4:
-        save    %sp,FRAME_SIZE,%sp
-        lduw    ap(0),a_0
-        mov     1,t_2
-        lduw    bp(0),b_0
-        sllx    t_2,32,t_2      !=
-        lduw    bp(1),b_1
-        mulx    a_0,b_0,t_1     !mul_add_c(a[0],b[0],c1,c2,c3);
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(0)       !=!r[0]=c1;
-
-        lduw    ap(1),a_1
-        mulx    a_0,b_1,t_1     !mul_add_c(a[0],b[1],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3             !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(2),a_2
-        mulx    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(1)       !r[1]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
-        addcc   c_12,t_1,c_12   !=
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    bp(2),b_2       !=
-        mulx    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3     !=
-        lduw    bp(3),b_3
-        mulx    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(2)       !r[2]=c3;
-        or      c_12,c_3,c_12   !=
-
-        mulx    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        mulx    a_1,b_2,t_1     !mul_add_c(a[1],b[2],c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8        !=
-        add     c_3,t_2,c_3
-        lduw    ap(3),a_3
-        mulx    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
-        addcc   c_12,t_1,c_12   !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,b_0,t_1     !mul_add_c(a[3],b[0],c1,c2,c3);!=
-        addcc   c_12,t_1,t_1    !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(3)       !=!r[3]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3             !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_2,b_2,t_1     !mul_add_c(a[2],b[2],c2,c3,c1);
-        addcc   c_12,t_1,c_12   !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
-        addcc   c_12,t_1,t_1    !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(4)       !=!r[4]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3             !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
-        addcc   c_12,t_1,t_1    !=
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(5)       !=!r[5]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        srlx    t_1,32,c_12     !=
-        stuw    t_1,rp(6)       !r[6]=c1;
-        stuw    c_12,rp(7)      !r[7]=c2;
-        
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_mul_comba4,#function
-.size   bn_mul_comba4,(.-bn_mul_comba4)
-
-.align  32
-
-.global bn_sqr_comba8
-bn_sqr_comba8:
-        save    %sp,FRAME_SIZE,%sp
-        mov     1,t_2
-        lduw    ap(0),a_0
-        sllx    t_2,32,t_2
-        lduw    ap(1),a_1
-        mulx    a_0,a_0,t_1     !sqr_add_c(a,0,c1,c2,c3);
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(0)       !r[0]=c1;
-
-        lduw    ap(2),a_2
-        mulx    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(1)       !r[1]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(3),a_3
-        mulx    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(2)       !r[2]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(4),a_4
-        mulx    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        st      t_1,rp(3)       !r[3]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_4,a_0,t_1     !sqr_add_c2(a,4,0,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(5),a_5
-        mulx    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(4)       !r[4]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_0,a_5,t_1     !sqr_add_c2(a,5,0,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_1,a_4,t_1     !sqr_add_c2(a,4,1,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(6),a_6
-        mulx    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(5)       !r[5]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_6,a_0,t_1     !sqr_add_c2(a,6,0,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_5,a_1,t_1     !sqr_add_c2(a,5,1,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_4,a_2,t_1     !sqr_add_c2(a,4,2,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(7),a_7
-        mulx    a_3,a_3,t_1     !=!sqr_add_c(a,3,c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(6)       !r[6]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_0,a_7,t_1     !sqr_add_c2(a,7,0,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_1,a_6,t_1     !sqr_add_c2(a,6,1,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_2,a_5,t_1     !sqr_add_c2(a,5,2,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,a_4,t_1     !sqr_add_c2(a,4,3,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(7)       !r[7]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_7,a_1,t_1     !sqr_add_c2(a,7,1,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_6,a_2,t_1     !sqr_add_c2(a,6,2,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_5,a_3,t_1     !sqr_add_c2(a,5,3,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_4,a_4,t_1     !sqr_add_c(a,4,c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(8)       !r[8]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,a_7,t_1     !sqr_add_c2(a,7,2,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_3,a_6,t_1     !sqr_add_c2(a,6,3,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_4,a_5,t_1     !sqr_add_c2(a,5,4,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(9)       !r[9]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_7,a_3,t_1     !sqr_add_c2(a,7,3,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_6,a_4,t_1     !sqr_add_c2(a,6,4,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_5,a_5,t_1     !sqr_add_c(a,5,c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(10)      !r[10]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_4,a_7,t_1     !sqr_add_c2(a,7,4,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_5,a_6,t_1     !sqr_add_c2(a,6,5,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(11)      !r[11]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_7,a_5,t_1     !sqr_add_c2(a,7,5,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_6,a_6,t_1     !sqr_add_c(a,6,c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(12)      !r[12]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_6,a_7,t_1     !sqr_add_c2(a,7,6,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(13)      !r[13]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_7,a_7,t_1     !sqr_add_c(a,7,c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(14)      !r[14]=c3;
-        stuw    c_12,rp(15)     !r[15]=c1;
-
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_sqr_comba8,#function
-.size   bn_sqr_comba8,(.-bn_sqr_comba8)
-
-.align  32
-
-.global bn_sqr_comba4
-/*
- * void bn_sqr_comba4(r,a)
- * BN_ULONG *r,*a;
- */
-bn_sqr_comba4:
-        save    %sp,FRAME_SIZE,%sp
-        mov     1,t_2
-        lduw    ap(0),a_0
-        sllx    t_2,32,t_2
-        lduw    ap(1),a_1
-        mulx    a_0,a_0,t_1     !sqr_add_c(a,0,c1,c2,c3);
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(0)       !r[0]=c1;
-
-        lduw    ap(2),a_2
-        mulx    a_0,a_1,t_1     !sqr_add_c2(a,1,0,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(1)       !r[1]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        lduw    ap(3),a_3
-        mulx    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(2)       !r[2]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(3)       !r[3]=c1;
-        or      c_12,c_3,c_12
-
-        mulx    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,c_12
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        mulx    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(4)       !r[4]=c2;
-        or      c_12,c_3,c_12
-
-        mulx    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
-        addcc   c_12,t_1,c_12
-        clr     c_3
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        addcc   c_12,t_1,t_1
-        bcs,a   %xcc,.+8
-        add     c_3,t_2,c_3
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(5)       !r[5]=c3;
-        or      c_12,c_3,c_12
-
-        mulx    a_3,a_3,t_1     !sqr_add_c(a,3,c1,c2,c3);
-        addcc   c_12,t_1,t_1
-        srlx    t_1,32,c_12
-        stuw    t_1,rp(6)       !r[6]=c1;
-        stuw    c_12,rp(7)      !r[7]=c2;
-        
-        ret
-        restore %g0,%g0,%o0
-
-.type   bn_sqr_comba4,#function
-.size   bn_sqr_comba4,(.-bn_sqr_comba4)
-
-.align  32
diff --git a/src/lib/libcrypto/bn/asm/x86.pl b/src/lib/libcrypto/bn/asm/x86.pl
deleted file mode 100644
index 1bc4f1bb27..0000000000
--- a/src/lib/libcrypto/bn/asm/x86.pl
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-require("x86/mul_add.pl");
-require("x86/mul.pl");
-require("x86/sqr.pl");
-require("x86/div.pl");
-require("x86/add.pl");
-require("x86/sub.pl");
-require("x86/comba.pl");
-
-&asm_init($ARGV[0],$0);
-
-&bn_mul_add_words("bn_mul_add_words");
-&bn_mul_words("bn_mul_words");
-&bn_sqr_words("bn_sqr_words");
-&bn_div_words("bn_div_words");
-&bn_add_words("bn_add_words");
-&bn_sub_words("bn_sub_words");
-&bn_mul_comba("bn_mul_comba8",8);
-&bn_mul_comba("bn_mul_comba4",4);
-&bn_sqr_comba("bn_sqr_comba8",8);
-&bn_sqr_comba("bn_sqr_comba4",4);
-
-&asm_finish();
-
diff --git a/src/lib/libcrypto/bn/asm/x86/add.pl b/src/lib/libcrypto/bn/asm/x86/add.pl
deleted file mode 100644
index 0b5cf583e3..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/add.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_add_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $a="esi";
-        $b="edi";
-        $c="eax";
-        $r="ebx";
-        $tmp1="ecx";
-        $tmp2="edx";
-        $num="ebp";
-
-        &mov($r,&wparam(0));    # get r
-         &mov($a,&wparam(1));   # get a
-        &mov($b,&wparam(2));    # get b
-         &mov($num,&wparam(3)); # get num
-        &xor($c,$c);            # clear carry
-         &and($num,0xfffffff8); # num / 8
-
-        &jz(&label("aw_finish"));
-
-        &set_label("aw_loop",0);
-        for ($i=0; $i<8; $i++)
-                {
-                &comment("Round $i");
-
-                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
-                &add($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &add($tmp1,$tmp2);
-                &adc($c,0);
-                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
-                }
-
-        &comment("");
-        &add($a,32);
-         &add($b,32);
-        &add($r,32);
-         &sub($num,8);
-        &jnz(&label("aw_loop"));
-
-        &set_label("aw_finish",0);
-        &mov($num,&wparam(3));  # get num
-        &and($num,7);
-         &jz(&label("aw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-                &add($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &add($tmp1,$tmp2);
-                &adc($c,0);
-                 &dec($num) if ($i != 6);
-                &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
-                 &jz(&label("aw_end")) if ($i != 6);
-                }
-        &set_label("aw_end",0);
-
-#       &mov("eax",$c);         # $c is "eax"
-
-        &function_end($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/comba.pl b/src/lib/libcrypto/bn/asm/x86/comba.pl
deleted file mode 100644
index 2291253629..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/comba.pl
+++ /dev/null
@@ -1,277 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub mul_add_c
-        {
-        local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("mul a[$ai]*b[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$b,"",0));
-
-        &mul("edx");
-        &add($c0,"eax");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # laod next a
-         &mov("eax",&wparam(0)) if $pos > 0;                    # load r[]
-         ###
-        &adc($c1,"edx");
-         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;        # laod next b
-         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;        # laod next b
-         ###
-        &adc($c2,0);
-         # is pos > 1, it means it is the last loop 
-         &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;           # save r[];
-        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # laod next a
-        }
-
-sub sqr_add_c
-        {
-        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("sqr a[$ai]*a[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$b,"",0));
-
-        if ($ai == $bi)
-                { &mul("eax");}
-        else
-                { &mul("edx");}
-        &add($c0,"eax");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
-         ###
-        &adc($c1,"edx");
-         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
-         ###
-        &adc($c2,0);
-         # is pos > 1, it means it is the last loop 
-         &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;              # save r[];
-        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # load next b
-        }
-
-sub sqr_add_c2
-        {
-        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
-        # words, and 1 if load return value
-
-        &comment("sqr a[$ai]*a[$bi]");
-
-        # "eax" and "edx" will always be pre-loaded.
-        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
-        # &mov("edx",&DWP($bi*4,$a,"",0));
-
-        if ($ai == $bi)
-                { &mul("eax");}
-        else
-                { &mul("edx");}
-        &add("eax","eax");
-         ###
-        &adc("edx","edx");
-         ###
-        &adc($c2,0);
-         &add($c0,"eax");
-        &adc($c1,"edx");
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
-         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;        # load next b
-        &adc($c2,0);
-        &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;               # save r[];
-         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
-         ###
-        }
-
-sub bn_mul_comba
-        {
-        local($name,$num)=@_;
-        local($a,$b,$c0,$c1,$c2);
-        local($i,$as,$ae,$bs,$be,$ai,$bi);
-        local($tot,$end);
-
-        &function_begin_B($name,"");
-
-        $c0="ebx";
-        $c1="ecx";
-        $c2="ebp";
-        $a="esi";
-        $b="edi";
-        
-        $as=0;
-        $ae=0;
-        $bs=0;
-        $be=0;
-        $tot=$num+$num-1;
-
-        &push("esi");
-         &mov($a,&wparam(1));
-        &push("edi");
-         &mov($b,&wparam(2));
-        &push("ebp");
-         &push("ebx");
-
-        &xor($c0,$c0);
-         &mov("eax",&DWP(0,$a,"",0));   # load the first word 
-        &xor($c1,$c1);
-         &mov("edx",&DWP(0,$b,"",0));   # load the first second 
-
-        for ($i=0; $i<$tot; $i++)
-                {
-                $ai=$as;
-                $bi=$bs;
-                $end=$be+1;
-
-                &comment("################## Calculate word $i"); 
-
-                for ($j=$bs; $j<$end; $j++)
-                        {
-                        &xor($c2,$c2) if ($j == $bs);
-                        if (($j+1) == $end)
-                                {
-                                $v=1;
-                                $v=2 if (($i+1) == $tot);
-                                }
-                        else
-                                { $v=0; }
-                        if (($j+1) != $end)
-                                {
-                                $na=($ai-1);
-                                $nb=($bi+1);
-                                }
-                        else
-                                {
-                                $na=$as+($i < ($num-1));
-                                $nb=$bs+($i >= ($num-1));
-                                }
-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
-                        &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
-                        if ($v)
-                                {
-                                &comment("saved r[$i]");
-                                # &mov("eax",&wparam(0));
-                                # &mov(&DWP($i*4,"eax","",0),$c0);
-                                ($c0,$c1,$c2)=($c1,$c2,$c0);
-                                }
-                        $ai--;
-                        $bi++;
-                        }
-                $as++ if ($i < ($num-1));
-                $ae++ if ($i >= ($num-1));
-
-                $bs++ if ($i >= ($num-1));
-                $be++ if ($i < ($num-1));
-                }
-        &comment("save r[$i]");
-        # &mov("eax",&wparam(0));
-        &mov(&DWP($i*4,"eax","",0),$c0);
-
-        &pop("ebx");
-        &pop("ebp");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-        &function_end_B($name);
-        }
-
-sub bn_sqr_comba
-        {
-        local($name,$num)=@_;
-        local($r,$a,$c0,$c1,$c2)=@_;
-        local($i,$as,$ae,$bs,$be,$ai,$bi);
-        local($b,$tot,$end,$half);
-
-        &function_begin_B($name,"");
-
-        $c0="ebx";
-        $c1="ecx";
-        $c2="ebp";
-        $a="esi";
-        $r="edi";
-
-        &push("esi");
-         &push("edi");
-        &push("ebp");
-         &push("ebx");
-        &mov($r,&wparam(0));
-         &mov($a,&wparam(1));
-        &xor($c0,$c0);
-         &xor($c1,$c1);
-        &mov("eax",&DWP(0,$a,"",0)); # load the first word
-
-        $as=0;
-        $ae=0;
-        $bs=0;
-        $be=0;
-        $tot=$num+$num-1;
-
-        for ($i=0; $i<$tot; $i++)
-                {
-                $ai=$as;
-                $bi=$bs;
-                $end=$be+1;
-
-                &comment("############### Calculate word $i");
-                for ($j=$bs; $j<$end; $j++)
-                        {
-                        &xor($c2,$c2) if ($j == $bs);
-                        if (($ai-1) < ($bi+1))
-                                {
-                                $v=1;
-                                $v=2 if ($i+1) == $tot;
-                                }
-                        else
-                                { $v=0; }
-                        if (!$v)
-                                {
-                                $na=$ai-1;
-                                $nb=$bi+1;
-                                }
-                        else
-                                {
-                                $na=$as+($i < ($num-1));
-                                $nb=$bs+($i >= ($num-1));
-                                }
-                        if ($ai == $bi)
-                                {
-                                &sqr_add_c($r,$a,$ai,$bi,
-                                        $c0,$c1,$c2,$v,$i,$na,$nb);
-                                }
-                        else
-                                {
-                                &sqr_add_c2($r,$a,$ai,$bi,
-                                        $c0,$c1,$c2,$v,$i,$na,$nb);
-                                }
-                        if ($v)
-                                {
-                                &comment("saved r[$i]");
-                                #&mov(&DWP($i*4,$r,"",0),$c0);
-                                ($c0,$c1,$c2)=($c1,$c2,$c0);
-                                last;
-                                }
-                        $ai--;
-                        $bi++;
-                        }
-                $as++ if ($i < ($num-1));
-                $ae++ if ($i >= ($num-1));
-
-                $bs++ if ($i >= ($num-1));
-                $be++ if ($i < ($num-1));
-                }
-        &mov(&DWP($i*4,$r,"",0),$c0);
-        &pop("ebx");
-        &pop("ebp");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-        &function_end_B($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/div.pl b/src/lib/libcrypto/bn/asm/x86/div.pl
deleted file mode 100644
index 0e90152caa..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/div.pl
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_div_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-        &mov("edx",&wparam(0)); #
-        &mov("eax",&wparam(1)); #
-        &mov("ebx",&wparam(2)); #
-        &div("ebx");
-        &function_end($name);
-        }
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/mul.pl b/src/lib/libcrypto/bn/asm/x86/mul.pl
deleted file mode 100644
index 674cb9b055..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/mul.pl
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_mul_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $Low="eax";
-        $High="edx";
-        $a="ebx";
-        $w="ecx";
-        $r="edi";
-        $c="esi";
-        $num="ebp";
-
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-        &mov($a,&wparam(1));    #
-        &mov($num,&wparam(2));  #
-        &mov($w,&wparam(3));    #
-
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("mw_finish"));
-
-        &set_label("mw_loop",0);
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 # XXX
-
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
-
-                &mov($c,"edx");                 # c=  H(t);
-                }
-
-        &comment("");
-        &add($a,32);
-        &add($r,32);
-        &sub($num,8);
-        &jz(&label("mw_finish"));
-        &jmp(&label("mw_loop"));
-
-        &set_label("mw_finish",0);
-        &mov($num,&wparam(2));  # get num
-        &and($num,7);
-        &jnz(&label("mw_finish2"));
-        &jmp(&label("mw_end"));
-
-        &set_label("mw_finish2",1);
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 # XXX
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
-                &mov($c,"edx");                 # c=  H(t);
-                 &dec($num) if ($i != 7-1);
-                &jz(&label("mw_end")) if ($i != 7-1);
-                }
-        &set_label("mw_end",0);
-        &mov("eax",$c);
-
-        &function_end($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/mul_add.pl b/src/lib/libcrypto/bn/asm/x86/mul_add.pl
deleted file mode 100644
index 61830d3a90..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/mul_add.pl
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_mul_add_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $Low="eax";
-        $High="edx";
-        $a="ebx";
-        $w="ebp";
-        $r="edi";
-        $c="esi";
-
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-
-        &mov("ecx",&wparam(2)); #
-        &mov($a,&wparam(1));    #
-
-        &and("ecx",0xfffffff8); # num / 8
-        &mov($w,&wparam(3));    #
-
-        &push("ecx");           # Up the stack for a tmp variable
-
-        &jz(&label("maw_finish"));
-
-        &set_label("maw_loop",0);
-
-        &mov(&swtmp(0),"ecx");  #
-
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);         # L(t)+= *r
-                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
-                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);                # L(t)+=c
-                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
-                &mov($c,"edx");                 # c=  H(t);
-                }
-
-        &comment("");
-        &mov("ecx",&swtmp(0));  #
-        &add($a,32);
-        &add($r,32);
-        &sub("ecx",8);
-        &jnz(&label("maw_loop"));
-
-        &set_label("maw_finish",0);
-        &mov("ecx",&wparam(2)); # get num
-        &and("ecx",7);
-        &jnz(&label("maw_finish2"));    # helps branch prediction
-        &jmp(&label("maw_end"));
-
-        &set_label("maw_finish2",1);
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
-                &mul($w);                       # *a * w
-                &add("eax",$c);                 # L(t)+=c
-                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
-                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);
-                &adc("edx",0);                  # H(t)+=carry
-                 &dec("ecx") if ($i != 7-1);
-                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
-                 &mov($c,"edx");                        # c=  H(t);
-                &jz(&label("maw_end")) if ($i != 7-1);
-                }
-        &set_label("maw_end",0);
-        &mov("eax",$c);
-
-        &pop("ecx");    # clear variable from
-
-        &function_end($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/sqr.pl b/src/lib/libcrypto/bn/asm/x86/sqr.pl
deleted file mode 100644
index 1f90993cf6..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/sqr.pl
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_sqr_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $r="esi";
-        $a="edi";
-        $num="ebx";
-
-        &mov($r,&wparam(0));    #
-        &mov($a,&wparam(1));    #
-        &mov($num,&wparam(2));  #
-
-        &and($num,0xfffffff8);  # num / 8
-        &jz(&label("sw_finish"));
-
-        &set_label("sw_loop",0);
-        for ($i=0; $i<32; $i+=4)
-                {
-                &comment("Round $i");
-                &mov("eax",&DWP($i,$a,"",0));   # *a
-                 # XXX
-                &mul("eax");                    # *a * *a
-                &mov(&DWP($i*2,$r,"",0),"eax"); #
-                 &mov(&DWP($i*2+4,$r,"",0),"edx");#
-                }
-
-        &comment("");
-        &add($a,32);
-        &add($r,64);
-        &sub($num,8);
-        &jnz(&label("sw_loop"));
-
-        &set_label("sw_finish",0);
-        &mov($num,&wparam(2));  # get num
-        &and($num,7);
-        &jz(&label("sw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov("eax",&DWP($i*4,$a,"",0)); # *a
-                 # XXX
-                &mul("eax");                    # *a * *a
-                &mov(&DWP($i*8,$r,"",0),"eax"); #
-                 &dec($num) if ($i != 7-1);
-                &mov(&DWP($i*8+4,$r,"",0),"edx");
-                 &jz(&label("sw_end")) if ($i != 7-1);
-                }
-        &set_label("sw_end",0);
-
-        &function_end($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86/sub.pl b/src/lib/libcrypto/bn/asm/x86/sub.pl
deleted file mode 100644
index 837b0e1b07..0000000000
--- a/src/lib/libcrypto/bn/asm/x86/sub.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_sub_words
-        {
-        local($name)=@_;
-
-        &function_begin($name,"");
-
-        &comment("");
-        $a="esi";
-        $b="edi";
-        $c="eax";
-        $r="ebx";
-        $tmp1="ecx";
-        $tmp2="edx";
-        $num="ebp";
-
-        &mov($r,&wparam(0));    # get r
-         &mov($a,&wparam(1));   # get a
-        &mov($b,&wparam(2));    # get b
-         &mov($num,&wparam(3)); # get num
-        &xor($c,$c);            # clear carry
-         &and($num,0xfffffff8); # num / 8
-
-        &jz(&label("aw_finish"));
-
-        &set_label("aw_loop",0);
-        for ($i=0; $i<8; $i++)
-                {
-                &comment("Round $i");
-
-                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
-                }
-
-        &comment("");
-        &add($a,32);
-         &add($b,32);
-        &add($r,32);
-         &sub($num,8);
-        &jnz(&label("aw_loop"));
-
-        &set_label("aw_finish",0);
-        &mov($num,&wparam(3));  # get num
-        &and($num,7);
-         &jz(&label("aw_end"));
-
-        for ($i=0; $i<7; $i++)
-                {
-                &comment("Tail Round $i");
-                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
-                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-                &sub($tmp1,$c);
-                 &mov($c,0);
-                &adc($c,$c);
-                 &sub($tmp1,$tmp2);
-                &adc($c,0);
-                 &dec($num) if ($i != 6);
-                &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
-                 &jz(&label("aw_end")) if ($i != 6);
-                }
-        &set_label("aw_end",0);
-
-#       &mov("eax",$c);         # $c is "eax"
-
-        &function_end($name);
-        }
-
-1;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
deleted file mode 100644
index 7378344251..0000000000
--- a/src/lib/libcrypto/bn/asm/x86_64-gcc.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/*
- * x86_64 BIGNUM accelerator version 0.1, December 2002.
- *
- * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- *
- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
- *    versions, like 1.0...
- * A. Well, that's because this code is basically a quick-n-dirty
- *    proof-of-concept hack. As you can see it's implemented with
- *    inline assembler, which means that you're bound to GCC and that
- *    there might be enough room for further improvement.
- *
- * Q. Why inline assembler?
- * A. x86_64 features own ABI which I'm not familiar with. This is
- *    why I decided to let the compiler take care of subroutine
- *    prologue/epilogue as well as register allocation. For reference.
- *    Win64 implements different ABI for AMD64, different from Linux.
- *
- * Q. How much faster does it get?
- * A. 'apps/openssl speed rsa dsa' output with no-asm:
- *
- *                        sign    verify    sign/s verify/s
- *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
- *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
- *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
- *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
- *                        sign    verify    sign/s verify/s
- *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
- *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
- *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
- *
- *    'apps/openssl speed rsa dsa' output with this module:
- *
- *                        sign    verify    sign/s verify/s
- *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
- *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
- *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
- *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
- *                        sign    verify    sign/s verify/s
- *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
- *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
- *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
- *
- *    For the reference. IA-32 assembler implementation performs
- *    very much like 64-bit code compiled with no-asm on the same
- *    machine.
- */
-
-#define BN_ULONG unsigned long
-
-/*
- * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
- * "g"(0)               let the compiler to decide where does it
- *                      want to keep the value of zero;
- */
-#define mul_add(r,a,word,carry) do {    \
-        register BN_ULONG high,low;     \
-        asm ("mulq %3"                  \
-                : "=a"(low),"=d"(high)  \
-                : "a"(word),"m"(a)      \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(carry),"+d"(high)\
-                : "a"(low),"g"(0)       \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+m"(r),"+d"(high)    \
-                : "r"(carry),"g"(0)     \
-                : "cc");                \
-        carry=high;                     \
-        } while (0)
-
-#define mul(r,a,word,carry) do {        \
-        register BN_ULONG high,low;     \
-        asm ("mulq %3"                  \
-                : "=a"(low),"=d"(high)  \
-                : "a"(word),"g"(a)      \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(carry),"+d"(high)\
-                : "a"(low),"g"(0)       \
-                : "cc");                \
-        (r)=carry, carry=high;          \
-        } while (0)
-
-#define sqr(r0,r1,a)                    \
-        asm ("mulq %2"                  \
-                : "=a"(r0),"=d"(r1)     \
-                : "a"(a)                \
-                : "cc");
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG c1=0;
-
-        if (num <= 0) return(c1);
-
-        while (num&~3)
-                {
-                mul_add(rp[0],ap[0],w,c1);
-                mul_add(rp[1],ap[1],w,c1);
-                mul_add(rp[2],ap[2],w,c1);
-                mul_add(rp[3],ap[3],w,c1);
-                ap+=4; rp+=4; num-=4;
-                }
-        if (num)
-                {
-                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
-                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
-                mul_add(rp[2],ap[2],w,c1); return c1;
-                }
-        
-        return(c1);
-        } 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG c1=0;
-
-        if (num <= 0) return(c1);
-
-        while (num&~3)
-                {
-                mul(rp[0],ap[0],w,c1);
-                mul(rp[1],ap[1],w,c1);
-                mul(rp[2],ap[2],w,c1);
-                mul(rp[3],ap[3],w,c1);
-                ap+=4; rp+=4; num-=4;
-                }
-        if (num)
-                {
-                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
-                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
-                mul(rp[2],ap[2],w,c1);
-                }
-        return(c1);
-        } 
-
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
-        {
-        if (n <= 0) return;
-
-        while (n&~3)
-                {
-                sqr(r[0],r[1],a[0]);
-                sqr(r[2],r[3],a[1]);
-                sqr(r[4],r[5],a[2]);
-                sqr(r[6],r[7],a[3]);
-                a+=4; r+=8; n-=4;
-                }
-        if (n)
-                {
-                sqr(r[0],r[1],a[0]); if (--n == 0) return;
-                sqr(r[2],r[3],a[1]); if (--n == 0) return;
-                sqr(r[4],r[5],a[2]);
-                }
-        }
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{       BN_ULONG ret,waste;
-
-        asm ("divq      %4"
-                : "=a"(ret),"=d"(waste)
-                : "a"(l),"d"(h),"g"(d)
-                : "cc");
-
-        return ret;
-}
-
-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
-        if (n <= 0) return 0;
-
-        asm (
-        "       subq    %2,%2           \n"
-        ".align 16                      \n"
-        "1:     movq    (%4,%2,8),%0    \n"
-        "       adcq    (%5,%2,8),%0    \n"
-        "       movq    %0,(%3,%2,8)    \n"
-        "       leaq    1(%2),%2        \n"
-        "       loop    1b              \n"
-        "       sbbq    %0,%0           \n"
-                : "=&a"(ret),"+c"(n),"=&r"(i)
-                : "r"(rp),"r"(ap),"r"(bp)
-                : "cc"
-        );
-
-  return ret&1;
-}
-
-#ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
-        if (n <= 0) return 0;
-
-        asm (
-        "       subq    %2,%2           \n"
-        ".align 16                      \n"
-        "1:     movq    (%4,%2,8),%0    \n"
-        "       sbbq    (%5,%2,8),%0    \n"
-        "       movq    %0,(%3,%2,8)    \n"
-        "       leaq    1(%2),%2        \n"
-        "       loop    1b              \n"
-        "       sbbq    %0,%0           \n"
-                : "=&a"(ret),"+c"(n),"=&r"(i)
-                : "r"(rp),"r"(ap),"r"(bp)
-                : "cc"
-        );
-
-  return ret&1;
-}
-#else
-/* Simics 1.4<7 has buggy sbbq:-( */
-#define BN_MASK2 0xffffffffffffffffL
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-        {
-        BN_ULONG t1,t2;
-        int c=0;
-
-        if (n <= 0) return((BN_ULONG)0);
-
-        for (;;)
-                {
-                t1=a[0]; t2=b[0];
-                r[0]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[1]; t2=b[1];
-                r[1]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[2]; t2=b[2];
-                r[2]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[3]; t2=b[3];
-                r[3]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                a+=4;
-                b+=4;
-                r+=4;
-                }
-        return(c);
-        }
-#endif
-
-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#if 0
-/* original macros are kept for reference purposes */
-#define mul_add_c(a,b,c0,c1,c2) {       \
-        BN_ULONG ta=(a),tb=(b);         \
-        t1 = ta * tb;                   \
-        t2 = BN_UMULT_HIGH(ta,tb);      \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-
-#define mul_add_c2(a,b,c0,c1,c2) {      \
-        BN_ULONG ta=(a),tb=(b),t0;      \
-        t1 = BN_UMULT_HIGH(ta,tb);      \
-        t0 = ta * tb;                   \
-        t2 = t1+t1; c2 += (t2<t1)?1:0;  \
-        t1 = t0+t0; t2 += (t1<t0)?1:0;  \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-#else
-#define mul_add_c(a,b,c0,c1,c2) do {    \
-        asm ("mulq %3"                  \
-                : "=a"(t1),"=d"(t2)     \
-                : "a"(a),"m"(b)         \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c0),"+d"(t2)     \
-                : "a"(t1),"g"(0)        \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c1),"+r"(c2)     \
-                : "d"(t2),"g"(0)        \
-                : "cc");                \
-        } while (0)
-
-#define sqr_add_c(a,i,c0,c1,c2) do {    \
-        asm ("mulq %2"                  \
-                : "=a"(t1),"=d"(t2)     \
-                : "a"(a[i])             \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c0),"+d"(t2)     \
-                : "a"(t1),"g"(0)        \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c1),"+r"(c2)     \
-                : "d"(t2),"g"(0)        \
-                : "cc");                \
-        } while (0)
-
-#define mul_add_c2(a,b,c0,c1,c2) do {   \
-        asm ("mulq %3"                  \
-                : "=a"(t1),"=d"(t2)     \
-                : "a"(a),"m"(b)         \
-                : "cc");                \
-        asm ("addq %0,%0; adcq %2,%1"   \
-                : "+d"(t2),"+r"(c2)     \
-                : "g"(0)                \
-                : "cc");                \
-        asm ("addq %0,%0; adcq %2,%1"   \
-                : "+a"(t1),"+d"(t2)     \
-                : "g"(0)                \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c0),"+d"(t2)     \
-                : "a"(t1),"g"(0)        \
-                : "cc");                \
-        asm ("addq %2,%0; adcq %3,%1"   \
-                : "+r"(c1),"+r"(c2)     \
-                : "d"(t2),"g"(0)        \
-                : "cc");                \
-        } while (0)
-#endif
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)      \
-        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        mul_add_c(a[0],b[0],c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        mul_add_c(a[0],b[1],c2,c3,c1);
-        mul_add_c(a[1],b[0],c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        mul_add_c(a[2],b[0],c3,c1,c2);
-        mul_add_c(a[1],b[1],c3,c1,c2);
-        mul_add_c(a[0],b[2],c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        mul_add_c(a[0],b[3],c1,c2,c3);
-        mul_add_c(a[1],b[2],c1,c2,c3);
-        mul_add_c(a[2],b[1],c1,c2,c3);
-        mul_add_c(a[3],b[0],c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        mul_add_c(a[4],b[0],c2,c3,c1);
-        mul_add_c(a[3],b[1],c2,c3,c1);
-        mul_add_c(a[2],b[2],c2,c3,c1);
-        mul_add_c(a[1],b[3],c2,c3,c1);
-        mul_add_c(a[0],b[4],c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        mul_add_c(a[0],b[5],c3,c1,c2);
-        mul_add_c(a[1],b[4],c3,c1,c2);
-        mul_add_c(a[2],b[3],c3,c1,c2);
-        mul_add_c(a[3],b[2],c3,c1,c2);
-        mul_add_c(a[4],b[1],c3,c1,c2);
-        mul_add_c(a[5],b[0],c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        mul_add_c(a[6],b[0],c1,c2,c3);
-        mul_add_c(a[5],b[1],c1,c2,c3);
-        mul_add_c(a[4],b[2],c1,c2,c3);
-        mul_add_c(a[3],b[3],c1,c2,c3);
-        mul_add_c(a[2],b[4],c1,c2,c3);
-        mul_add_c(a[1],b[5],c1,c2,c3);
-        mul_add_c(a[0],b[6],c1,c2,c3);
-        r[6]=c1;
-        c1=0;
-        mul_add_c(a[0],b[7],c2,c3,c1);
-        mul_add_c(a[1],b[6],c2,c3,c1);
-        mul_add_c(a[2],b[5],c2,c3,c1);
-        mul_add_c(a[3],b[4],c2,c3,c1);
-        mul_add_c(a[4],b[3],c2,c3,c1);
-        mul_add_c(a[5],b[2],c2,c3,c1);
-        mul_add_c(a[6],b[1],c2,c3,c1);
-        mul_add_c(a[7],b[0],c2,c3,c1);
-        r[7]=c2;
-        c2=0;
-        mul_add_c(a[7],b[1],c3,c1,c2);
-        mul_add_c(a[6],b[2],c3,c1,c2);
-        mul_add_c(a[5],b[3],c3,c1,c2);
-        mul_add_c(a[4],b[4],c3,c1,c2);
-        mul_add_c(a[3],b[5],c3,c1,c2);
-        mul_add_c(a[2],b[6],c3,c1,c2);
-        mul_add_c(a[1],b[7],c3,c1,c2);
-        r[8]=c3;
-        c3=0;
-        mul_add_c(a[2],b[7],c1,c2,c3);
-        mul_add_c(a[3],b[6],c1,c2,c3);
-        mul_add_c(a[4],b[5],c1,c2,c3);
-        mul_add_c(a[5],b[4],c1,c2,c3);
-        mul_add_c(a[6],b[3],c1,c2,c3);
-        mul_add_c(a[7],b[2],c1,c2,c3);
-        r[9]=c1;
-        c1=0;
-        mul_add_c(a[7],b[3],c2,c3,c1);
-        mul_add_c(a[6],b[4],c2,c3,c1);
-        mul_add_c(a[5],b[5],c2,c3,c1);
-        mul_add_c(a[4],b[6],c2,c3,c1);
-        mul_add_c(a[3],b[7],c2,c3,c1);
-        r[10]=c2;
-        c2=0;
-        mul_add_c(a[4],b[7],c3,c1,c2);
-        mul_add_c(a[5],b[6],c3,c1,c2);
-        mul_add_c(a[6],b[5],c3,c1,c2);
-        mul_add_c(a[7],b[4],c3,c1,c2);
-        r[11]=c3;
-        c3=0;
-        mul_add_c(a[7],b[5],c1,c2,c3);
-        mul_add_c(a[6],b[6],c1,c2,c3);
-        mul_add_c(a[5],b[7],c1,c2,c3);
-        r[12]=c1;
-        c1=0;
-        mul_add_c(a[6],b[7],c2,c3,c1);
-        mul_add_c(a[7],b[6],c2,c3,c1);
-        r[13]=c2;
-        c2=0;
-        mul_add_c(a[7],b[7],c3,c1,c2);
-        r[14]=c3;
-        r[15]=c1;
-        }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        mul_add_c(a[0],b[0],c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        mul_add_c(a[0],b[1],c2,c3,c1);
-        mul_add_c(a[1],b[0],c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        mul_add_c(a[2],b[0],c3,c1,c2);
-        mul_add_c(a[1],b[1],c3,c1,c2);
-        mul_add_c(a[0],b[2],c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        mul_add_c(a[0],b[3],c1,c2,c3);
-        mul_add_c(a[1],b[2],c1,c2,c3);
-        mul_add_c(a[2],b[1],c1,c2,c3);
-        mul_add_c(a[3],b[0],c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        mul_add_c(a[3],b[1],c2,c3,c1);
-        mul_add_c(a[2],b[2],c2,c3,c1);
-        mul_add_c(a[1],b[3],c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        mul_add_c(a[2],b[3],c3,c1,c2);
-        mul_add_c(a[3],b[2],c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        mul_add_c(a[3],b[3],c1,c2,c3);
-        r[6]=c1;
-        r[7]=c2;
-        }
-
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-        {
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        sqr_add_c(a,0,c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        sqr_add_c2(a,1,0,c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        sqr_add_c(a,1,c3,c1,c2);
-        sqr_add_c2(a,2,0,c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        sqr_add_c2(a,3,0,c1,c2,c3);
-        sqr_add_c2(a,2,1,c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        sqr_add_c(a,2,c2,c3,c1);
-        sqr_add_c2(a,3,1,c2,c3,c1);
-        sqr_add_c2(a,4,0,c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        sqr_add_c2(a,5,0,c3,c1,c2);
-        sqr_add_c2(a,4,1,c3,c1,c2);
-        sqr_add_c2(a,3,2,c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        sqr_add_c(a,3,c1,c2,c3);
-        sqr_add_c2(a,4,2,c1,c2,c3);
-        sqr_add_c2(a,5,1,c1,c2,c3);
-        sqr_add_c2(a,6,0,c1,c2,c3);
-        r[6]=c1;
-        c1=0;
-        sqr_add_c2(a,7,0,c2,c3,c1);
-        sqr_add_c2(a,6,1,c2,c3,c1);
-        sqr_add_c2(a,5,2,c2,c3,c1);
-        sqr_add_c2(a,4,3,c2,c3,c1);
-        r[7]=c2;
-        c2=0;
-        sqr_add_c(a,4,c3,c1,c2);
-        sqr_add_c2(a,5,3,c3,c1,c2);
-        sqr_add_c2(a,6,2,c3,c1,c2);
-        sqr_add_c2(a,7,1,c3,c1,c2);
-        r[8]=c3;
-        c3=0;
-        sqr_add_c2(a,7,2,c1,c2,c3);
-        sqr_add_c2(a,6,3,c1,c2,c3);
-        sqr_add_c2(a,5,4,c1,c2,c3);
-        r[9]=c1;
-        c1=0;
-        sqr_add_c(a,5,c2,c3,c1);
-        sqr_add_c2(a,6,4,c2,c3,c1);
-        sqr_add_c2(a,7,3,c2,c3,c1);
-        r[10]=c2;
-        c2=0;
-        sqr_add_c2(a,7,4,c3,c1,c2);
-        sqr_add_c2(a,6,5,c3,c1,c2);
-        r[11]=c3;
-        c3=0;
-        sqr_add_c(a,6,c1,c2,c3);
-        sqr_add_c2(a,7,5,c1,c2,c3);
-        r[12]=c1;
-        c1=0;
-        sqr_add_c2(a,7,6,c2,c3,c1);
-        r[13]=c2;
-        c2=0;
-        sqr_add_c(a,7,c3,c1,c2);
-        r[14]=c3;
-        r[15]=c1;
-        }
-
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-        {
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        sqr_add_c(a,0,c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        sqr_add_c2(a,1,0,c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        sqr_add_c(a,1,c3,c1,c2);
-        sqr_add_c2(a,2,0,c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        sqr_add_c2(a,3,0,c1,c2,c3);
-        sqr_add_c2(a,2,1,c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        sqr_add_c(a,2,c2,c3,c1);
-        sqr_add_c2(a,3,1,c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        sqr_add_c2(a,3,2,c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        sqr_add_c(a,3,c1,c2,c3);
-        r[6]=c1;
-        r[7]=c2;
-        }
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
deleted file mode 100644
index 1251521c54..0000000000
--- a/src/lib/libcrypto/bn/bn.h
+++ /dev/null
@@ -1,583 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BN_H
-#define HEADER_BN_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h> /* FILE */
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-#undef BN_LLONG /* experimental, so far... */
-#endif
-
-#define BN_MUL_COMBA
-#define BN_SQR_COMBA
-#define BN_RECURSION
-
-/* This next option uses the C libraries (2 word)/(1 word) function.
- * If it is not defined, I use my C version (which is slower).
- * The reason for this flag is that when the particular C compiler
- * library routine is used, and the library is linked with a different
- * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using normal cc.  This would
- * be a common occurrence because gcc normally produces code that is
- * 2 times faster than system compilers for the big number stuff.
- * For machines with only one compiler (or shared libraries), this should
- * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
-    defined(OPENSSL_SYS_WIN32) || defined(linux)
-# ifndef BN_DIV2W
-#  define BN_DIV2W
-# endif
-#endif
-
-/* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-#ifdef SIXTY_FOUR_BIT_LONG
-#define BN_ULLONG       unsigned long long
-#define BN_ULONG        unsigned long
-#define BN_LONG         long
-#define BN_BITS         128
-#define BN_BYTES        8
-#define BN_BITS2        64
-#define BN_BITS4        32
-#define BN_MASK         (0xffffffffffffffffffffffffffffffffLL)
-#define BN_MASK2        (0xffffffffffffffffL)
-#define BN_MASK2l       (0xffffffffL)
-#define BN_MASK2h       (0xffffffff00000000L)
-#define BN_MASK2h1      (0xffffffff80000000L)
-#define BN_TBIT         (0x8000000000000000L)
-#define BN_DEC_CONV     (10000000000000000000UL)
-#define BN_DEC_FMT1     "%lu"
-#define BN_DEC_FMT2     "%019lu"
-#define BN_DEC_NUM      19
-#endif
-
-/* This is where the long long data type is 64 bits, but long is 32.
- * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevant
- * assembler code :-).  Do NOT define BN_LLONG.
- */
-#ifdef SIXTY_FOUR_BIT
-#undef BN_LLONG
-#undef BN_ULLONG
-#define BN_ULONG        unsigned long long
-#define BN_LONG         long long
-#define BN_BITS         128
-#define BN_BYTES        8
-#define BN_BITS2        64
-#define BN_BITS4        32
-#define BN_MASK2        (0xffffffffffffffffLL)
-#define BN_MASK2l       (0xffffffffL)
-#define BN_MASK2h       (0xffffffff00000000LL)
-#define BN_MASK2h1      (0xffffffff80000000LL)
-#define BN_TBIT         (0x8000000000000000LL)
-#define BN_DEC_CONV     (10000000000000000000ULL)
-#define BN_DEC_FMT1     "%llu"
-#define BN_DEC_FMT2     "%019llu"
-#define BN_DEC_NUM      19
-#endif
-
-#ifdef THIRTY_TWO_BIT
-#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-#define BN_ULLONG       unsigned _int64
-#else
-#define BN_ULLONG       unsigned long long
-#endif
-#define BN_ULONG        unsigned long
-#define BN_LONG         long
-#define BN_BITS         64
-#define BN_BYTES        4
-#define BN_BITS2        32
-#define BN_BITS4        16
-#ifdef OPENSSL_SYS_WIN32
-/* VC++ doesn't like the LL suffix */
-#define BN_MASK         (0xffffffffffffffffL)
-#else
-#define BN_MASK         (0xffffffffffffffffLL)
-#endif
-#define BN_MASK2        (0xffffffffL)
-#define BN_MASK2l       (0xffff)
-#define BN_MASK2h1      (0xffff8000L)
-#define BN_MASK2h       (0xffff0000L)
-#define BN_TBIT         (0x80000000L)
-#define BN_DEC_CONV     (1000000000L)
-#define BN_DEC_FMT1     "%lu"
-#define BN_DEC_FMT2     "%09lu"
-#define BN_DEC_NUM      9
-#endif
-
-#ifdef SIXTEEN_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned long
-#define BN_ULONG        unsigned short
-#define BN_LONG         short
-#define BN_BITS         32
-#define BN_BYTES        2
-#define BN_BITS2        16
-#define BN_BITS4        8
-#define BN_MASK         (0xffffffff)
-#define BN_MASK2        (0xffff)
-#define BN_MASK2l       (0xff)
-#define BN_MASK2h1      (0xff80)
-#define BN_MASK2h       (0xff00)
-#define BN_TBIT         (0x8000)
-#define BN_DEC_CONV     (100000)
-#define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%05u"
-#define BN_DEC_NUM      5
-#endif
-
-#ifdef EIGHT_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned short
-#define BN_ULONG        unsigned char
-#define BN_LONG         char
-#define BN_BITS         16
-#define BN_BYTES        1
-#define BN_BITS2        8
-#define BN_BITS4        4
-#define BN_MASK         (0xffff)
-#define BN_MASK2        (0xff)
-#define BN_MASK2l       (0xf)
-#define BN_MASK2h1      (0xf8)
-#define BN_MASK2h       (0xf0)
-#define BN_TBIT         (0x80)
-#define BN_DEC_CONV     (100)
-#define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%02u"
-#define BN_DEC_NUM      2
-#endif
-
-#define BN_DEFAULT_BITS 1280
-
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-
-#define BN_FLG_MALLOCED         0x01
-#define BN_FLG_STATIC_DATA      0x02
-#define BN_FLG_EXP_CONSTTIME    0x04 /* avoid leaking exponent information through timings
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
-#define BN_FLG_FREE             0x8000  /* used for debuging */
-#define BN_set_flags(b,n)       ((b)->flags|=(n))
-#define BN_get_flags(b,n)       ((b)->flags&(n))
-
-/* get a clone of a BIGNUM with changed flags, for *temporary* use only
- * (the two BIGNUMs cannot not be used in parallel!) */
-#define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
-                                  (dest)->top=(b)->top, \
-                                  (dest)->dmax=(b)->dmax, \
-                                  (dest)->neg=(b)->neg, \
-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
-                                                 |  BN_FLG_STATIC_DATA \
-                                                 |  (n)))
-
-typedef struct bignum_st
-        {
-        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
-        int top;        /* Index of last used d +1. */
-        /* The next are internal book keeping for bn_expand. */
-        int dmax;       /* Size of the d array. */
-        int neg;        /* one if the number is negative */
-        int flags;
-        } BIGNUM;
-
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-
-typedef struct bn_blinding_st
-        {
-        int init;
-        BIGNUM *A;
-        BIGNUM *Ai;
-        BIGNUM *mod; /* just a reference */
-        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
-                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-        } BN_BLINDING;
-
-/* Used for montgomery multiplication */
-typedef struct bn_mont_ctx_st
-        {
-        int ri;        /* number of bits in R */
-        BIGNUM RR;     /* used to convert to montgomery form */
-        BIGNUM N;      /* The modulus */
-        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
-                        * (Ni is only stored for bignum algorithm) */
-        BN_ULONG n0;   /* least significant word of Ni */
-        int flags;
-        } BN_MONT_CTX;
-
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-typedef struct bn_recp_ctx_st
-        {
-        BIGNUM N;       /* the divisor */
-        BIGNUM Nr;      /* the reciprocal */
-        int num_bits;
-        int shift;
-        int flags;
-        } BN_RECP_CTX;
-
-#define BN_prime_checks 0 /* default: select number of iterations
-                             based on the size of the number */
-
-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
-#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
-                                (b) >=  850 ?  3 : \
-                                (b) >=  650 ?  4 : \
-                                (b) >=  550 ?  5 : \
-                                (b) >=  450 ?  6 : \
-                                (b) >=  400 ?  7 : \
-                                (b) >=  350 ?  8 : \
-                                (b) >=  300 ?  9 : \
-                                (b) >=  250 ? 12 : \
-                                (b) >=  200 ? 15 : \
-                                (b) >=  150 ? 18 : \
-                                /* b >= 100 */ 27)
-
-#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word does not work reliably for w == 0 */
-#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-#define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
-#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-#define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
-                                   BN_is_zero((a)))
-#define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
-
-#define BN_one(a)       (BN_set_word((a),1))
-#define BN_zero(a)      (BN_set_word((a),0))
-
-/*#define BN_ascii2bn(a)        BN_hex2bn(a) */
-/*#define BN_bn2ascii(a)        BN_bn2hex(a) */
-
-const BIGNUM *BN_value_one(void);
-char *  BN_options(void);
-BN_CTX *BN_CTX_new(void);
-void    BN_CTX_init(BN_CTX *c);
-void    BN_CTX_free(BN_CTX *c);
-void    BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void    BN_CTX_end(BN_CTX *ctx);
-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int     BN_rand_range(BIGNUM *rnd, BIGNUM *range);
-int     BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
-int     BN_num_bits(const BIGNUM *a);
-int     BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void    BN_init(BIGNUM *);
-void    BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void    BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
-int     BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
-int     BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int     BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int     BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int     BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int     BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int     BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int     BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-
-int     BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-        BN_CTX *ctx);
-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int     BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int     BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int     BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int     BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int     BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
-int     BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int     BN_mul_word(BIGNUM *a, BN_ULONG w);
-int     BN_add_word(BIGNUM *a, BN_ULONG w);
-int     BN_sub_word(BIGNUM *a, BN_ULONG w);
-int     BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int     BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void    BN_free(BIGNUM *a);
-int     BN_is_bit_set(const BIGNUM *a, int n);
-int     BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int     BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int     BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-
-int     BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        const BIGNUM *m,BN_CTX *ctx);
-int     BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
-int     BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int     BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-        const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
-        BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int     BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        const BIGNUM *m,BN_CTX *ctx);
-
-int     BN_mask_bits(BIGNUM *a,int n);
-#ifndef OPENSSL_NO_FP_API
-int     BN_print_fp(FILE *fp, const BIGNUM *a);
-#endif
-#ifdef HEADER_BIO_H
-int     BN_print(BIO *fp, const BIGNUM *a);
-#else
-int     BN_print(void *fp, const BIGNUM *a);
-#endif
-int     BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int     BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int     BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void    BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int     BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int     BN_set_bit(BIGNUM *a, int n);
-int     BN_clear_bit(BIGNUM *a, int n);
-char *  BN_bn2hex(const BIGNUM *a);
-char *  BN_bn2dec(const BIGNUM *a);
-int     BN_hex2bn(BIGNUM **a, const char *str);
-int     BN_dec2bn(BIGNUM **a, const char *str);
-int     BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
-int     BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
-        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-        const BIGNUM *add, const BIGNUM *rem,
-        void (*callback)(int,int,void *),void *cb_arg);
-int     BN_is_prime(const BIGNUM *p,int nchecks,
-        void (*callback)(int,int,void *),
-        BN_CTX *ctx,void *cb_arg);
-int     BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
-        void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
-        int do_trial_division);
-
-#ifdef OPENSSL_FIPS
-int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        void (*cb)(int, int, void *), void *cb_arg,
-                        const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx);
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        BIGNUM *Xp1, BIGNUM *Xp2,
-                        const BIGNUM *Xp,
-                        const BIGNUM *e, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg);
-#endif
-
-BN_MONT_CTX *BN_MONT_CTX_new(void );
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-        BN_MONT_CTX *mont, BN_CTX *ctx);
-#define BN_to_montgomery(r,a,mont,ctx)  BN_mod_mul_montgomery(\
-        (r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
-        BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-                                        const BIGNUM *mod, BN_CTX *ctx);
-
-BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-
-void    BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void    BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int     BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int     BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-        BN_RECP_CTX *recp,BN_CTX *ctx);
-int     BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        const BIGNUM *m, BN_CTX *ctx);
-int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-        BN_RECP_CTX *recp, BN_CTX *ctx);
-
-/* library internal functions */
-
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-        (a):bn_expand2((a),(bits)/BN_BITS2+1))
-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
-
-#define bn_fix_top(a) \
-        { \
-        BN_ULONG *ftl; \
-        if ((a)->top > 0) \
-                { \
-                for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-                if (*(ftl--)) break; \
-                } \
-        }
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-
-#ifdef BN_DEBUG
-void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
-# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
-   fprintf(stderr,"\n");}
-# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
-#else
-# define bn_print(a)
-# define bn_dump(a,b)
-#endif
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BN_BLINDING_CONVERT                         100
-#define BN_F_BN_BLINDING_INVERT                          101
-#define BN_F_BN_BLINDING_NEW                             102
-#define BN_F_BN_BLINDING_UPDATE                          103
-#define BN_F_BN_BN2DEC                                   104
-#define BN_F_BN_BN2HEX                                   105
-#define BN_F_BN_CTX_GET                                  116
-#define BN_F_BN_CTX_NEW                                  106
-#define BN_F_BN_DIV                                      107
-#define BN_F_BN_EXP                                      123
-#define BN_F_BN_EXPAND2                                  108
-#define BN_F_BN_EXPAND_INTERNAL                          120
-#define BN_F_BN_MOD_EXP2_MONT                            118
-#define BN_F_BN_MOD_EXP_MONT                             109
-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
-#define BN_F_BN_MOD_EXP_MONT_WORD                        117
-#define BN_F_BN_MOD_EXP_RECP                             125
-#define BN_F_BN_MOD_EXP_SIMPLE                           126
-#define BN_F_BN_MOD_INVERSE                              110
-#define BN_F_BN_MOD_LSHIFT_QUICK                         119
-#define BN_F_BN_MOD_MUL_RECIPROCAL                       111
-#define BN_F_BN_MOD_SQRT                                 121
-#define BN_F_BN_MPI2BN                                   112
-#define BN_F_BN_NEW                                      113
-#define BN_F_BN_RAND                                     114
-#define BN_F_BN_RAND_RANGE                               122
-#define BN_F_BN_USUB                                     115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3                                100
-#define BN_R_BAD_RECIPROCAL                              101
-#define BN_R_BIGNUM_TOO_LONG                             114
-#define BN_R_CALLED_WITH_EVEN_MODULUS                    102
-#define BN_R_DIV_BY_ZERO                                 103
-#define BN_R_ENCODING_ERROR                              104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
-#define BN_R_INPUT_NOT_REDUCED                           110
-#define BN_R_INVALID_LENGTH                              106
-#define BN_R_INVALID_RANGE                               115
-#define BN_R_NOT_A_SQUARE                                111
-#define BN_R_NOT_INITIALIZED                             107
-#define BN_R_NO_INVERSE                                  108
-#define BN_R_P_IS_NOT_PRIME                              112
-#define BN_R_TOO_MANY_ITERATIONS                         113
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
deleted file mode 100644
index 6cba07e9f6..0000000000
--- a/src/lib/libcrypto/bn/bn_add.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-        {
-        const BIGNUM *tmp;
-        int a_neg = a->neg;
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        /*  a +  b      a+b
-         *  a + -b      a-b
-         * -a +  b      b-a
-         * -a + -b      -(a+b)
-         */
-        if (a_neg ^ b->neg)
-                {
-                /* only one is negative */
-                if (a_neg)
-                        { tmp=a; a=b; b=tmp; }
-
-                /* we are now a - b */
-
-                if (BN_ucmp(a,b) < 0)
-                        {
-                        if (!BN_usub(r,b,a)) return(0);
-                        r->neg=1;
-                        }
-                else
-                        {
-                        if (!BN_usub(r,a,b)) return(0);
-                        r->neg=0;
-                        }
-                return(1);
-                }
-
-        if (!BN_uadd(r,a,b)) return(0);
-        if (a_neg) /* both are neg */
-                r->neg=1;
-        else
-                r->neg=0;
-        return(1);
-        }
-
-/* unsigned add of b to a, r must be large enough */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-        {
-        register int i;
-        int max,min;
-        BN_ULONG *ap,*bp,*rp,carry,t1;
-        const BIGNUM *tmp;
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        if (a->top < b->top)
-                { tmp=a; a=b; b=tmp; }
-        max=a->top;
-        min=b->top;
-
-        if (bn_wexpand(r,max+1) == NULL)
-                return(0);
-
-        r->top=max;
-
-
-        ap=a->d;
-        bp=b->d;
-        rp=r->d;
-        carry=0;
-
-        carry=bn_add_words(rp,ap,bp,min);
-        rp+=min;
-        ap+=min;
-        bp+=min;
-        i=min;
-
-        if (carry)
-                {
-                while (i < max)
-                        {
-                        i++;
-                        t1= *(ap++);
-                        if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
-                                {
-                                carry=0;
-                                break;
-                                }
-                        }
-                if ((i >= max) && carry)
-                        {
-                        *(rp++)=1;
-                        r->top++;
-                        }
-                }
-        if (rp != ap)
-                {
-                for (; i<max; i++)
-                        *(rp++)= *(ap++);
-                }
-        /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
-        r->neg = 0;
-        return(1);
-        }
-
-/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-        {
-        int max,min;
-        register BN_ULONG t1,t2,*ap,*bp,*rp;
-        int i,carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-        int dummy;
-#endif
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        if (a->top < b->top) /* hmm... should not be happening */
-                {
-                BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
-                return(0);
-                }
-
-        max=a->top;
-        min=b->top;
-        if (bn_wexpand(r,max) == NULL) return(0);
-
-        ap=a->d;
-        bp=b->d;
-        rp=r->d;
-
-#if 1
-        carry=0;
-        for (i=0; i<min; i++)
-                {
-                t1= *(ap++);
-                t2= *(bp++);
-                if (carry)
-                        {
-                        carry=(t1 <= t2);
-                        t1=(t1-t2-1)&BN_MASK2;
-                        }
-                else
-                        {
-                        carry=(t1 < t2);
-                        t1=(t1-t2)&BN_MASK2;
-                        }
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-                dummy=t1;
-#endif
-                *(rp++)=t1&BN_MASK2;
-                }
-#else
-        carry=bn_sub_words(rp,ap,bp,min);
-        ap+=min;
-        bp+=min;
-        rp+=min;
-        i=min;
-#endif
-        if (carry) /* subtracted */
-                {
-                while (i < max)
-                        {
-                        i++;
-                        t1= *(ap++);
-                        t2=(t1-1)&BN_MASK2;
-                        *(rp++)=t2;
-                        if (t1 > t2) break;
-                        }
-                }
-#if 0
-        memcpy(rp,ap,sizeof(*rp)*(max-i));
-#else
-        if (rp != ap)
-                {
-                for (;;)
-                        {
-                        if (i++ >= max) break;
-                        rp[0]=ap[0];
-                        if (i++ >= max) break;
-                        rp[1]=ap[1];
-                        if (i++ >= max) break;
-                        rp[2]=ap[2];
-                        if (i++ >= max) break;
-                        rp[3]=ap[3];
-                        rp+=4;
-                        ap+=4;
-                        }
-                }
-#endif
-
-        r->top=max;
-        r->neg=0;
-        bn_fix_top(r);
-        return(1);
-        }
-
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-        {
-        int max;
-        int add=0,neg=0;
-        const BIGNUM *tmp;
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        /*  a -  b      a-b
-         *  a - -b      a+b
-         * -a -  b      -(a+b)
-         * -a - -b      b-a
-         */
-        if (a->neg)
-                {
-                if (b->neg)
-                        { tmp=a; a=b; b=tmp; }
-                else
-                        { add=1; neg=1; }
-                }
-        else
-                {
-                if (b->neg) { add=1; neg=0; }
-                }
-
-        if (add)
-                {
-                if (!BN_uadd(r,a,b)) return(0);
-                r->neg=neg;
-                return(1);
-                }
-
-        /* We are actually doing a - b :-) */
-
-        max=(a->top > b->top)?a->top:b->top;
-        if (bn_wexpand(r,max) == NULL) return(0);
-        if (BN_ucmp(a,b) < 0)
-                {
-                if (!BN_usub(r,b,a)) return(0);
-                r->neg=1;
-                }
-        else
-                {
-                if (!BN_usub(r,a,b)) return(0);
-                r->neg=0;
-                }
-        return(1);
-        }
-
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
deleted file mode 100644
index 19978085b2..0000000000
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ /dev/null
@@ -1,832 +0,0 @@
-/* crypto/bn/bn_asm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG c1=0;
-
-        assert(num >= 0);
-        if (num <= 0) return(c1);
-
-        while (num&~3)
-                {
-                mul_add(rp[0],ap[0],w,c1);
-                mul_add(rp[1],ap[1],w,c1);
-                mul_add(rp[2],ap[2],w,c1);
-                mul_add(rp[3],ap[3],w,c1);
-                ap+=4; rp+=4; num-=4;
-                }
-        if (num)
-                {
-                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
-                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
-                mul_add(rp[2],ap[2],w,c1); return c1;
-                }
-        
-        return(c1);
-        } 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG c1=0;
-
-        assert(num >= 0);
-        if (num <= 0) return(c1);
-
-        while (num&~3)
-                {
-                mul(rp[0],ap[0],w,c1);
-                mul(rp[1],ap[1],w,c1);
-                mul(rp[2],ap[2],w,c1);
-                mul(rp[3],ap[3],w,c1);
-                ap+=4; rp+=4; num-=4;
-                }
-        if (num)
-                {
-                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
-                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
-                mul(rp[2],ap[2],w,c1);
-                }
-        return(c1);
-        } 
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-        assert(n >= 0);
-        if (n <= 0) return;
-        while (n&~3)
-                {
-                sqr(r[0],r[1],a[0]);
-                sqr(r[2],r[3],a[1]);
-                sqr(r[4],r[5],a[2]);
-                sqr(r[6],r[7],a[3]);
-                a+=4; r+=8; n-=4;
-                }
-        if (n)
-                {
-                sqr(r[0],r[1],a[0]); if (--n == 0) return;
-                sqr(r[2],r[3],a[1]); if (--n == 0) return;
-                sqr(r[4],r[5],a[2]);
-                }
-        }
-
-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG c=0;
-        BN_ULONG bl,bh;
-
-        assert(num >= 0);
-        if (num <= 0) return((BN_ULONG)0);
-
-        bl=LBITS(w);
-        bh=HBITS(w);
-
-        for (;;)
-                {
-                mul_add(rp[0],ap[0],bl,bh,c);
-                if (--num == 0) break;
-                mul_add(rp[1],ap[1],bl,bh,c);
-                if (--num == 0) break;
-                mul_add(rp[2],ap[2],bl,bh,c);
-                if (--num == 0) break;
-                mul_add(rp[3],ap[3],bl,bh,c);
-                if (--num == 0) break;
-                ap+=4;
-                rp+=4;
-                }
-        return(c);
-        } 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-        {
-        BN_ULONG carry=0;
-        BN_ULONG bl,bh;
-
-        assert(num >= 0);
-        if (num <= 0) return((BN_ULONG)0);
-
-        bl=LBITS(w);
-        bh=HBITS(w);
-
-        for (;;)
-                {
-                mul(rp[0],ap[0],bl,bh,carry);
-                if (--num == 0) break;
-                mul(rp[1],ap[1],bl,bh,carry);
-                if (--num == 0) break;
-                mul(rp[2],ap[2],bl,bh,carry);
-                if (--num == 0) break;
-                mul(rp[3],ap[3],bl,bh,carry);
-                if (--num == 0) break;
-                ap+=4;
-                rp+=4;
-                }
-        return(carry);
-        } 
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-        assert(n >= 0);
-        if (n <= 0) return;
-        for (;;)
-                {
-                sqr64(r[0],r[1],a[0]);
-                if (--n == 0) break;
-
-                sqr64(r[2],r[3],a[1]);
-                if (--n == 0) break;
-
-                sqr64(r[4],r[5],a[2]);
-                if (--n == 0) break;
-
-                sqr64(r[6],r[7],a[3]);
-                if (--n == 0) break;
-
-                a+=4;
-                r+=8;
-                }
-        }
-
-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-        {
-        return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
-        }
-
-#else
-
-/* Divide h,l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-        {
-        BN_ULONG dh,dl,q,ret=0,th,tl,t;
-        int i,count=2;
-
-        if (d == 0) return(BN_MASK2);
-
-        i=BN_num_bits_word(d);
-        assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
-        i=BN_BITS2-i;
-        if (h >= d) h-=d;
-
-        if (i)
-                {
-                d<<=i;
-                h=(h<<i)|(l>>(BN_BITS2-i));
-                l<<=i;
-                }
-        dh=(d&BN_MASK2h)>>BN_BITS4;
-        dl=(d&BN_MASK2l);
-        for (;;)
-                {
-                if ((h>>BN_BITS4) == dh)
-                        q=BN_MASK2l;
-                else
-                        q=h/dh;
-
-                th=q*dh;
-                tl=dl*q;
-                for (;;)
-                        {
-                        t=h-th;
-                        if ((t&BN_MASK2h) ||
-                                ((tl) <= (
-                                        (t<<BN_BITS4)|
-                                        ((l&BN_MASK2h)>>BN_BITS4))))
-                                break;
-                        q--;
-                        th-=dh;
-                        tl-=dl;
-                        }
-                t=(tl>>BN_BITS4);
-                tl=(tl<<BN_BITS4)&BN_MASK2h;
-                th+=t;
-
-                if (l < tl) th++;
-                l-=tl;
-                if (h < th)
-                        {
-                        h+=d;
-                        q--;
-                        }
-                h-=th;
-
-                if (--count == 0) break;
-
-                ret=q<<BN_BITS4;
-                h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-                l=(l&BN_MASK2l)<<BN_BITS4;
-                }
-        ret|=q;
-        return(ret);
-        }
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
-
-#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-        BN_ULLONG ll=0;
-
-        assert(n >= 0);
-        if (n <= 0) return((BN_ULONG)0);
-
-        for (;;)
-                {
-                ll+=(BN_ULLONG)a[0]+b[0];
-                r[0]=(BN_ULONG)ll&BN_MASK2;
-                ll>>=BN_BITS2;
-                if (--n <= 0) break;
-
-                ll+=(BN_ULLONG)a[1]+b[1];
-                r[1]=(BN_ULONG)ll&BN_MASK2;
-                ll>>=BN_BITS2;
-                if (--n <= 0) break;
-
-                ll+=(BN_ULLONG)a[2]+b[2];
-                r[2]=(BN_ULONG)ll&BN_MASK2;
-                ll>>=BN_BITS2;
-                if (--n <= 0) break;
-
-                ll+=(BN_ULLONG)a[3]+b[3];
-                r[3]=(BN_ULONG)ll&BN_MASK2;
-                ll>>=BN_BITS2;
-                if (--n <= 0) break;
-
-                a+=4;
-                b+=4;
-                r+=4;
-                }
-        return((BN_ULONG)ll);
-        }
-#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-        BN_ULONG c,l,t;
-
-        assert(n >= 0);
-        if (n <= 0) return((BN_ULONG)0);
-
-        c=0;
-        for (;;)
-                {
-                t=a[0];
-                t=(t+c)&BN_MASK2;
-                c=(t < c);
-                l=(t+b[0])&BN_MASK2;
-                c+=(l < t);
-                r[0]=l;
-                if (--n <= 0) break;
-
-                t=a[1];
-                t=(t+c)&BN_MASK2;
-                c=(t < c);
-                l=(t+b[1])&BN_MASK2;
-                c+=(l < t);
-                r[1]=l;
-                if (--n <= 0) break;
-
-                t=a[2];
-                t=(t+c)&BN_MASK2;
-                c=(t < c);
-                l=(t+b[2])&BN_MASK2;
-                c+=(l < t);
-                r[2]=l;
-                if (--n <= 0) break;
-
-                t=a[3];
-                t=(t+c)&BN_MASK2;
-                c=(t < c);
-                l=(t+b[3])&BN_MASK2;
-                c+=(l < t);
-                r[3]=l;
-                if (--n <= 0) break;
-
-                a+=4;
-                b+=4;
-                r+=4;
-                }
-        return((BN_ULONG)c);
-        }
-#endif /* !BN_LLONG */
-
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-        BN_ULONG t1,t2;
-        int c=0;
-
-        assert(n >= 0);
-        if (n <= 0) return((BN_ULONG)0);
-
-        for (;;)
-                {
-                t1=a[0]; t2=b[0];
-                r[0]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[1]; t2=b[1];
-                r[1]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[2]; t2=b[2];
-                r[2]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                t1=a[3]; t2=b[3];
-                r[3]=(t1-t2-c)&BN_MASK2;
-                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
-
-                a+=4;
-                b+=4;
-                r+=4;
-                }
-        return(c);
-        }
-
-#ifdef BN_MUL_COMBA
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
-        t=(BN_ULLONG)a*b; \
-        t1=(BN_ULONG)Lw(t); \
-        t2=(BN_ULONG)Hw(t); \
-        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-        t=(BN_ULLONG)a*b; \
-        tt=(t+t)&BN_MASK; \
-        if (tt < t) c2++; \
-        t1=(BN_ULONG)Lw(tt); \
-        t2=(BN_ULONG)Hw(tt); \
-        c0=(c0+t1)&BN_MASK2;  \
-        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-        t=(BN_ULLONG)a[i]*a[i]; \
-        t1=(BN_ULONG)Lw(t); \
-        t2=(BN_ULONG)Hw(t); \
-        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_HIGH)
-
-#define mul_add_c(a,b,c0,c1,c2) {       \
-        BN_ULONG ta=(a),tb=(b);         \
-        t1 = ta * tb;                   \
-        t2 = BN_UMULT_HIGH(ta,tb);      \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-
-#define mul_add_c2(a,b,c0,c1,c2) {      \
-        BN_ULONG ta=(a),tb=(b),t0;      \
-        t1 = BN_UMULT_HIGH(ta,tb);      \
-        t0 = ta * tb;                   \
-        t2 = t1+t1; c2 += (t2<t1)?1:0;  \
-        t1 = t0+t0; t2 += (t1<t0)?1:0;  \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-
-#define sqr_add_c(a,i,c0,c1,c2) {       \
-        BN_ULONG ta=(a)[i];             \
-        t1 = ta * ta;                   \
-        t2 = BN_UMULT_HIGH(ta,ta);      \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)      \
-        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#else /* !BN_LLONG */
-#define mul_add_c(a,b,c0,c1,c2) \
-        t1=LBITS(a); t2=HBITS(a); \
-        bl=LBITS(b); bh=HBITS(b); \
-        mul64(t1,t2,bl,bh); \
-        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-        t1=LBITS(a); t2=HBITS(a); \
-        bl=LBITS(b); bh=HBITS(b); \
-        mul64(t1,t2,bl,bh); \
-        if (t2 & BN_TBIT) c2++; \
-        t2=(t2+t2)&BN_MASK2; \
-        if (t1 & BN_TBIT) t2++; \
-        t1=(t1+t1)&BN_MASK2; \
-        c0=(c0+t1)&BN_MASK2;  \
-        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-        sqr64(t1,t2,(a)[i]); \
-        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif /* !BN_LLONG */
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-#ifdef BN_LLONG
-        BN_ULLONG t;
-#else
-        BN_ULONG bl,bh;
-#endif
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        mul_add_c(a[0],b[0],c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        mul_add_c(a[0],b[1],c2,c3,c1);
-        mul_add_c(a[1],b[0],c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        mul_add_c(a[2],b[0],c3,c1,c2);
-        mul_add_c(a[1],b[1],c3,c1,c2);
-        mul_add_c(a[0],b[2],c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        mul_add_c(a[0],b[3],c1,c2,c3);
-        mul_add_c(a[1],b[2],c1,c2,c3);
-        mul_add_c(a[2],b[1],c1,c2,c3);
-        mul_add_c(a[3],b[0],c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        mul_add_c(a[4],b[0],c2,c3,c1);
-        mul_add_c(a[3],b[1],c2,c3,c1);
-        mul_add_c(a[2],b[2],c2,c3,c1);
-        mul_add_c(a[1],b[3],c2,c3,c1);
-        mul_add_c(a[0],b[4],c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        mul_add_c(a[0],b[5],c3,c1,c2);
-        mul_add_c(a[1],b[4],c3,c1,c2);
-        mul_add_c(a[2],b[3],c3,c1,c2);
-        mul_add_c(a[3],b[2],c3,c1,c2);
-        mul_add_c(a[4],b[1],c3,c1,c2);
-        mul_add_c(a[5],b[0],c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        mul_add_c(a[6],b[0],c1,c2,c3);
-        mul_add_c(a[5],b[1],c1,c2,c3);
-        mul_add_c(a[4],b[2],c1,c2,c3);
-        mul_add_c(a[3],b[3],c1,c2,c3);
-        mul_add_c(a[2],b[4],c1,c2,c3);
-        mul_add_c(a[1],b[5],c1,c2,c3);
-        mul_add_c(a[0],b[6],c1,c2,c3);
-        r[6]=c1;
-        c1=0;
-        mul_add_c(a[0],b[7],c2,c3,c1);
-        mul_add_c(a[1],b[6],c2,c3,c1);
-        mul_add_c(a[2],b[5],c2,c3,c1);
-        mul_add_c(a[3],b[4],c2,c3,c1);
-        mul_add_c(a[4],b[3],c2,c3,c1);
-        mul_add_c(a[5],b[2],c2,c3,c1);
-        mul_add_c(a[6],b[1],c2,c3,c1);
-        mul_add_c(a[7],b[0],c2,c3,c1);
-        r[7]=c2;
-        c2=0;
-        mul_add_c(a[7],b[1],c3,c1,c2);
-        mul_add_c(a[6],b[2],c3,c1,c2);
-        mul_add_c(a[5],b[3],c3,c1,c2);
-        mul_add_c(a[4],b[4],c3,c1,c2);
-        mul_add_c(a[3],b[5],c3,c1,c2);
-        mul_add_c(a[2],b[6],c3,c1,c2);
-        mul_add_c(a[1],b[7],c3,c1,c2);
-        r[8]=c3;
-        c3=0;
-        mul_add_c(a[2],b[7],c1,c2,c3);
-        mul_add_c(a[3],b[6],c1,c2,c3);
-        mul_add_c(a[4],b[5],c1,c2,c3);
-        mul_add_c(a[5],b[4],c1,c2,c3);
-        mul_add_c(a[6],b[3],c1,c2,c3);
-        mul_add_c(a[7],b[2],c1,c2,c3);
-        r[9]=c1;
-        c1=0;
-        mul_add_c(a[7],b[3],c2,c3,c1);
-        mul_add_c(a[6],b[4],c2,c3,c1);
-        mul_add_c(a[5],b[5],c2,c3,c1);
-        mul_add_c(a[4],b[6],c2,c3,c1);
-        mul_add_c(a[3],b[7],c2,c3,c1);
-        r[10]=c2;
-        c2=0;
-        mul_add_c(a[4],b[7],c3,c1,c2);
-        mul_add_c(a[5],b[6],c3,c1,c2);
-        mul_add_c(a[6],b[5],c3,c1,c2);
-        mul_add_c(a[7],b[4],c3,c1,c2);
-        r[11]=c3;
-        c3=0;
-        mul_add_c(a[7],b[5],c1,c2,c3);
-        mul_add_c(a[6],b[6],c1,c2,c3);
-        mul_add_c(a[5],b[7],c1,c2,c3);
-        r[12]=c1;
-        c1=0;
-        mul_add_c(a[6],b[7],c2,c3,c1);
-        mul_add_c(a[7],b[6],c2,c3,c1);
-        r[13]=c2;
-        c2=0;
-        mul_add_c(a[7],b[7],c3,c1,c2);
-        r[14]=c3;
-        r[15]=c1;
-        }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-#ifdef BN_LLONG
-        BN_ULLONG t;
-#else
-        BN_ULONG bl,bh;
-#endif
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        mul_add_c(a[0],b[0],c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        mul_add_c(a[0],b[1],c2,c3,c1);
-        mul_add_c(a[1],b[0],c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        mul_add_c(a[2],b[0],c3,c1,c2);
-        mul_add_c(a[1],b[1],c3,c1,c2);
-        mul_add_c(a[0],b[2],c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        mul_add_c(a[0],b[3],c1,c2,c3);
-        mul_add_c(a[1],b[2],c1,c2,c3);
-        mul_add_c(a[2],b[1],c1,c2,c3);
-        mul_add_c(a[3],b[0],c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        mul_add_c(a[3],b[1],c2,c3,c1);
-        mul_add_c(a[2],b[2],c2,c3,c1);
-        mul_add_c(a[1],b[3],c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        mul_add_c(a[2],b[3],c3,c1,c2);
-        mul_add_c(a[3],b[2],c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        mul_add_c(a[3],b[3],c1,c2,c3);
-        r[6]=c1;
-        r[7]=c2;
-        }
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-        {
-#ifdef BN_LLONG
-        BN_ULLONG t,tt;
-#else
-        BN_ULONG bl,bh;
-#endif
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        sqr_add_c(a,0,c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        sqr_add_c2(a,1,0,c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        sqr_add_c(a,1,c3,c1,c2);
-        sqr_add_c2(a,2,0,c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        sqr_add_c2(a,3,0,c1,c2,c3);
-        sqr_add_c2(a,2,1,c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        sqr_add_c(a,2,c2,c3,c1);
-        sqr_add_c2(a,3,1,c2,c3,c1);
-        sqr_add_c2(a,4,0,c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        sqr_add_c2(a,5,0,c3,c1,c2);
-        sqr_add_c2(a,4,1,c3,c1,c2);
-        sqr_add_c2(a,3,2,c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        sqr_add_c(a,3,c1,c2,c3);
-        sqr_add_c2(a,4,2,c1,c2,c3);
-        sqr_add_c2(a,5,1,c1,c2,c3);
-        sqr_add_c2(a,6,0,c1,c2,c3);
-        r[6]=c1;
-        c1=0;
-        sqr_add_c2(a,7,0,c2,c3,c1);
-        sqr_add_c2(a,6,1,c2,c3,c1);
-        sqr_add_c2(a,5,2,c2,c3,c1);
-        sqr_add_c2(a,4,3,c2,c3,c1);
-        r[7]=c2;
-        c2=0;
-        sqr_add_c(a,4,c3,c1,c2);
-        sqr_add_c2(a,5,3,c3,c1,c2);
-        sqr_add_c2(a,6,2,c3,c1,c2);
-        sqr_add_c2(a,7,1,c3,c1,c2);
-        r[8]=c3;
-        c3=0;
-        sqr_add_c2(a,7,2,c1,c2,c3);
-        sqr_add_c2(a,6,3,c1,c2,c3);
-        sqr_add_c2(a,5,4,c1,c2,c3);
-        r[9]=c1;
-        c1=0;
-        sqr_add_c(a,5,c2,c3,c1);
-        sqr_add_c2(a,6,4,c2,c3,c1);
-        sqr_add_c2(a,7,3,c2,c3,c1);
-        r[10]=c2;
-        c2=0;
-        sqr_add_c2(a,7,4,c3,c1,c2);
-        sqr_add_c2(a,6,5,c3,c1,c2);
-        r[11]=c3;
-        c3=0;
-        sqr_add_c(a,6,c1,c2,c3);
-        sqr_add_c2(a,7,5,c1,c2,c3);
-        r[12]=c1;
-        c1=0;
-        sqr_add_c2(a,7,6,c2,c3,c1);
-        r[13]=c2;
-        c2=0;
-        sqr_add_c(a,7,c3,c1,c2);
-        r[14]=c3;
-        r[15]=c1;
-        }
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-        {
-#ifdef BN_LLONG
-        BN_ULLONG t,tt;
-#else
-        BN_ULONG bl,bh;
-#endif
-        BN_ULONG t1,t2;
-        BN_ULONG c1,c2,c3;
-
-        c1=0;
-        c2=0;
-        c3=0;
-        sqr_add_c(a,0,c1,c2,c3);
-        r[0]=c1;
-        c1=0;
-        sqr_add_c2(a,1,0,c2,c3,c1);
-        r[1]=c2;
-        c2=0;
-        sqr_add_c(a,1,c3,c1,c2);
-        sqr_add_c2(a,2,0,c3,c1,c2);
-        r[2]=c3;
-        c3=0;
-        sqr_add_c2(a,3,0,c1,c2,c3);
-        sqr_add_c2(a,2,1,c1,c2,c3);
-        r[3]=c1;
-        c1=0;
-        sqr_add_c(a,2,c2,c3,c1);
-        sqr_add_c2(a,3,1,c2,c3,c1);
-        r[4]=c2;
-        c2=0;
-        sqr_add_c2(a,3,2,c3,c1,c2);
-        r[5]=c3;
-        c3=0;
-        sqr_add_c(a,3,c1,c2,c3);
-        r[6]=c1;
-        r[7]=c2;
-        }
-#else /* !BN_MUL_COMBA */
-
-/* hmm... is it faster just to do a multiply? */
-#undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-        {
-        BN_ULONG t[8];
-        bn_sqr_normal(r,a,4,t);
-        }
-
-#undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-        {
-        BN_ULONG t[16];
-        bn_sqr_normal(r,a,8,t);
-        }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-        r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
-        r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
-        r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
-        r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
-        }
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-        {
-        r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-        r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-        r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-        r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-        r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-        r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-        r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-        r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-        }
-
-#endif /* !BN_MUL_COMBA */
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
deleted file mode 100644
index 2d287e6d1b..0000000000
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* crypto/bn/bn_blind.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
-        {
-        BN_BLINDING *ret=NULL;
-
-        bn_check_top(Ai);
-        bn_check_top(mod);
-
-        if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
-                {
-                BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        memset(ret,0,sizeof(BN_BLINDING));
-        if ((ret->A=BN_new()) == NULL) goto err;
-        if ((ret->Ai=BN_new()) == NULL) goto err;
-        if (!BN_copy(ret->A,A)) goto err;
-        if (!BN_copy(ret->Ai,Ai)) goto err;
-        ret->mod=mod;
-        return(ret);
-err:
-        if (ret != NULL) BN_BLINDING_free(ret);
-        return(NULL);
-        }
-
-void BN_BLINDING_free(BN_BLINDING *r)
-        {
-        if(r == NULL)
-            return;
-
-        if (r->A  != NULL) BN_free(r->A );
-        if (r->Ai != NULL) BN_free(r->Ai);
-        OPENSSL_free(r);
-        }
-
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
-        {
-        int ret=0;
-
-        if ((b->A == NULL) || (b->Ai == NULL))
-                {
-                BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
-                goto err;
-                }
-                
-        if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
-        if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
-
-        ret=1;
-err:
-        return(ret);
-        }
-
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-        {
-        bn_check_top(n);
-
-        if ((b->A == NULL) || (b->Ai == NULL))
-                {
-                BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
-                return(0);
-                }
-        return(BN_mod_mul(n,n,b->A,b->mod,ctx));
-        }
-
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-        {
-        int ret;
-
-        bn_check_top(n);
-        if ((b->A == NULL) || (b->Ai == NULL))
-                {
-                BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
-                return(0);
-                }
-        if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
-                {
-                if (!BN_BLINDING_update(b,ctx))
-                        return(0);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
deleted file mode 100644
index 7daf19eb84..0000000000
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/* crypto/bn/bn_ctx.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef BN_CTX_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-BN_CTX *BN_CTX_new(void)
-        {
-        BN_CTX *ret;
-
-        ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX));
-        if (ret == NULL)
-                {
-                BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-
-        BN_CTX_init(ret);
-        ret->flags=BN_FLG_MALLOCED;
-        return(ret);
-        }
-
-void BN_CTX_init(BN_CTX *ctx)
-        {
-#if 0 /* explicit version */
-        int i;
-        ctx->tos = 0;
-        ctx->flags = 0;
-        ctx->depth = 0;
-        ctx->too_many = 0;
-        for (i = 0; i < BN_CTX_NUM; i++)
-                BN_init(&(ctx->bn[i]));
-#else
-        memset(ctx, 0, sizeof *ctx);
-#endif
-        }
-
-void BN_CTX_free(BN_CTX *ctx)
-        {
-        int i;
-
-        if (ctx == NULL) return;
-        assert(ctx->depth == 0);
-
-        for (i=0; i < BN_CTX_NUM; i++)
-                BN_clear_free(&(ctx->bn[i]));
-        if (ctx->flags & BN_FLG_MALLOCED)
-                OPENSSL_free(ctx);
-        }
-
-void BN_CTX_start(BN_CTX *ctx)
-        {
-        if (ctx->depth < BN_CTX_NUM_POS)
-                ctx->pos[ctx->depth] = ctx->tos;
-        ctx->depth++;
-        }
-
-
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
-        {
-        /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically,
-         * make sure that if BN_CTX_get fails once it will return NULL again
-         * until BN_CTX_end is called.  (This is so that callers have to check
-         * only the last return value.)
-         */
-        if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
-                {
-                if (!ctx->too_many)
-                        {
-                        BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-                        /* disable error code until BN_CTX_end is called: */
-                        ctx->too_many = 1;
-                        }
-                return NULL;
-                }
-        return (&(ctx->bn[ctx->tos++]));
-        }
-
-void BN_CTX_end(BN_CTX *ctx)
-        {
-        if (ctx == NULL) return;
-        assert(ctx->depth > 0);
-        if (ctx->depth == 0)
-                /* should never happen, but we can tolerate it if not in
-                 * debug mode (could be a 'goto err' in the calling function
-                 * before BN_CTX_start was reached) */
-                BN_CTX_start(ctx);
-
-        ctx->too_many = 0;
-        ctx->depth--;
-        if (ctx->depth < BN_CTX_NUM_POS)
-                ctx->tos = ctx->pos[ctx->depth];
-        }
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
deleted file mode 100644
index 580d1201bc..0000000000
--- a/src/lib/libcrypto/bn/bn_div.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-/* The old slow way */
-#if 0
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-           BN_CTX *ctx)
-        {
-        int i,nm,nd;
-        int ret = 0;
-        BIGNUM *D;
-
-        bn_check_top(m);
-        bn_check_top(d);
-        if (BN_is_zero(d))
-                {
-                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-                return(0);
-                }
-
-        if (BN_ucmp(m,d) < 0)
-                {
-                if (rem != NULL)
-                        { if (BN_copy(rem,m) == NULL) return(0); }
-                if (dv != NULL) BN_zero(dv);
-                return(1);
-                }
-
-        BN_CTX_start(ctx);
-        D = BN_CTX_get(ctx);
-        if (dv == NULL) dv = BN_CTX_get(ctx);
-        if (rem == NULL) rem = BN_CTX_get(ctx);
-        if (D == NULL || dv == NULL || rem == NULL)
-                goto end;
-
-        nd=BN_num_bits(d);
-        nm=BN_num_bits(m);
-        if (BN_copy(D,d) == NULL) goto end;
-        if (BN_copy(rem,m) == NULL) goto end;
-
-        /* The next 2 are needed so we can do a dv->d[0]|=1 later
-         * since BN_lshift1 will only work once there is a value :-) */
-        BN_zero(dv);
-        bn_wexpand(dv,1);
-        dv->top=1;
-
-        if (!BN_lshift(D,D,nm-nd)) goto end;
-        for (i=nm-nd; i>=0; i--)
-                {
-                if (!BN_lshift1(dv,dv)) goto end;
-                if (BN_ucmp(rem,D) >= 0)
-                        {
-                        dv->d[0]|=1;
-                        if (!BN_usub(rem,rem,D)) goto end;
-                        }
-/* CAN IMPROVE (and have now :=) */
-                if (!BN_rshift1(D,D)) goto end;
-                }
-        rem->neg=BN_is_zero(rem)?0:m->neg;
-        dv->neg=m->neg^d->neg;
-        ret = 1;
- end:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-#else
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
-    && !defined(PEDANTIC) && !defined(BN_DIV3W)
-# if defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined (__i386__)
-   /*
-    * There were two reasons for implementing this template:
-    * - GNU C generates a call to a function (__udivdi3 to be exact)
-    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
-    *   understand why...);
-    * - divl doesn't only calculate quotient, but also leaves
-    *   remainder in %edx which we can definitely use here:-)
-    *
-    *                                   <appro@fy.chalmers.se>
-    */
-#  define bn_div_words(n0,n1,d0)                \
-        ({  asm volatile (                      \
-                "divl   %4"                     \
-                : "=a"(q), "=d"(rem)            \
-                : "a"(n1), "d"(n0), "g"(d0)     \
-                : "cc");                        \
-            q;                                  \
-        })
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
-   /*
-    * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *                                   <appro@fy.chalmers.se>
-    */
-#  define bn_div_words(n0,n1,d0)                \
-        ({  asm volatile (                      \
-                "divq   %4"                     \
-                : "=a"(q), "=d"(rem)            \
-                : "a"(n1), "d"(n0), "g"(d0)     \
-                : "cc");                        \
-            q;                                  \
-        })
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  endif /* __<cpu> */
-# endif /* __GNUC__ */
-#endif /* OPENSSL_NO_ASM */
-
-
-/* BN_div computes  dv := num / divisor,  rounding towards zero, and sets up
- * rm  such that  dv*divisor + rm = num  holds.
- * Thus:
- *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
- *     rm->neg == num->neg                 (unless the remainder is zero)
- * If 'dv' or 'rm' is NULL, the respective value is not returned.
- */
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
-           BN_CTX *ctx)
-        {
-        int norm_shift,i,j,loop;
-        BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-        BN_ULONG *resp,*wnump;
-        BN_ULONG d0,d1;
-        int num_n,div_n;
-
-        bn_check_top(num);
-        bn_check_top(divisor);
-
-        if (BN_is_zero(divisor))
-                {
-                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-                return(0);
-                }
-
-        if (BN_ucmp(num,divisor) < 0)
-                {
-                if (rm != NULL)
-                        { if (BN_copy(rm,num) == NULL) return(0); }
-                if (dv != NULL) BN_zero(dv);
-                return(1);
-                }
-
-        BN_CTX_start(ctx);
-        tmp=BN_CTX_get(ctx);
-        snum=BN_CTX_get(ctx);
-        sdiv=BN_CTX_get(ctx);
-        if (dv == NULL)
-                res=BN_CTX_get(ctx);
-        else    res=dv;
-        if (sdiv == NULL || res == NULL) goto err;
-        tmp->neg=0;
-
-        /* First we normalise the numbers */
-        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-        if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-        sdiv->neg=0;
-        norm_shift+=BN_BITS2;
-        if (!(BN_lshift(snum,num,norm_shift))) goto err;
-        snum->neg=0;
-        div_n=sdiv->top;
-        num_n=snum->top;
-        loop=num_n-div_n;
-
-        /* Lets setup a 'window' into snum
-         * This is the part that corresponds to the current
-         * 'area' being divided */
-        BN_init(&wnum);
-        wnum.d=  &(snum->d[loop]);
-        wnum.top= div_n;
-        wnum.dmax= snum->dmax+1; /* a bit of a lie */
-
-        /* Get the top 2 words of sdiv */
-        /* i=sdiv->top; */
-        d0=sdiv->d[div_n-1];
-        d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
-        /* pointer to the 'top' of snum */
-        wnump= &(snum->d[num_n-1]);
-
-        /* Setup to 'res' */
-        res->neg= (num->neg^divisor->neg);
-        if (!bn_wexpand(res,(loop+1))) goto err;
-        res->top=loop;
-        resp= &(res->d[loop-1]);
-
-        /* space for temp */
-        if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
-        if (BN_ucmp(&wnum,sdiv) >= 0)
-                {
-                if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
-                *resp=1;
-                res->d[res->top-1]=1;
-                }
-        else
-                res->top--;
-        if (res->top == 0)
-                res->neg = 0;
-        resp--;
-
-        for (i=0; i<loop-1; i++)
-                {
-                BN_ULONG q,l0;
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-                BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-                q=bn_div_3_words(wnump,d1,d0);
-#else
-                BN_ULONG n0,n1,rem=0;
-
-                n0=wnump[0];
-                n1=wnump[-1];
-                if (n0 == d0)
-                        q=BN_MASK2;
-                else                    /* n0 < d0 */
-                        {
-#ifdef BN_LLONG
-                        BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-                        q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-                        q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                                n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                        /*
-                         * rem doesn't have to be BN_ULLONG. The least we
-                         * know it's less that d0, isn't it?
-                         */
-                        rem=(n1-q*d0)&BN_MASK2;
-#endif
-                        t2=(BN_ULLONG)d1*q;
-
-                        for (;;)
-                                {
-                                if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-                                        break;
-                                q--;
-                                rem += d0;
-                                if (rem < d0) break; /* don't let rem overflow */
-                                t2 -= d1;
-                                }
-#else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
-
-                        q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                                n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                        rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
-                        BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
-                        t2l = d1 * q;
-                        t2h = BN_UMULT_HIGH(d1,q);
-#else
-                        t2l=LBITS(d1); t2h=HBITS(d1);
-                        ql =LBITS(q);  qh =HBITS(q);
-                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-
-                        for (;;)
-                                {
-                                if ((t2h < rem) ||
-                                        ((t2h == rem) && (t2l <= wnump[-2])))
-                                        break;
-                                q--;
-                                rem += d0;
-                                if (rem < d0) break; /* don't let rem overflow */
-                                if (t2l < d1) t2h--; t2l -= d1;
-                                }
-#endif /* !BN_LLONG */
-                        }
-#endif /* !BN_DIV3W */
-
-                l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
-                wnum.d--; wnum.top++;
-                tmp->d[div_n]=l0;
-                for (j=div_n+1; j>0; j--)
-                        if (tmp->d[j-1]) break;
-                tmp->top=j;
-
-                j=wnum.top;
-                if (!BN_sub(&wnum,&wnum,tmp)) goto err;
-
-                snum->top=snum->top+wnum.top-j;
-
-                if (wnum.neg)
-                        {
-                        q--;
-                        j=wnum.top;
-                        if (!BN_add(&wnum,&wnum,sdiv)) goto err;
-                        snum->top+=wnum.top-j;
-                        }
-                *(resp--)=q;
-                wnump--;
-                }
-        if (rm != NULL)
-                {
-                /* Keep a copy of the neg flag in num because if rm==num
-                 * BN_rshift() will overwrite it.
-                 */
-                int neg = num->neg;
-                BN_rshift(rm,snum,norm_shift);
-                if (!BN_is_zero(rm))
-                        rm->neg = neg;
-                }
-        BN_CTX_end(ctx);
-        return(1);
-err:
-        BN_CTX_end(ctx);
-        return(0);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
deleted file mode 100644
index 5dfac00c88..0000000000
--- a/src/lib/libcrypto/bn/bn_err.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/bn/bn_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[]=
-        {
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT),    "BN_BLINDING_convert"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT),     "BN_BLINDING_invert"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW),        "BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE),     "BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC),      "BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX),      "BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET),     "BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW),     "BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2),     "bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),     "BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),       "BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT),        "BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),      "BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),   "BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP),        "BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),      "BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),    "BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),  "BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT),    "BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN),      "BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-{ERR_FUNC(BN_F_BN_RAND),        "BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE),  "BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB),        "BN_usub"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA BN_str_reasons[]=
-        {
-{ERR_REASON(BN_R_ARG2_LT_ARG3)           ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL)         ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO)            ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR)         ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED)      ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH)         ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE)          ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE)           ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_BN_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,BN_str_functs);
-                ERR_load_strings(0,BN_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
deleted file mode 100644
index 9e1e88abe8..0000000000
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ /dev/null
@@ -1,987 +0,0 @@
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE      32
-
-/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-        {
-        int i,bits,ret=0;
-        BIGNUM *v,*rr;
-
-        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
-                {
-                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-                }
-
-        BN_CTX_start(ctx);
-        if ((r == a) || (r == p))
-                rr = BN_CTX_get(ctx);
-        else
-                rr = r;
-        if ((v = BN_CTX_get(ctx)) == NULL) goto err;
-
-        if (BN_copy(v,a) == NULL) goto err;
-        bits=BN_num_bits(p);
-
-        if (BN_is_odd(p))
-                { if (BN_copy(rr,a) == NULL) goto err; }
-        else    { if (!BN_one(rr)) goto err; }
-
-        for (i=1; i<bits; i++)
-                {
-                if (!BN_sqr(v,v,ctx)) goto err;
-                if (BN_is_bit_set(p,i))
-                        {
-                        if (!BN_mul(rr,rr,v,ctx)) goto err;
-                        }
-                }
-        ret=1;
-err:
-        if (r != rr) BN_copy(r,rr);
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-               BN_CTX *ctx)
-        {
-        int ret;
-
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
-
-        /* For even modulus  m = 2^k*m_odd,  it might make sense to compute
-         * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
-         * exponentiation for the odd part), using appropriate exponent
-         * reductions, and combine the results using the CRT.
-         *
-         * For now, we use Montgomery only if the modulus is odd; otherwise,
-         * exponentiation using the reciprocal-based quick remaindering
-         * algorithm is used.
-         *
-         * (Timing obtained with expspeed.c [computations  a^p mod m
-         * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
-         * 4096, 8192 bits], compared to the running time of the
-         * standard algorithm:
-         *
-         *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
-         *                     55 .. 77 %  [UltraSparc processor, but
-         *                                  debug-solaris-sparcv8-gcc conf.]
-         * 
-         *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
-         *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
-         *
-         * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
-         * at 2048 and more bits, but at 512 and 1024 bits, it was
-         * slower even than the standard algorithm!
-         *
-         * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
-         * should be obtained when the new Montgomery reduction code
-         * has been integrated into OpenSSL.)
-         */
-
-#define MONT_MUL_MOD
-#define MONT_EXP_WORD
-#define RECP_MUL_MOD
-
-#ifdef MONT_MUL_MOD
-        /* I have finally been able to take out this pre-condition of
-         * the top bit being set.  It was caused by an error in BN_div
-         * with negatives.  There was also another problem when for a^b%m
-         * a >= m.  eay 07-May-97 */
-/*      if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
-        if (BN_is_odd(m))
-                {
-#  ifdef MONT_EXP_WORD
-                if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
-                        {
-                        BN_ULONG A = a->d[0];
-                        ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
-                        }
-                else
-#  endif
-                        ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
-                }
-        else
-#endif
-#ifdef RECP_MUL_MOD
-                { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
-#else
-                { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
-#endif
-
-        return(ret);
-        }
-
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx)
-        {
-        int i,j,bits,ret=0,wstart,wend,window,wvalue;
-        int start=1,ts=0;
-        BIGNUM *aa;
-        BIGNUM val[TABLE_SIZE];
-        BN_RECP_CTX recp;
-
-        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
-                {
-                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-                }
-
-        bits=BN_num_bits(p);
-
-        if (bits == 0)
-                {
-                ret = BN_one(r);
-                return ret;
-                }
-
-        BN_CTX_start(ctx);
-        if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
-
-        BN_RECP_CTX_init(&recp);
-        if (m->neg)
-                {
-                /* ignore sign of 'm' */
-                if (!BN_copy(aa, m)) goto err;
-                aa->neg = 0;
-                if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
-                }
-        else
-                {
-                if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
-                }
-
-        BN_init(&(val[0]));
-        ts=1;
-
-        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
-        if (BN_is_zero(&(val[0])))
-                {
-                ret = BN_zero(r);
-                goto err;
-                }
-
-        window = BN_window_bits_for_exponent_size(bits);
-        if (window > 1)
-                {
-                if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
-                        goto err;                               /* 2 */
-                j=1<<(window-1);
-                for (i=1; i<j; i++)
-                        {
-                        BN_init(&val[i]);
-                        if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
-                                goto err;
-                        }
-                ts=i;
-                }
-                
-        start=1;        /* This is used to avoid multiplication etc
-                         * when there is only the value '1' in the
-                         * buffer. */
-        wvalue=0;       /* The 'value' of the window */
-        wstart=bits-1;  /* The top bit of the window */
-        wend=0;         /* The bottom bit of the window */
-
-        if (!BN_one(r)) goto err;
-
-        for (;;)
-                {
-                if (BN_is_bit_set(p,wstart) == 0)
-                        {
-                        if (!start)
-                                if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-                                goto err;
-                        if (wstart == 0) break;
-                        wstart--;
-                        continue;
-                        }
-                /* We now have wstart on a 'set' bit, we now need to work out
-                 * how bit a window to do.  To do this we need to scan
-                 * forward until the last set bit before the end of the
-                 * window */
-                j=wstart;
-                wvalue=1;
-                wend=0;
-                for (i=1; i<window; i++)
-                        {
-                        if (wstart-i < 0) break;
-                        if (BN_is_bit_set(p,wstart-i))
-                                {
-                                wvalue<<=(i-wend);
-                                wvalue|=1;
-                                wend=i;
-                                }
-                        }
-
-                /* wend is the size of the current window */
-                j=wend+1;
-                /* add the 'bytes above' */
-                if (!start)
-                        for (i=0; i<j; i++)
-                                {
-                                if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-                                        goto err;
-                                }
-                
-                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
-                        goto err;
-
-                /* move the 'window' down further */
-                wstart-=wend+1;
-                wvalue=0;
-                start=0;
-                if (wstart < 0) break;
-                }
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        for (i=0; i<ts; i++)
-                BN_clear_free(&(val[i]));
-        BN_RECP_CTX_free(&recp);
-        return(ret);
-        }
-
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-        {
-        int i,j,bits,ret=0,wstart,wend,window,wvalue;
-        int start=1,ts=0;
-        BIGNUM *d,*r;
-        const BIGNUM *aa;
-        BIGNUM val[TABLE_SIZE];
-        BN_MONT_CTX *mont=NULL;
-
-        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
-                {
-                return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
-                }
-
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
-
-        if (!(m->d[0] & 1))
-                {
-                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-                return(0);
-                }
-        bits=BN_num_bits(p);
-        if (bits == 0)
-                {
-                ret = BN_one(rr);
-                return ret;
-                }
-
-        BN_CTX_start(ctx);
-        d = BN_CTX_get(ctx);
-        r = BN_CTX_get(ctx);
-        if (d == NULL || r == NULL) goto err;
-
-        /* If this is not done, things will break in the montgomery
-         * part */
-
-        if (in_mont != NULL)
-                mont=in_mont;
-        else
-                {
-                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-                }
-
-        BN_init(&val[0]);
-        ts=1;
-        if (a->neg || BN_ucmp(a,m) >= 0)
-                {
-                if (!BN_nnmod(&(val[0]),a,m,ctx))
-                        goto err;
-                aa= &(val[0]);
-                }
-        else
-                aa=a;
-        if (BN_is_zero(aa))
-                {
-                ret = BN_zero(rr);
-                goto err;
-                }
-        if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
-
-        window = BN_window_bits_for_exponent_size(bits);
-        if (window > 1)
-                {
-                if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
-                j=1<<(window-1);
-                for (i=1; i<j; i++)
-                        {
-                        BN_init(&(val[i]));
-                        if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
-                                goto err;
-                        }
-                ts=i;
-                }
-
-        start=1;        /* This is used to avoid multiplication etc
-                         * when there is only the value '1' in the
-                         * buffer. */
-        wvalue=0;       /* The 'value' of the window */
-        wstart=bits-1;  /* The top bit of the window */
-        wend=0;         /* The bottom bit of the window */
-
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-        for (;;)
-                {
-                if (BN_is_bit_set(p,wstart) == 0)
-                        {
-                        if (!start)
-                                {
-                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-                                goto err;
-                                }
-                        if (wstart == 0) break;
-                        wstart--;
-                        continue;
-                        }
-                /* We now have wstart on a 'set' bit, we now need to work out
-                 * how bit a window to do.  To do this we need to scan
-                 * forward until the last set bit before the end of the
-                 * window */
-                j=wstart;
-                wvalue=1;
-                wend=0;
-                for (i=1; i<window; i++)
-                        {
-                        if (wstart-i < 0) break;
-                        if (BN_is_bit_set(p,wstart-i))
-                                {
-                                wvalue<<=(i-wend);
-                                wvalue|=1;
-                                wend=i;
-                                }
-                        }
-
-                /* wend is the size of the current window */
-                j=wend+1;
-                /* add the 'bytes above' */
-                if (!start)
-                        for (i=0; i<j; i++)
-                                {
-                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-                                        goto err;
-                                }
-                
-                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
-                        goto err;
-
-                /* move the 'window' down further */
-                wstart-=wend+1;
-                wvalue=0;
-                start=0;
-                if (wstart < 0) break;
-                }
-        if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
-        ret=1;
-err:
-        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-        BN_CTX_end(ctx);
-        for (i=0; i<ts; i++)
-                BN_clear_free(&(val[i]));
-        return(ret);
-        }
-
-
-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
- * so that accessing any of these table values shows the same access pattern as far
- * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
- * from/to that table. */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-        {
-        size_t i, j;
-
-        if (bn_wexpand(b, top) == NULL)
-                return 0;
-        while (b->top < top)
-                {
-                b->d[b->top++] = 0;
-                }
-        
-        for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-                {
-                buf[j] = ((unsigned char*)b->d)[i];
-                }
-
-        bn_fix_top(b);
-        return 1;
-        }
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-        {
-        size_t i, j;
-
-        if (bn_wexpand(b, top) == NULL)
-                return 0;
-
-        for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-                {
-                ((unsigned char*)b->d)[i] = buf[j];
-                }
-
-        b->top = top;
-        bn_fix_top(b);
-        return 1;
-        }       
-
-/* Given a pointer value, compute the next address that is a cache line multiple. */
-#define MOD_EXP_CTIME_ALIGN(x_) \
-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
-/* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
- * to protect secret exponents (cf. the hyper-threading timing attacks
- * pointed out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
- */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-        {
-        int i,bits,ret=0,idx,window,wvalue;
-        int top;
-        BIGNUM *r;
-        const BIGNUM *aa;
-        BN_MONT_CTX *mont=NULL;
-
-        int numPowers;
-        unsigned char *powerbufFree=NULL;
-        int powerbufLen = 0;
-        unsigned char *powerbuf=NULL;
-        BIGNUM *computeTemp=NULL, *am=NULL;
-
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
-
-        top = m->top;
-
-        if (!(m->d[0] & 1))
-                {
-                BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
-                return(0);
-                }
-        bits=BN_num_bits(p);
-        if (bits == 0)
-                {
-                ret = BN_one(rr);
-                return ret;
-                }
-
-        /* Initialize BIGNUM context and allocate intermediate result */
-        BN_CTX_start(ctx);
-        r = BN_CTX_get(ctx);
-        if (r == NULL) goto err;
-
-        /* Allocate a montgomery context if it was not supplied by the caller.
-         * If this is not done, things will break in the montgomery part.
-         */
-        if (in_mont != NULL)
-                mont=in_mont;
-        else
-                {
-                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-                }
-
-        /* Get the window size to use with size of p. */
-        window = BN_window_bits_for_ctime_exponent_size(bits);
-
-        /* Allocate a buffer large enough to hold all of the pre-computed
-         * powers of a.
-         */
-        numPowers = 1 << window;
-        powerbufLen = sizeof(m->d[0])*top*numPowers;
-        if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
-                goto err;
-                
-        powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
-        memset(powerbuf, 0, powerbufLen);
-
-        /* Initialize the intermediate result. Do this early to save double conversion,
-         * once each for a^0 and intermediate result.
-         */
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
-
-        /* Initialize computeTemp as a^1 with montgomery precalcs */
-        computeTemp = BN_CTX_get(ctx);
-        am = BN_CTX_get(ctx);
-        if (computeTemp==NULL || am==NULL) goto err;
-
-        if (a->neg || BN_ucmp(a,m) >= 0)
-                {
-                if (!BN_mod(am,a,m,ctx))
-                        goto err;
-                aa= am;
-                }
-        else
-                aa=a;
-        if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
-        if (!BN_copy(computeTemp, am)) goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
-
-        /* If the window size is greater than 1, then calculate
-         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
-         * (even powers could instead be computed as (a^(i/2))^2
-         * to use the slight performance advantage of sqr over mul).
-         */
-        if (window > 1)
-                {
-                for (i=2; i<numPowers; i++)
-                        {
-                        /* Calculate a^i = a^(i-1) * a */
-                        if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
-                                goto err;
-                        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
-                        }
-                }
-
-        /* Adjust the number of bits up to a multiple of the window size.
-         * If the exponent length is not a multiple of the window size, then
-         * this pads the most significant bits with zeros to normalize the
-         * scanning loop to there's no special cases.
-         *
-         * * NOTE: Making the window size a power of two less than the native
-         * * word size ensures that the padded bits won't go past the last
-         * * word in the internal BIGNUM structure. Going past the end will
-         * * still produce the correct result, but causes a different branch
-         * * to be taken in the BN_is_bit_set function.
-         */
-        bits = ((bits+window-1)/window)*window;
-        idx=bits-1;     /* The top bit of the window */
-
-        /* Scan the exponent one window at a time starting from the most
-         * significant bits.
-         */
-        while (idx >= 0)
-                {
-                wvalue=0; /* The 'value' of the window */
-                
-                /* Scan the window, squaring the result as we go */
-                for (i=0; i<window; i++,idx--)
-                        {
-                        if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))     goto err;
-                        wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
-                        }
-                
-                /* Fetch the appropriate pre-computed value from the pre-buf */
-                if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
-
-                /* Multiply the result into the intermediate result */
-                if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
-                }
-
-        /* Convert the final result from montgomery to standard format */
-        if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
-        ret=1;
-err:
-        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-        if (powerbuf!=NULL)
-                {
-                OPENSSL_cleanse(powerbuf,powerbufLen);
-                OPENSSL_free(powerbufFree);
-                }
-        if (am!=NULL) BN_clear(am);
-        if (computeTemp!=NULL) BN_clear(computeTemp);
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-        {
-        BN_MONT_CTX *mont = NULL;
-        int b, bits, ret=0;
-        int r_is_one;
-        BN_ULONG w, next_w;
-        BIGNUM *d, *r, *t;
-        BIGNUM *swap_tmp;
-#define BN_MOD_MUL_WORD(r, w, m) \
-                (BN_mul_word(r, (w)) && \
-                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
-                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
-                /* BN_MOD_MUL_WORD is only used with 'w' large,
-                 * so the BN_ucmp test is probably more overhead
-                 * than always using BN_mod (which uses BN_copy if
-                 * a similar test returns true). */
-                /* We can use BN_mod and do not need BN_nnmod because our
-                 * accumulator is never negative (the result of BN_mod does
-                 * not depend on the sign of the modulus).
-                 */
-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
-                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
-        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
-                {
-                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-                }
-
-        bn_check_top(p);
-        bn_check_top(m);
-
-        if (m->top == 0 || !(m->d[0] & 1))
-                {
-                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
-                return(0);
-                }
-        if (m->top == 1)
-                a %= m->d[0]; /* make sure that 'a' is reduced */
-
-        bits = BN_num_bits(p);
-        if (bits == 0)
-                {
-                ret = BN_one(rr);
-                return ret;
-                }
-        if (a == 0)
-                {
-                ret = BN_zero(rr);
-                return ret;
-                }
-
-        BN_CTX_start(ctx);
-        d = BN_CTX_get(ctx);
-        r = BN_CTX_get(ctx);
-        t = BN_CTX_get(ctx);
-        if (d == NULL || r == NULL || t == NULL) goto err;
-
-        if (in_mont != NULL)
-                mont=in_mont;
-        else
-                {
-                if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
-                if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
-                }
-
-        r_is_one = 1; /* except for Montgomery factor */
-
-        /* bits-1 >= 0 */
-
-        /* The result is accumulated in the product r*w. */
-        w = a; /* bit 'bits-1' of 'p' is always set */
-        for (b = bits-2; b >= 0; b--)
-                {
-                /* First, square r*w. */
-                next_w = w*w;
-                if ((next_w/w) != w) /* overflow */
-                        {
-                        if (r_is_one)
-                                {
-                                if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-                                r_is_one = 0;
-                                }
-                        else
-                                {
-                                if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-                                }
-                        next_w = 1;
-                        }
-                w = next_w;
-                if (!r_is_one)
-                        {
-                        if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
-                        }
-
-                /* Second, multiply r*w by 'a' if exponent bit is set. */
-                if (BN_is_bit_set(p, b))
-                        {
-                        next_w = w*a;
-                        if ((next_w/a) != w) /* overflow */
-                                {
-                                if (r_is_one)
-                                        {
-                                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-                                        r_is_one = 0;
-                                        }
-                                else
-                                        {
-                                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-                                        }
-                                next_w = a;
-                                }
-                        w = next_w;
-                        }
-                }
-
-        /* Finally, set r:=r*w. */
-        if (w != 1)
-                {
-                if (r_is_one)
-                        {
-                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-                        r_is_one = 0;
-                        }
-                else
-                        {
-                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-                        }
-                }
-
-        if (r_is_one) /* can happen only if a == 1*/
-                {
-                if (!BN_one(rr)) goto err;
-                }
-        else
-                {
-                if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
-                }
-        ret = 1;
-err:
-        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-
-/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r,
-        const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-        BN_CTX *ctx)
-        {
-        int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
-        int start=1;
-        BIGNUM *d;
-        BIGNUM val[TABLE_SIZE];
-
-        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
-                {
-                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
-                BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-                }
-
-        bits=BN_num_bits(p);
-
-        if (bits == 0)
-                {
-                ret = BN_one(r);
-                return ret;
-                }
-
-        BN_CTX_start(ctx);
-        if ((d = BN_CTX_get(ctx)) == NULL) goto err;
-
-        BN_init(&(val[0]));
-        ts=1;
-        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
-        if (BN_is_zero(&(val[0])))
-                {
-                ret = BN_zero(r);
-                goto err;
-                }
-
-        window = BN_window_bits_for_exponent_size(bits);
-        if (window > 1)
-                {
-                if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
-                        goto err;                               /* 2 */
-                j=1<<(window-1);
-                for (i=1; i<j; i++)
-                        {
-                        BN_init(&(val[i]));
-                        if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
-                                goto err;
-                        }
-                ts=i;
-                }
-
-        start=1;        /* This is used to avoid multiplication etc
-                         * when there is only the value '1' in the
-                         * buffer. */
-        wvalue=0;       /* The 'value' of the window */
-        wstart=bits-1;  /* The top bit of the window */
-        wend=0;         /* The bottom bit of the window */
-
-        if (!BN_one(r)) goto err;
-
-        for (;;)
-                {
-                if (BN_is_bit_set(p,wstart) == 0)
-                        {
-                        if (!start)
-                                if (!BN_mod_mul(r,r,r,m,ctx))
-                                goto err;
-                        if (wstart == 0) break;
-                        wstart--;
-                        continue;
-                        }
-                /* We now have wstart on a 'set' bit, we now need to work out
-                 * how bit a window to do.  To do this we need to scan
-                 * forward until the last set bit before the end of the
-                 * window */
-                j=wstart;
-                wvalue=1;
-                wend=0;
-                for (i=1; i<window; i++)
-                        {
-                        if (wstart-i < 0) break;
-                        if (BN_is_bit_set(p,wstart-i))
-                                {
-                                wvalue<<=(i-wend);
-                                wvalue|=1;
-                                wend=i;
-                                }
-                        }
-
-                /* wend is the size of the current window */
-                j=wend+1;
-                /* add the 'bytes above' */
-                if (!start)
-                        for (i=0; i<j; i++)
-                                {
-                                if (!BN_mod_mul(r,r,r,m,ctx))
-                                        goto err;
-                                }
-                
-                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
-                        goto err;
-
-                /* move the 'window' down further */
-                wstart-=wend+1;
-                wvalue=0;
-                start=0;
-                if (wstart < 0) break;
-                }
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        for (i=0; i<ts; i++)
-                BN_clear_free(&(val[i]));
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
deleted file mode 100644
index 73ccd58a83..0000000000
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* crypto/bn/bn_exp2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define TABLE_SIZE      32
-
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-        const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-        BN_CTX *ctx, BN_MONT_CTX *in_mont)
-        {
-        int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
-        int r_is_one=1,ts1=0,ts2=0;
-        BIGNUM *d,*r;
-        const BIGNUM *a_mod_m;
-        BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
-        BN_MONT_CTX *mont=NULL;
-
-        bn_check_top(a1);
-        bn_check_top(p1);
-        bn_check_top(a2);
-        bn_check_top(p2);
-        bn_check_top(m);
-
-        if (!(m->d[0] & 1))
-                {
-                BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-                return(0);
-                }
-        bits1=BN_num_bits(p1);
-        bits2=BN_num_bits(p2);
-        if ((bits1 == 0) && (bits2 == 0))
-                {
-                ret = BN_one(rr);
-                return ret;
-                }
-        
-        bits=(bits1 > bits2)?bits1:bits2;
-
-        BN_CTX_start(ctx);
-        d = BN_CTX_get(ctx);
-        r = BN_CTX_get(ctx);
-        if (d == NULL || r == NULL) goto err;
-
-        if (in_mont != NULL)
-                mont=in_mont;
-        else
-                {
-                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-                }
-
-        window1 = BN_window_bits_for_exponent_size(bits1);
-        window2 = BN_window_bits_for_exponent_size(bits2);
-
-        /*
-         * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
-         */
-        BN_init(&val1[0]);
-        ts1=1;
-        if (a1->neg || BN_ucmp(a1,m) >= 0)
-                {
-                if (!BN_mod(&(val1[0]),a1,m,ctx))
-                        goto err;
-                a_mod_m = &(val1[0]);
-                }
-        else
-                a_mod_m = a1;
-        if (BN_is_zero(a_mod_m))
-                {
-                ret = BN_zero(rr);
-                goto err;
-                }
-
-        if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
-        if (window1 > 1)
-                {
-                if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
-
-                j=1<<(window1-1);
-                for (i=1; i<j; i++)
-                        {
-                        BN_init(&(val1[i]));
-                        if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
-                                goto err;
-                        }
-                ts1=i;
-                }
-
-
-        /*
-         * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
-         */
-        BN_init(&val2[0]);
-        ts2=1;
-        if (a2->neg || BN_ucmp(a2,m) >= 0)
-                {
-                if (!BN_mod(&(val2[0]),a2,m,ctx))
-                        goto err;
-                a_mod_m = &(val2[0]);
-                }
-        else
-                a_mod_m = a2;
-        if (BN_is_zero(a_mod_m))
-                {
-                ret = BN_zero(rr);
-                goto err;
-                }
-        if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
-        if (window2 > 1)
-                {
-                if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
-
-                j=1<<(window2-1);
-                for (i=1; i<j; i++)
-                        {
-                        BN_init(&(val2[i]));
-                        if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
-                                goto err;
-                        }
-                ts2=i;
-                }
-
-
-        /* Now compute the power product, using independent windows. */
-        r_is_one=1;
-        wvalue1=0;  /* The 'value' of the first window */
-        wvalue2=0;  /* The 'value' of the second window */
-        wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
-        wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
-
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-        for (b=bits-1; b>=0; b--)
-                {
-                if (!r_is_one)
-                        {
-                        if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-                                goto err;
-                        }
-                
-                if (!wvalue1)
-                        if (BN_is_bit_set(p1, b))
-                                {
-                                /* consider bits b-window1+1 .. b for this window */
-                                i = b-window1+1;
-                                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
-                                        i++;
-                                wpos1 = i;
-                                wvalue1 = 1;
-                                for (i = b-1; i >= wpos1; i--)
-                                        {
-                                        wvalue1 <<= 1;
-                                        if (BN_is_bit_set(p1, i))
-                                                wvalue1++;
-                                        }
-                                }
-                
-                if (!wvalue2)
-                        if (BN_is_bit_set(p2, b))
-                                {
-                                /* consider bits b-window2+1 .. b for this window */
-                                i = b-window2+1;
-                                while (!BN_is_bit_set(p2, i))
-                                        i++;
-                                wpos2 = i;
-                                wvalue2 = 1;
-                                for (i = b-1; i >= wpos2; i--)
-                                        {
-                                        wvalue2 <<= 1;
-                                        if (BN_is_bit_set(p2, i))
-                                                wvalue2++;
-                                        }
-                                }
-
-                if (wvalue1 && b == wpos1)
-                        {
-                        /* wvalue1 is odd and < 2^window1 */
-                        if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
-                                goto err;
-                        wvalue1 = 0;
-                        r_is_one = 0;
-                        }
-                
-                if (wvalue2 && b == wpos2)
-                        {
-                        /* wvalue2 is odd and < 2^window2 */
-                        if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
-                                goto err;
-                        wvalue2 = 0;
-                        r_is_one = 0;
-                        }
-                }
-        BN_from_montgomery(rr,r,mont,ctx);
-        ret=1;
-err:
-        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-        BN_CTX_end(ctx);
-        for (i=0; i<ts1; i++)
-                BN_clear_free(&(val1[i]));
-        for (i=0; i<ts2; i++)
-                BN_clear_free(&(val2[i]));
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
deleted file mode 100644
index 7649f63fd2..0000000000
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
-        {
-        BIGNUM *a,*b,*t;
-        int ret=0;
-
-        bn_check_top(in_a);
-        bn_check_top(in_b);
-
-        BN_CTX_start(ctx);
-        a = BN_CTX_get(ctx);
-        b = BN_CTX_get(ctx);
-        if (a == NULL || b == NULL) goto err;
-
-        if (BN_copy(a,in_a) == NULL) goto err;
-        if (BN_copy(b,in_b) == NULL) goto err;
-        a->neg = 0;
-        b->neg = 0;
-
-        if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
-        t=euclid(a,b);
-        if (t == NULL) goto err;
-
-        if (BN_copy(r,t) == NULL) goto err;
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
-        {
-        BIGNUM *t;
-        int shifts=0;
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        /* 0 <= b <= a */
-        while (!BN_is_zero(b))
-                {
-                /* 0 < b <= a */
-
-                if (BN_is_odd(a))
-                        {
-                        if (BN_is_odd(b))
-                                {
-                                if (!BN_sub(a,a,b)) goto err;
-                                if (!BN_rshift1(a,a)) goto err;
-                                if (BN_cmp(a,b) < 0)
-                                        { t=a; a=b; b=t; }
-                                }
-                        else            /* a odd - b even */
-                                {
-                                if (!BN_rshift1(b,b)) goto err;
-                                if (BN_cmp(a,b) < 0)
-                                        { t=a; a=b; b=t; }
-                                }
-                        }
-                else                    /* a is even */
-                        {
-                        if (BN_is_odd(b))
-                                {
-                                if (!BN_rshift1(a,a)) goto err;
-                                if (BN_cmp(a,b) < 0)
-                                        { t=a; a=b; b=t; }
-                                }
-                        else            /* a even - b even */
-                                {
-                                if (!BN_rshift1(a,a)) goto err;
-                                if (!BN_rshift1(b,b)) goto err;
-                                shifts++;
-                                }
-                        }
-                /* 0 <= b <= a */
-                }
-
-        if (shifts)
-                {
-                if (!BN_lshift(a,a,shifts)) goto err;
-                }
-        return(a);
-err:
-        return(NULL);
-        }
-
-
-/* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(BIGNUM *in,
-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-        {
-        BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-        BIGNUM *ret=NULL;
-        int sign;
-
-        bn_check_top(a);
-        bn_check_top(n);
-
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        B = BN_CTX_get(ctx);
-        X = BN_CTX_get(ctx);
-        D = BN_CTX_get(ctx);
-        M = BN_CTX_get(ctx);
-        Y = BN_CTX_get(ctx);
-        T = BN_CTX_get(ctx);
-        if (T == NULL) goto err;
-
-        if (in == NULL)
-                R=BN_new();
-        else
-                R=in;
-        if (R == NULL) goto err;
-
-        BN_one(X);
-        BN_zero(Y);
-        if (BN_copy(B,a) == NULL) goto err;
-        if (BN_copy(A,n) == NULL) goto err;
-        A->neg = 0;
-        if (B->neg || (BN_ucmp(B, A) >= 0))
-                {
-                if (!BN_nnmod(B, B, A, ctx)) goto err;
-                }
-        sign = -1;
-        /* From  B = a mod |n|,  A = |n|  it follows that
-         *
-         *      0 <= B < A,
-         *     -sign*X*a  ==  B   (mod |n|),
-         *      sign*Y*a  ==  A   (mod |n|).
-         */
-
-        if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
-                {
-                /* Binary inversion algorithm; requires odd modulus.
-                 * This is faster than the general algorithm if the modulus
-                 * is sufficiently small (about 400 .. 500 bits on 32-bit
-                 * sytems, but much more on 64-bit systems) */
-                int shift;
-                
-                while (!BN_is_zero(B))
-                        {
-                        /*
-                         *      0 < B < |n|,
-                         *      0 < A <= |n|,
-                         * (1) -sign*X*a  ==  B   (mod |n|),
-                         * (2)  sign*Y*a  ==  A   (mod |n|)
-                         */
-
-                        /* Now divide  B  by the maximum possible power of two in the integers,
-                         * and divide  X  by the same value mod |n|.
-                         * When we're done, (1) still holds. */
-                        shift = 0;
-                        while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
-                                {
-                                shift++;
-                                
-                                if (BN_is_odd(X))
-                                        {
-                                        if (!BN_uadd(X, X, n)) goto err;
-                                        }
-                                /* now X is even, so we can easily divide it by two */
-                                if (!BN_rshift1(X, X)) goto err;
-                                }
-                        if (shift > 0)
-                                {
-                                if (!BN_rshift(B, B, shift)) goto err;
-                                }
-
-
-                        /* Same for  A  and  Y.  Afterwards, (2) still holds. */
-                        shift = 0;
-                        while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
-                                {
-                                shift++;
-                                
-                                if (BN_is_odd(Y))
-                                        {
-                                        if (!BN_uadd(Y, Y, n)) goto err;
-                                        }
-                                /* now Y is even */
-                                if (!BN_rshift1(Y, Y)) goto err;
-                                }
-                        if (shift > 0)
-                                {
-                                if (!BN_rshift(A, A, shift)) goto err;
-                                }
-
-                        
-                        /* We still have (1) and (2).
-                         * Both  A  and  B  are odd.
-                         * The following computations ensure that
-                         *
-                         *     0 <= B < |n|,
-                         *      0 < A < |n|,
-                         * (1) -sign*X*a  ==  B   (mod |n|),
-                         * (2)  sign*Y*a  ==  A   (mod |n|),
-                         *
-                         * and that either  A  or  B  is even in the next iteration.
-                         */
-                        if (BN_ucmp(B, A) >= 0)
-                                {
-                                /* -sign*(X + Y)*a == B - A  (mod |n|) */
-                                if (!BN_uadd(X, X, Y)) goto err;
-                                /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
-                                 * actually makes the algorithm slower */
-                                if (!BN_usub(B, B, A)) goto err;
-                                }
-                        else
-                                {
-                                /*  sign*(X + Y)*a == A - B  (mod |n|) */
-                                if (!BN_uadd(Y, Y, X)) goto err;
-                                /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
-                                if (!BN_usub(A, A, B)) goto err;
-                                }
-                        }
-                }
-        else
-                {
-                /* general inversion algorithm */
-
-                while (!BN_is_zero(B))
-                        {
-                        BIGNUM *tmp;
-                        
-                        /*
-                         *      0 < B < A,
-                         * (*) -sign*X*a  ==  B   (mod |n|),
-                         *      sign*Y*a  ==  A   (mod |n|)
-                         */
-                        
-                        /* (D, M) := (A/B, A%B) ... */
-                        if (BN_num_bits(A) == BN_num_bits(B))
-                                {
-                                if (!BN_one(D)) goto err;
-                                if (!BN_sub(M,A,B)) goto err;
-                                }
-                        else if (BN_num_bits(A) == BN_num_bits(B) + 1)
-                                {
-                                /* A/B is 1, 2, or 3 */
-                                if (!BN_lshift1(T,B)) goto err;
-                                if (BN_ucmp(A,T) < 0)
-                                        {
-                                        /* A < 2*B, so D=1 */
-                                        if (!BN_one(D)) goto err;
-                                        if (!BN_sub(M,A,B)) goto err;
-                                        }
-                                else
-                                        {
-                                        /* A >= 2*B, so D=2 or D=3 */
-                                        if (!BN_sub(M,A,T)) goto err;
-                                        if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
-                                        if (BN_ucmp(A,D) < 0)
-                                                {
-                                                /* A < 3*B, so D=2 */
-                                                if (!BN_set_word(D,2)) goto err;
-                                                /* M (= A - 2*B) already has the correct value */
-                                                }
-                                        else
-                                                {
-                                                /* only D=3 remains */
-                                                if (!BN_set_word(D,3)) goto err;
-                                                /* currently  M = A - 2*B,  but we need  M = A - 3*B */
-                                                if (!BN_sub(M,M,B)) goto err;
-                                                }
-                                        }
-                                }
-                        else
-                                {
-                                if (!BN_div(D,M,A,B,ctx)) goto err;
-                                }
-                        
-                        /* Now
-                         *      A = D*B + M;
-                         * thus we have
-                         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-                         */
-                        
-                        tmp=A; /* keep the BIGNUM object, the value does not matter */
-                        
-                        /* (A, B) := (B, A mod B) ... */
-                        A=B;
-                        B=M;
-                        /* ... so we have  0 <= B < A  again */
-                        
-                        /* Since the former  M  is now  B  and the former  B  is now  A,
-                         * (**) translates into
-                         *       sign*Y*a  ==  D*A + B    (mod |n|),
-                         * i.e.
-                         *       sign*Y*a - D*A  ==  B    (mod |n|).
-                         * Similarly, (*) translates into
-                         *      -sign*X*a  ==  A          (mod |n|).
-                         *
-                         * Thus,
-                         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-                         * i.e.
-                         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-                         *
-                         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-                         *      -sign*X*a  ==  B   (mod |n|),
-                         *       sign*Y*a  ==  A   (mod |n|).
-                         * Note that  X  and  Y  stay non-negative all the time.
-                         */
-                        
-                        /* most of the time D is very small, so we can optimize tmp := D*X+Y */
-                        if (BN_is_one(D))
-                                {
-                                if (!BN_add(tmp,X,Y)) goto err;
-                                }
-                        else
-                                {
-                                if (BN_is_word(D,2))
-                                        {
-                                        if (!BN_lshift1(tmp,X)) goto err;
-                                        }
-                                else if (BN_is_word(D,4))
-                                        {
-                                        if (!BN_lshift(tmp,X,2)) goto err;
-                                        }
-                                else if (D->top == 1)
-                                        {
-                                        if (!BN_copy(tmp,X)) goto err;
-                                        if (!BN_mul_word(tmp,D->d[0])) goto err;
-                                        }
-                                else
-                                        {
-                                        if (!BN_mul(tmp,D,X,ctx)) goto err;
-                                        }
-                                if (!BN_add(tmp,tmp,Y)) goto err;
-                                }
-                        
-                        M=Y; /* keep the BIGNUM object, the value does not matter */
-                        Y=X;
-                        X=tmp;
-                        sign = -sign;
-                        }
-                }
-                
-        /*
-         * The while loop (Euclid's algorithm) ends when
-         *      A == gcd(a,n);
-         * we have
-         *       sign*Y*a  ==  A  (mod |n|),
-         * where  Y  is non-negative.
-         */
-
-        if (sign < 0)
-                {
-                if (!BN_sub(Y,n,Y)) goto err;
-                }
-        /* Now  Y*a  ==  A  (mod |n|).  */
-        
-
-        if (BN_is_one(A))
-                {
-                /* Y*a == 1  (mod |n|) */
-                if (!Y->neg && BN_ucmp(Y,n) < 0)
-                        {
-                        if (!BN_copy(R,Y)) goto err;
-                        }
-                else
-                        {
-                        if (!BN_nnmod(R,Y,n,ctx)) goto err;
-                        }
-                }
-        else
-                {
-                BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
-                goto err;
-                }
-        ret=R;
-err:
-        if ((ret == NULL) && (in == NULL)) BN_free(R);
-        BN_CTX_end(ctx);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c
deleted file mode 100644
index 49f75594ae..0000000000
--- a/src/lib/libcrypto/bn/bn_kron.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* crypto/bn/bn_kron.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "bn_lcl.h"
-
-
-/* least significant word */
-#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
-
-/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        int i;
-        int ret = -2; /* avoid 'uninitialized' warning */
-        int err = 0;
-        BIGNUM *A, *B, *tmp;
-        /* In 'tab', only odd-indexed entries are relevant:
-         * For any odd BIGNUM n,
-         *     tab[BN_lsw(n) & 7]
-         * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
-         * Note that the sign of n does not matter.
-         */
-        static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
-
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        B = BN_CTX_get(ctx);
-        if (B == NULL) goto end;
-        
-        err = !BN_copy(A, a);
-        if (err) goto end;
-        err = !BN_copy(B, b);
-        if (err) goto end;
-
-        /*
-         * Kronecker symbol, imlemented according to Henri Cohen,
-         * "A Course in Computational Algebraic Number Theory"
-         * (algorithm 1.4.10).
-         */
-
-        /* Cohen's step 1: */
-
-        if (BN_is_zero(B))
-                {
-                ret = BN_abs_is_word(A, 1);
-                goto end;
-                }
-        
-        /* Cohen's step 2: */
-
-        if (!BN_is_odd(A) && !BN_is_odd(B))
-                {
-                ret = 0;
-                goto end;
-                }
-
-        /* now  B  is non-zero */
-        i = 0;
-        while (!BN_is_bit_set(B, i))
-                i++;
-        err = !BN_rshift(B, B, i);
-        if (err) goto end;
-        if (i & 1)
-                {
-                /* i is odd */
-                /* (thus  B  was even, thus  A  must be odd!)  */
-
-                /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
-                ret = tab[BN_lsw(A) & 7];
-                }
-        else
-                {
-                /* i is even */
-                ret = 1;
-                }
-        
-        if (B->neg)
-                {
-                B->neg = 0;
-                if (A->neg)
-                        ret = -ret;
-                }
-
-        /* now  B  is positive and odd, so what remains to be done is
-         * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
-
-        while (1)
-                {
-                /* Cohen's step 3: */
-
-                /*  B  is positive and odd */
-
-                if (BN_is_zero(A))
-                        {
-                        ret = BN_is_one(B) ? ret : 0;
-                        goto end;
-                        }
-
-                /* now  A  is non-zero */
-                i = 0;
-                while (!BN_is_bit_set(A, i))
-                        i++;
-                err = !BN_rshift(A, A, i);
-                if (err) goto end;
-                if (i & 1)
-                        {
-                        /* i is odd */
-                        /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
-                        ret = ret * tab[BN_lsw(B) & 7];
-                        }
-        
-                /* Cohen's step 4: */
-                /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
-                if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
-                        ret = -ret;
-                
-                /* (A, B) := (B mod |A|, |A|) */
-                err = !BN_nnmod(B, B, A, ctx);
-                if (err) goto end;
-                tmp = A; A = B; B = tmp;
-                tmp->neg = 0;
-                }
-        
- end:
-        BN_CTX_end(ctx);
-        if (err)
-                return -2;
-        else
-                return ret;
-        }
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
deleted file mode 100644
index a84998f2bd..0000000000
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ /dev/null
@@ -1,492 +0,0 @@
-/* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_BN_LCL_H
-#define HEADER_BN_LCL_H
-
-#include <openssl/bn.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-/* Used for temp variables */
-#define BN_CTX_NUM      32
-#define BN_CTX_NUM_POS  12
-struct bignum_ctx
-        {
-        int tos;
-        BIGNUM bn[BN_CTX_NUM];
-        int flags;
-        int depth;
-        int pos[BN_CTX_NUM_POS];
-        int too_many;
-        } /* BN_CTX */;
-
-
-/*
- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
- *
- *
- * For window size 'w' (w >= 2) and a random 'b' bits exponent,
- * the number of multiplications is a constant plus on average
- *
- *    2^(w-1) + (b-w)/(w+1);
- *
- * here  2^(w-1)  is for precomputing the table (we actually need
- * entries only for windows that have the lowest bit set), and
- * (b-w)/(w+1)  is an approximation for the expected number of
- * w-bit windows, not counting the first one.
- *
- * Thus we should use
- *
- *    w >= 6  if        b > 671
- *     w = 5  if  671 > b > 239
- *     w = 4  if  239 > b >  79
- *     w = 3  if   79 > b >  23
- *    w <= 2  if   23 > b
- *
- * (with draws in between).  Very small exponents are often selected
- * with low Hamming weight, so we use  w = 1  for b <= 23.
- */
-#if 1
-#define BN_window_bits_for_exponent_size(b) \
-                ((b) > 671 ? 6 : \
-                 (b) > 239 ? 5 : \
-                 (b) >  79 ? 4 : \
-                 (b) >  23 ? 3 : 1)
-#else
-/* Old SSLeay/OpenSSL table.
- * Maximum window size was 5, so this table differs for b==1024;
- * but it coincides for other interesting values (b==160, b==512).
- */
-#define BN_window_bits_for_exponent_size(b) \
-                ((b) > 255 ? 5 : \
-                 (b) > 127 ? 4 : \
-                 (b) >  17 ? 3 : 1)
-#endif   
-
-
-
-/* BN_mod_exp_mont_conttime is based on the assumption that the
- * L1 data cache line width of the target processor is at least
- * the following value.
- */
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH      ( 64 )
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK       (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
-
-/* Window sizes optimized for fixed window size modular exponentiation
- * algorithm (BN_mod_exp_mont_consttime).
- *
- * To achieve the security goals of BN_mode_exp_mont_consttime, the
- * maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). 
- *
- * Window size thresholds are defined for cache line sizes of 32 and 64,
- * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
- * window size of 7 should only be used on processors that have a 128
- * byte or greater cache line size.
- */
-#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
-
-#  define BN_window_bits_for_ctime_exponent_size(b) \
-                ((b) > 937 ? 6 : \
-                 (b) > 306 ? 5 : \
-                 (b) >  89 ? 4 : \
-                 (b) >  22 ? 3 : 1)
-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (6)
-
-#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
-
-#  define BN_window_bits_for_ctime_exponent_size(b) \
-                ((b) > 306 ? 5 : \
-                 (b) >  89 ? 4 : \
-                 (b) >  22 ? 3 : 1)
-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (5)
-
-#endif
-
-
-/* Pentium pro 16,16,16,32,64 */
-/* Alpha       16,16,16,16.64 */
-#define BN_MULL_SIZE_NORMAL                     (16) /* 32 */
-#define BN_MUL_RECURSIVE_SIZE_NORMAL            (16) /* 32 less than */
-#define BN_SQR_RECURSIVE_SIZE_NORMAL            (16) /* 32 */
-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL        (32) /* 32 */
-#define BN_MONT_CTX_SET_SIZE_WORD               (64) /* 32 */
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-/*
- * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- *                                      <appro@fy.chalmers.se>
- */
-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-#  if defined(__DECC)
-#   include <c_asm.h>
-#   define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
-#  elif defined(__GNUC__)
-#   define BN_UMULT_HIGH(a,b)   ({      \
-        register BN_ULONG ret;          \
-        asm ("umulh     %1,%2,%0"       \
-             : "=r"(ret)                \
-             : "r"(a), "r"(b));         \
-        ret;                    })
-#  endif        /* compiler */
-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
-#  if defined(__GNUC__)
-#   define BN_UMULT_HIGH(a,b)   ({      \
-        register BN_ULONG ret;          \
-        asm ("mulhdu    %0,%1,%2"       \
-             : "=r"(ret)                \
-             : "r"(a), "r"(b));         \
-        ret;                    })
-#  endif        /* compiler */
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
-#  if defined(__GNUC__)
-#   define BN_UMULT_HIGH(a,b)   ({      \
-        register BN_ULONG ret,discard;  \
-        asm ("mulq      %3"             \
-             : "=a"(discard),"=d"(ret)  \
-             : "a"(a), "g"(b)           \
-             : "cc");                   \
-        ret;                    })
-#   define BN_UMULT_LOHI(low,high,a,b)  \
-        asm ("mulq      %3"             \
-                : "=a"(low),"=d"(high)  \
-                : "a"(a),"g"(b)         \
-                : "cc");
-#  endif
-# endif         /* cpu */
-#endif          /* OPENSSL_NO_ASM */
-
-/*************************************************************
- * Using the long long type
- */
-#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
-#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
-/* This is used for internal error checking and is not normally used */
-#ifdef BN_DEBUG
-# include <assert.h>
-# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
-#else
-# define bn_check_top(a)
-#endif
-
-/* This macro is to add extra stuff for development checking */
-#ifdef BN_DEBUG
-#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
-#else
-#define bn_set_max(r)
-#endif
-
-/* These macros are used to 'take' a section of a bignum for read only use */
-#define bn_set_low(r,a,n) \
-        { \
-        (r)->top=((a)->top > (n))?(n):(a)->top; \
-        (r)->d=(a)->d; \
-        (r)->neg=(a)->neg; \
-        (r)->flags|=BN_FLG_STATIC_DATA; \
-        bn_set_max(r); \
-        }
-
-#define bn_set_high(r,a,n) \
-        { \
-        if ((a)->top > (n)) \
-                { \
-                (r)->top=(a)->top-n; \
-                (r)->d= &((a)->d[n]); \
-                } \
-        else \
-                (r)->top=0; \
-        (r)->neg=(a)->neg; \
-        (r)->flags|=BN_FLG_STATIC_DATA; \
-        bn_set_max(r); \
-        }
-
-#ifdef BN_LLONG
-#define mul_add(r,a,w,c) { \
-        BN_ULLONG t; \
-        t=(BN_ULLONG)w * (a) + (r) + (c); \
-        (r)= Lw(t); \
-        (c)= Hw(t); \
-        }
-
-#define mul(r,a,w,c) { \
-        BN_ULLONG t; \
-        t=(BN_ULLONG)w * (a) + (c); \
-        (r)= Lw(t); \
-        (c)= Hw(t); \
-        }
-
-#define sqr(r0,r1,a) { \
-        BN_ULLONG t; \
-        t=(BN_ULLONG)(a)*(a); \
-        (r0)=Lw(t); \
-        (r1)=Hw(t); \
-        }
-
-#elif defined(BN_UMULT_HIGH)
-#define mul_add(r,a,w,c) {              \
-        BN_ULONG high,low,ret,tmp=(a);  \
-        ret =  (r);                     \
-        high=  BN_UMULT_HIGH(w,tmp);    \
-        ret += (c);                     \
-        low =  (w) * tmp;               \
-        (c) =  (ret<(c))?1:0;           \
-        (c) += high;                    \
-        ret += low;                     \
-        (c) += (ret<low)?1:0;           \
-        (r) =  ret;                     \
-        }
-
-#define mul(r,a,w,c)    {               \
-        BN_ULONG high,low,ret,ta=(a);   \
-        low =  (w) * ta;                \
-        high=  BN_UMULT_HIGH(w,ta);     \
-        ret =  low + (c);               \
-        (c) =  high;                    \
-        (c) += (ret<low)?1:0;           \
-        (r) =  ret;                     \
-        }
-
-#define sqr(r0,r1,a)    {               \
-        BN_ULONG tmp=(a);               \
-        (r0) = tmp * tmp;               \
-        (r1) = BN_UMULT_HIGH(tmp,tmp);  \
-        }
-
-#else
-/*************************************************************
- * No long long type
- */
-
-#define LBITS(a)        ((a)&BN_MASK2l)
-#define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
-#define L2HBITS(a)      (((a)<<BN_BITS4)&BN_MASK2)
-
-#define LLBITS(a)       ((a)&BN_MASKl)
-#define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
-#define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
-
-#define mul64(l,h,bl,bh) \
-        { \
-        BN_ULONG m,m1,lt,ht; \
- \
-        lt=l; \
-        ht=h; \
-        m =(bh)*(lt); \
-        lt=(bl)*(lt); \
-        m1=(bl)*(ht); \
-        ht =(bh)*(ht); \
-        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
-        ht+=HBITS(m); \
-        m1=L2HBITS(m); \
-        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
-        (l)=lt; \
-        (h)=ht; \
-        }
-
-#define sqr64(lo,ho,in) \
-        { \
-        BN_ULONG l,h,m; \
- \
-        h=(in); \
-        l=LBITS(h); \
-        h=HBITS(h); \
-        m =(l)*(h); \
-        l*=l; \
-        h*=h; \
-        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
-        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
-        l=(l+m)&BN_MASK2; if (l < m) h++; \
-        (lo)=l; \
-        (ho)=h; \
-        }
-
-#define mul_add(r,a,bl,bh,c) { \
-        BN_ULONG l,h; \
- \
-        h= (a); \
-        l=LBITS(h); \
-        h=HBITS(h); \
-        mul64(l,h,(bl),(bh)); \
- \
-        /* non-multiply part */ \
-        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
-        (c)=(r); \
-        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
-        (c)=h&BN_MASK2; \
-        (r)=l; \
-        }
-
-#define mul(r,a,bl,bh,c) { \
-        BN_ULONG l,h; \
- \
-        h= (a); \
-        l=LBITS(h); \
-        h=HBITS(h); \
-        mul64(l,h,(bl),(bh)); \
- \
-        /* non-multiply part */ \
-        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
-        (c)=h&BN_MASK2; \
-        (r)=l&BN_MASK2; \
-        }
-#endif /* !BN_LLONG */
-
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
-        int cl, int dl);
-#ifdef BN_RECURSION
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-        BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-        int n, BN_ULONG *t);
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
-        BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
-        BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-#endif
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
deleted file mode 100644
index e1660450bc..0000000000
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ /dev/null
@@ -1,824 +0,0 @@
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
-
-/* For a 32 bit machine
- * 2 -   4 ==  128
- * 3 -   8 ==  256
- * 4 -  16 ==  512
- * 5 -  32 == 1024
- * 6 -  64 == 2048
- * 7 - 128 == 4096
- * 8 - 256 == 8192
- */
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
-        {
-        if (mult >= 0)
-                {
-                if (mult > (sizeof(int)*8)-1)
-                        mult=sizeof(int)*8-1;
-                bn_limit_bits=mult;
-                bn_limit_num=1<<mult;
-                }
-        if (high >= 0)
-                {
-                if (high > (sizeof(int)*8)-1)
-                        high=sizeof(int)*8-1;
-                bn_limit_bits_high=high;
-                bn_limit_num_high=1<<high;
-                }
-        if (low >= 0)
-                {
-                if (low > (sizeof(int)*8)-1)
-                        low=sizeof(int)*8-1;
-                bn_limit_bits_low=low;
-                bn_limit_num_low=1<<low;
-                }
-        if (mont >= 0)
-                {
-                if (mont > (sizeof(int)*8)-1)
-                        mont=sizeof(int)*8-1;
-                bn_limit_bits_mont=mont;
-                bn_limit_num_mont=1<<mont;
-                }
-        }
-
-int BN_get_params(int which)
-        {
-        if      (which == 0) return(bn_limit_bits);
-        else if (which == 1) return(bn_limit_bits_high);
-        else if (which == 2) return(bn_limit_bits_low);
-        else if (which == 3) return(bn_limit_bits_mont);
-        else return(0);
-        }
-
-const BIGNUM *BN_value_one(void)
-        {
-        static BN_ULONG data_one=1L;
-        static BIGNUM const_one={&data_one,1,1,0};
-
-        return(&const_one);
-        }
-
-char *BN_options(void)
-        {
-        static int init=0;
-        static char data[16];
-
-        if (!init)
-                {
-                init++;
-#ifdef BN_LLONG
-                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
-#else
-                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
-#endif
-                }
-        return(data);
-        }
-
-int BN_num_bits_word(BN_ULONG l)
-        {
-        static const char bits[256]={
-                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
-                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
-                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-                };
-
-#if defined(SIXTY_FOUR_BIT_LONG)
-        if (l & 0xffffffff00000000L)
-                {
-                if (l & 0xffff000000000000L)
-                        {
-                        if (l & 0xff00000000000000L)
-                                {
-                                return(bits[(int)(l>>56)]+56);
-                                }
-                        else    return(bits[(int)(l>>48)]+48);
-                        }
-                else
-                        {
-                        if (l & 0x0000ff0000000000L)
-                                {
-                                return(bits[(int)(l>>40)]+40);
-                                }
-                        else    return(bits[(int)(l>>32)]+32);
-                        }
-                }
-        else
-#else
-#ifdef SIXTY_FOUR_BIT
-        if (l & 0xffffffff00000000LL)
-                {
-                if (l & 0xffff000000000000LL)
-                        {
-                        if (l & 0xff00000000000000LL)
-                                {
-                                return(bits[(int)(l>>56)]+56);
-                                }
-                        else    return(bits[(int)(l>>48)]+48);
-                        }
-                else
-                        {
-                        if (l & 0x0000ff0000000000LL)
-                                {
-                                return(bits[(int)(l>>40)]+40);
-                                }
-                        else    return(bits[(int)(l>>32)]+32);
-                        }
-                }
-        else
-#endif
-#endif
-                {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-                if (l & 0xffff0000L)
-                        {
-                        if (l & 0xff000000L)
-                                return(bits[(int)(l>>24L)]+24);
-                        else    return(bits[(int)(l>>16L)]+16);
-                        }
-                else
-#endif
-                        {
-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-                        if (l & 0xff00L)
-                                return(bits[(int)(l>>8)]+8);
-                        else    
-#endif
-                                return(bits[(int)(l   )]  );
-                        }
-                }
-        }
-
-int BN_num_bits(const BIGNUM *a)
-        {
-        BN_ULONG l;
-        int i;
-
-        bn_check_top(a);
-
-        if (a->top == 0) return(0);
-        l=a->d[a->top-1];
-        assert(l != 0);
-        i=(a->top-1)*BN_BITS2;
-        return(i+BN_num_bits_word(l));
-        }
-
-void BN_clear_free(BIGNUM *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-        if (a->d != NULL)
-                {
-                OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
-                if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-                        OPENSSL_free(a->d);
-                }
-        i=BN_get_flags(a,BN_FLG_MALLOCED);
-        OPENSSL_cleanse(a,sizeof(BIGNUM));
-        if (i)
-                OPENSSL_free(a);
-        }
-
-void BN_free(BIGNUM *a)
-        {
-        if (a == NULL) return;
-        if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-                OPENSSL_free(a->d);
-        a->flags|=BN_FLG_FREE; /* REMOVE? */
-        if (a->flags & BN_FLG_MALLOCED)
-                OPENSSL_free(a);
-        }
-
-void BN_init(BIGNUM *a)
-        {
-        memset(a,0,sizeof(BIGNUM));
-        }
-
-BIGNUM *BN_new(void)
-        {
-        BIGNUM *ret;
-
-        if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
-                {
-                BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->flags=BN_FLG_MALLOCED;
-        ret->top=0;
-        ret->neg=0;
-        ret->dmax=0;
-        ret->d=NULL;
-        return(ret);
-        }
-
-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
-        {
-        BN_ULONG *A,*a = NULL;
-        const BN_ULONG *B;
-        int i;
-
-        if (words > (INT_MAX/(4*BN_BITS2)))
-                {
-                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
-                return NULL;
-                }
-
-        bn_check_top(b);        
-        if (BN_get_flags(b,BN_FLG_STATIC_DATA))
-                {
-                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-                return(NULL);
-                }
-        a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
-        if (A == NULL)
-                {
-                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-#if 1
-        B=b->d;
-        /* Check if the previous number needs to be copied */
-        if (B != NULL)
-                {
-                for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-                        {
-                        /*
-                         * The fact that the loop is unrolled
-                         * 4-wise is a tribute to Intel. It's
-                         * the one that doesn't have enough
-                         * registers to accomodate more data.
-                         * I'd unroll it 8-wise otherwise:-)
-                         *
-                         *              <appro@fy.chalmers.se>
-                         */
-                        BN_ULONG a0,a1,a2,a3;
-                        a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-                        A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-                        }
-                switch (b->top&3)
-                        {
-                case 3: A[2]=B[2];
-                case 2: A[1]=B[1];
-                case 1: A[0]=B[0];
-                case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
-                         * the switch table by doing a=top&3; a--; goto jump_table[a];
-                         * which fails for top== 0 */
-                        ;
-                        }
-                }
-
-        /* Now need to zero any data between b->top and b->max */
-        /* XXX Why? */
-
-        A= &(a[b->top]);
-        for (i=(words - b->top)>>3; i>0; i--,A+=8)
-                {
-                A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-                A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-                }
-        for (i=(words - b->top)&7; i>0; i--,A++)
-                A[0]=0;
-#else
-        memset(A,0,sizeof(BN_ULONG)*(words+1));
-        memcpy(A,b->d,sizeof(b->d[0])*b->top);
-#endif
-                
-        return(a);
-        }
-
-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-        {
-        BIGNUM *r = NULL;
-
-        /* This function does not work if
-         *      words <= b->dmax && top < words
-         * because BN_dup() does not preserve 'dmax'!
-         * (But bn_dup_expand() is not used anywhere yet.)
-         */
-        
-        if (words > b->dmax)
-                {
-                BN_ULONG *a = bn_expand_internal(b, words);
-
-                if (a)
-                        {
-                        r = BN_new();
-                        if (r)
-                                {
-                                r->top = b->top;
-                                r->dmax = words;
-                                r->neg = b->neg;
-                                r->d = a;
-                                }
-                        else
-                                {
-                                /* r == NULL, BN_new failure */
-                                OPENSSL_free(a);
-                                }
-                        }
-                /* If a == NULL, there was an error in allocation in
-                   bn_expand_internal(), and NULL should be returned */
-                }
-        else
-                {
-                r = BN_dup(b);
-                }
-
-        return r;
-        }
-
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number number.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-        {
-        if (words > b->dmax)
-                {
-                BN_ULONG *a = bn_expand_internal(b, words);
-
-                if (a)
-                        {
-                        if (b->d)
-                                OPENSSL_free(b->d);
-                        b->d=a;
-                        b->dmax=words;
-                        }
-                else
-                        b = NULL;
-                }
-        return b;
-        }
-
-BIGNUM *BN_dup(const BIGNUM *a)
-        {
-        BIGNUM *r, *t;
-
-        if (a == NULL) return NULL;
-
-        bn_check_top(a);
-
-        t = BN_new();
-        if (t == NULL) return(NULL);
-        r = BN_copy(t, a);
-        /* now  r == t || r == NULL */
-        if (r == NULL)
-                BN_free(t);
-        return r;
-        }
-
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
-        {
-        int i;
-        BN_ULONG *A;
-        const BN_ULONG *B;
-
-        bn_check_top(b);
-
-        if (a == b) return(a);
-        if (bn_wexpand(a,b->top) == NULL) return(NULL);
-
-#if 1
-        A=a->d;
-        B=b->d;
-        for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-                {
-                BN_ULONG a0,a1,a2,a3;
-                a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-                A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-                }
-        switch (b->top&3)
-                {
-                case 3: A[2]=B[2];
-                case 2: A[1]=B[1];
-                case 1: A[0]=B[0];
-                case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
-                }
-#else
-        memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
-#endif
-
-/*      memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
-        a->top=b->top;
-        if ((a->top == 0) && (a->d != NULL))
-                a->d[0]=0;
-        a->neg=b->neg;
-        return(a);
-        }
-
-void BN_swap(BIGNUM *a, BIGNUM *b)
-        {
-        int flags_old_a, flags_old_b;
-        BN_ULONG *tmp_d;
-        int tmp_top, tmp_dmax, tmp_neg;
-        
-        flags_old_a = a->flags;
-        flags_old_b = b->flags;
-
-        tmp_d = a->d;
-        tmp_top = a->top;
-        tmp_dmax = a->dmax;
-        tmp_neg = a->neg;
-        
-        a->d = b->d;
-        a->top = b->top;
-        a->dmax = b->dmax;
-        a->neg = b->neg;
-        
-        b->d = tmp_d;
-        b->top = tmp_top;
-        b->dmax = tmp_dmax;
-        b->neg = tmp_neg;
-        
-        a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
-        b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
-        }
-
-
-void BN_clear(BIGNUM *a)
-        {
-        if (a->d != NULL)
-                memset(a->d,0,a->dmax*sizeof(a->d[0]));
-        a->top=0;
-        a->neg=0;
-        }
-
-BN_ULONG BN_get_word(const BIGNUM *a)
-        {
-        int i,n;
-        BN_ULONG ret=0;
-
-        n=BN_num_bytes(a);
-        if (n > sizeof(BN_ULONG))
-                return(BN_MASK2);
-        for (i=a->top-1; i>=0; i--)
-                {
-#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
-                ret<<=BN_BITS4; /* stops the compiler complaining */
-                ret<<=BN_BITS4;
-#else
-                ret=0;
-#endif
-                ret|=a->d[i];
-                }
-        return(ret);
-        }
-
-int BN_set_word(BIGNUM *a, BN_ULONG w)
-        {
-        int i,n;
-        if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
-
-        n=sizeof(BN_ULONG)/BN_BYTES;
-        a->neg=0;
-        a->top=0;
-        a->d[0]=(BN_ULONG)w&BN_MASK2;
-        if (a->d[0] != 0) a->top=1;
-        for (i=1; i<n; i++)
-                {
-                /* the following is done instead of
-                 * w>>=BN_BITS2 so compilers don't complain
-                 * on builds where sizeof(long) == BN_TYPES */
-#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
-                w>>=BN_BITS4;
-                w>>=BN_BITS4;
-#else
-                w=0;
-#endif
-                a->d[i]=(BN_ULONG)w&BN_MASK2;
-                if (a->d[i] != 0) a->top=i+1;
-                }
-        return(1);
-        }
-
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
-        {
-        unsigned int i,m;
-        unsigned int n;
-        BN_ULONG l;
-
-        if (ret == NULL) ret=BN_new();
-        if (ret == NULL) return(NULL);
-        l=0;
-        n=len;
-        if (n == 0)
-                {
-                ret->top=0;
-                return(ret);
-                }
-        if (bn_expand(ret,(int)(n+2)*8) == NULL)
-                return(NULL);
-        i=((n-1)/BN_BYTES)+1;
-        m=((n-1)%(BN_BYTES));
-        ret->top=i;
-        ret->neg=0;
-        while (n-- > 0)
-                {
-                l=(l<<8L)| *(s++);
-                if (m-- == 0)
-                        {
-                        ret->d[--i]=l;
-                        l=0;
-                        m=BN_BYTES-1;
-                        }
-                }
-        /* need to call this due to clear byte at top if avoiding
-         * having the top bit set (-ve number) */
-        bn_fix_top(ret);
-        return(ret);
-        }
-
-/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
-        {
-        int n,i;
-        BN_ULONG l;
-
-        n=i=BN_num_bytes(a);
-        while (i-- > 0)
-                {
-                l=a->d[i/BN_BYTES];
-                *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
-                }
-        return(n);
-        }
-
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
-        {
-        int i;
-        BN_ULONG t1,t2,*ap,*bp;
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        i=a->top-b->top;
-        if (i != 0) return(i);
-        ap=a->d;
-        bp=b->d;
-        for (i=a->top-1; i>=0; i--)
-                {
-                t1= ap[i];
-                t2= bp[i];
-                if (t1 != t2)
-                        return(t1 > t2?1:-1);
-                }
-        return(0);
-        }
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
-        {
-        int i;
-        int gt,lt;
-        BN_ULONG t1,t2;
-
-        if ((a == NULL) || (b == NULL))
-                {
-                if (a != NULL)
-                        return(-1);
-                else if (b != NULL)
-                        return(1);
-                else
-                        return(0);
-                }
-
-        bn_check_top(a);
-        bn_check_top(b);
-
-        if (a->neg != b->neg)
-                {
-                if (a->neg)
-                        return(-1);
-                else    return(1);
-                }
-        if (a->neg == 0)
-                { gt=1; lt= -1; }
-        else    { gt= -1; lt=1; }
-
-        if (a->top > b->top) return(gt);
-        if (a->top < b->top) return(lt);
-        for (i=a->top-1; i>=0; i--)
-                {
-                t1=a->d[i];
-                t2=b->d[i];
-                if (t1 > t2) return(gt);
-                if (t1 < t2) return(lt);
-                }
-        return(0);
-        }
-
-int BN_set_bit(BIGNUM *a, int n)
-        {
-        int i,j,k;
-
-        i=n/BN_BITS2;
-        j=n%BN_BITS2;
-        if (a->top <= i)
-                {
-                if (bn_wexpand(a,i+1) == NULL) return(0);
-                for(k=a->top; k<i+1; k++)
-                        a->d[k]=0;
-                a->top=i+1;
-                }
-
-        a->d[i]|=(((BN_ULONG)1)<<j);
-        return(1);
-        }
-
-int BN_clear_bit(BIGNUM *a, int n)
-        {
-        int i,j;
-
-        i=n/BN_BITS2;
-        j=n%BN_BITS2;
-        if (a->top <= i) return(0);
-
-        a->d[i]&=(~(((BN_ULONG)1)<<j));
-        bn_fix_top(a);
-        return(1);
-        }
-
-int BN_is_bit_set(const BIGNUM *a, int n)
-        {
-        int i,j;
-
-        if (n < 0) return(0);
-        i=n/BN_BITS2;
-        j=n%BN_BITS2;
-        if (a->top <= i) return(0);
-        return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
-        }
-
-int BN_mask_bits(BIGNUM *a, int n)
-        {
-        int b,w;
-
-        w=n/BN_BITS2;
-        b=n%BN_BITS2;
-        if (w >= a->top) return(0);
-        if (b == 0)
-                a->top=w;
-        else
-                {
-                a->top=w+1;
-                a->d[w]&= ~(BN_MASK2<<b);
-                }
-        bn_fix_top(a);
-        return(1);
-        }
-
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-        int i;
-        BN_ULONG aa,bb;
-
-        aa=a[n-1];
-        bb=b[n-1];
-        if (aa != bb) return((aa > bb)?1:-1);
-        for (i=n-2; i>=0; i--)
-                {
-                aa=a[i];
-                bb=b[i];
-                if (aa != bb) return((aa > bb)?1:-1);
-                }
-        return(0);
-        }
-
-/* Here follows a specialised variants of bn_cmp_words().  It has the
-   property of performing the operation on arrays of different sizes.
-   The sizes of those arrays is expressed through cl, which is the
-   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
-   delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
-        int cl, int dl)
-        {
-        int n,i;
-        n = cl-1;
-
-        if (dl < 0)
-                {
-                for (i=dl; i<0; i++)
-                        {
-                        if (b[n-i] != 0)
-                                return -1; /* a < b */
-                        }
-                }
-        if (dl > 0)
-                {
-                for (i=dl; i>0; i--)
-                        {
-                        if (a[n+i] != 0)
-                                return 1; /* a > b */
-                        }
-                }
-        return bn_cmp_words(a,b,cl);
-        }
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
deleted file mode 100644
index 5cf82480d7..0000000000
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/* crypto/bn/bn_mod.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-#if 0 /* now just a #define */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-        {
-        return(BN_div(NULL,rem,m,d,ctx));
-        /* note that  rem->neg == m->neg  (unless the remainder is zero) */
-        }
-#endif
-
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-        {
-        /* like BN_mod, but returns non-negative remainder
-         * (i.e.,  0 <= r < |d|  always holds) */
-
-        if (!(BN_mod(r,m,d,ctx)))
-                return 0;
-        if (!r->neg)
-                return 1;
-        /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
-        return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-        {
-        if (!BN_add(r, a, b)) return 0;
-        return BN_nnmod(r, r, m, ctx);
-        }
-
-
-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-        {
-        if (!BN_add(r, a, b)) return 0;
-        if (BN_ucmp(r, m) >= 0)
-                return BN_usub(r, r, m);
-        return 1;
-        }
-
-
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-        {
-        if (!BN_sub(r, a, b)) return 0;
-        return BN_nnmod(r, r, m, ctx);
-        }
-
-
-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-        {
-        if (!BN_sub(r, a, b)) return 0;
-        if (r->neg)
-                return BN_add(r, r, m);
-        return 1;
-        }
-
-
-/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-        BN_CTX *ctx)
-        {
-        BIGNUM *t;
-        int ret=0;
-
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(m);
-
-        BN_CTX_start(ctx);
-        if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-        if (a == b)
-                { if (!BN_sqr(t,a,ctx)) goto err; }
-        else
-                { if (!BN_mul(t,a,b,ctx)) goto err; }
-        if (!BN_nnmod(r,t,m,ctx)) goto err;
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-        {
-        if (!BN_sqr(r, a, ctx)) return 0;
-        /* r->neg == 0,  thus we don't need BN_nnmod */
-        return BN_mod(r, r, m, ctx);
-        }
-
-
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-        {
-        if (!BN_lshift1(r, a)) return 0;
-        return BN_nnmod(r, r, m, ctx);
-        }
-
-
-/* BN_mod_lshift1 variant that may be used if  a  is non-negative
- * and less than  m */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
-        {
-        if (!BN_lshift1(r, a)) return 0;
-        if (BN_cmp(r, m) >= 0)
-                return BN_sub(r, r, m);
-        return 1;
-        }
-
-
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
-        {
-        BIGNUM *abs_m = NULL;
-        int ret;
-
-        if (!BN_nnmod(r, a, m, ctx)) return 0;
-
-        if (m->neg)
-                {
-                abs_m = BN_dup(m);
-                if (abs_m == NULL) return 0;
-                abs_m->neg = 0;
-                }
-        
-        ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
-
-        if (abs_m)
-                BN_free(abs_m);
-        return ret;
-        }
-
-
-/* BN_mod_lshift variant that may be used if  a  is non-negative
- * and less than  m */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
-        {
-        if (r != a)
-                {
-                if (BN_copy(r, a) == NULL) return 0;
-                }
-
-        while (n > 0)
-                {
-                int max_shift;
-                
-                /* 0 < r < m */
-                max_shift = BN_num_bits(m) - BN_num_bits(r);
-                /* max_shift >= 0 */
-
-                if (max_shift < 0)
-                        {
-                        BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
-                        return 0;
-                        }
-
-                if (max_shift > n)
-                        max_shift = n;
-
-                if (max_shift)
-                        {
-                        if (!BN_lshift(r, r, max_shift)) return 0;
-                        n -= max_shift;
-                        }
-                else
-                        {
-                        if (!BN_lshift1(r, r)) return 0;
-                        --n;
-                        }
-
-                /* BN_num_bits(r) <= BN_num_bits(m) */
-
-                if (BN_cmp(r, m) >= 0) 
-                        {
-                        if (!BN_sub(r, r, m)) return 0;
-                        }
-                }
-        
-        return 1;
-        }
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
deleted file mode 100644
index 726d5f2b1b..0000000000
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define MONT_WORD /* use the faster word-based algorithm */
-
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                          BN_MONT_CTX *mont, BN_CTX *ctx)
-        {
-        BIGNUM *tmp;
-        int ret=0;
-
-        BN_CTX_start(ctx);
-        tmp = BN_CTX_get(ctx);
-        if (tmp == NULL) goto err;
-
-        bn_check_top(tmp);
-        if (a == b)
-                {
-                if (!BN_sqr(tmp,a,ctx)) goto err;
-                }
-        else
-                {
-                if (!BN_mul(tmp,a,b,ctx)) goto err;
-                }
-        /* reduce from aRR to aR */
-        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-
-#ifdef MONT_WORD
-        BIGNUM *n,*r;
-        BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-        int al,nl,max,i,x,ri;
-
-        BN_CTX_start(ctx);
-        if ((r = BN_CTX_get(ctx)) == NULL) goto err;
-
-        if (!BN_copy(r,a)) goto err;
-        n= &(mont->N);
-
-        ap=a->d;
-        /* mont->ri is the size of mont->N in bits (rounded up
-           to the word size) */
-        al=ri=mont->ri/BN_BITS2;
-        
-        nl=n->top;
-        if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
-
-        max=(nl+al+1); /* allow for overflow (no?) XXX */
-        if (bn_wexpand(r,max) == NULL) goto err;
-
-        r->neg=a->neg^n->neg;
-        np=n->d;
-        rp=r->d;
-        nrp= &(r->d[nl]);
-
-        /* clear the top words of T */
-#if 1
-        for (i=r->top; i<max; i++) /* memset? XXX */
-                r->d[i]=0;
-#else
-        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
-#endif
-
-        r->top=max;
-        n0=mont->n0;
-
-#ifdef BN_COUNT
-        fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
-#endif
-        for (i=0; i<nl; i++)
-                {
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-                nrp++;
-                rp++;
-                if (((nrp[-1]+=v)&BN_MASK2) >= v)
-                        continue;
-                else
-                        {
-                        if (((++nrp[0])&BN_MASK2) != 0) continue;
-                        if (((++nrp[1])&BN_MASK2) != 0) continue;
-                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-                        }
-                }
-        bn_fix_top(r);
-        
-        /* mont->ri will be a multiple of the word size and below code
-         * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-        if (r->top <= ri)
-                {
-                ret->top=0;
-                retn=1;
-                goto err;
-                }
-        al=r->top-ri;
-
-# define BRANCH_FREE 1
-# if BRANCH_FREE
-        if (bn_wexpand(ret,ri) == NULL) goto err;
-        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
-        ret->neg=r->neg;
-
-        rp=ret->d;
-        ap=&(r->d[ri]);
-
-        {
-        size_t m1,m2;
-
-        v=bn_sub_words(rp,ap,np,ri);
-        /* this ----------------^^ works even in al<ri case
-         * thanks to zealous zeroing of top of the vector in the
-         * beginning. */
-
-        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-        /* in other words if subtraction result is real, then
-         * trick unconditional memcpy below to perform in-place
-         * "refresh" instead of actual copy. */
-        m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);   /* al<ri */
-        m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);   /* al>ri */
-        m1|=m2;                 /* (al!=ri) */
-        m1|=(0-(size_t)v);      /* (al!=ri || v) */
-        m1&=~m2;                /* (al!=ri || v) && !al>ri */
-        nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-        }
-
-        /* 'i<ri' is chosen to eliminate dependency on input data, even
-         * though it results in redundant copy in al<ri case. */
-        for (i=0,ri-=4; i<ri; i+=4)
-                {
-                BN_ULONG t1,t2,t3,t4;
-                
-                t1=nrp[i+0];
-                t2=nrp[i+1];
-                t3=nrp[i+2];    ap[i+0]=0;
-                t4=nrp[i+3];    ap[i+1]=0;
-                rp[i+0]=t1;     ap[i+2]=0;
-                rp[i+1]=t2;     ap[i+3]=0;
-                rp[i+2]=t3;
-                rp[i+3]=t4;
-                }
-        for (ri+=4; i<ri; i++)
-                rp[i]=nrp[i], ap[i]=0;
-# else
-        if (bn_wexpand(ret,al) == NULL) goto err;
-        ret->top=al;
-        ret->neg=r->neg;
-
-        rp=ret->d;
-        ap=&(r->d[ri]);
-        al-=4;
-        for (i=0; i<al; i+=4)
-                {
-                BN_ULONG t1,t2,t3,t4;
-                
-                t1=ap[i+0];
-                t2=ap[i+1];
-                t3=ap[i+2];
-                t4=ap[i+3];
-                rp[i+0]=t1;
-                rp[i+1]=t2;
-                rp[i+2]=t3;
-                rp[i+3]=t4;
-                }
-        al+=4;
-        for (; i<al; i++)
-                rp[i]=ap[i];
-# endif
-#else /* !MONT_WORD */ 
-        BIGNUM *t1,*t2;
-
-        BN_CTX_start(ctx);
-        t1 = BN_CTX_get(ctx);
-        t2 = BN_CTX_get(ctx);
-        if (t1 == NULL || t2 == NULL) goto err;
-        
-        if (!BN_copy(t1,a)) goto err;
-        BN_mask_bits(t1,mont->ri);
-
-        if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
-        BN_mask_bits(t2,mont->ri);
-
-        if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
-        if (!BN_add(t2,a,t1)) goto err;
-        if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
-
-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
-        if (BN_ucmp(ret, &(mont->N)) >= 0)
-                {
-                if (!BN_usub(ret,ret,&(mont->N))) goto err;
-                }
-#endif
-        retn=1;
- err:
-        BN_CTX_end(ctx);
-        return(retn);
-        }
-
-BN_MONT_CTX *BN_MONT_CTX_new(void)
-        {
-        BN_MONT_CTX *ret;
-
-        if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
-                return(NULL);
-
-        BN_MONT_CTX_init(ret);
-        ret->flags=BN_FLG_MALLOCED;
-        return(ret);
-        }
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
-        {
-        ctx->ri=0;
-        BN_init(&(ctx->RR));
-        BN_init(&(ctx->N));
-        BN_init(&(ctx->Ni));
-        ctx->flags=0;
-        }
-
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
-        {
-        if(mont == NULL)
-            return;
-
-        BN_free(&(mont->RR));
-        BN_free(&(mont->N));
-        BN_free(&(mont->Ni));
-        if (mont->flags & BN_FLG_MALLOCED)
-                OPENSSL_free(mont);
-        }
-
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
-        {
-        BIGNUM Ri,*R;
-
-        BN_init(&Ri);
-        R= &(mont->RR);                                 /* grab RR as a temp */
-        if (!BN_copy(&(mont->N),mod)) goto err;         /* Set N */
-        mont->N.neg = 0;
-
-#ifdef MONT_WORD
-                {
-                BIGNUM tmod;
-                BN_ULONG buf[2];
-
-                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-                if (!(BN_zero(R))) goto err;
-                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
-
-                buf[0]=mod->d[0]; /* tmod = N mod word size */
-                buf[1]=0;
-                tmod.d=buf;
-                tmod.top=1;
-                tmod.dmax=2;
-                tmod.neg=0;
-                                                        /* Ri = R^-1 mod N*/
-                if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
-                        goto err;
-                if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */
-                if (!BN_is_zero(&Ri))
-                        {
-                        if (!BN_sub_word(&Ri,1)) goto err;
-                        }
-                else /* if N mod word size == 1 */
-                        {
-                        if (!BN_set_word(&Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
-                        }
-                if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
-                /* Ni = (R*Ri-1)/N,
-                 * keep only least significant word: */
-                mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
-                BN_free(&Ri);
-                }
-#else /* !MONT_WORD */
-                { /* bignum version */
-                mont->ri=BN_num_bits(&mont->N);
-                if (!BN_zero(R)) goto err;
-                if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
-                                                        /* Ri = R^-1 mod N*/
-                if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
-                        goto err;
-                if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */
-                if (!BN_sub_word(&Ri,1)) goto err;
-                                                        /* Ni = (R*Ri-1) / N */
-                if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
-                BN_free(&Ri);
-                }
-#endif
-
-        /* setup RR for conversions */
-        if (!BN_zero(&(mont->RR))) goto err;
-        if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
-        if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
-
-        return(1);
-err:
-        return(0);
-        }
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
-        {
-        if (to == from) return(to);
-
-        if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
-        if (!BN_copy(&(to->N),&(from->N))) return NULL;
-        if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
-        to->ri=from->ri;
-        to->n0=from->n0;
-        return(to);
-        }
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-                                        const BIGNUM *mod, BN_CTX *ctx)
-        {
-        if (*pmont)
-                return *pmont;
-        CRYPTO_w_lock(lock);
-        if (!*pmont)
-                {
-                *pmont = BN_MONT_CTX_new();
-                if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
-                        {
-                        BN_MONT_CTX_free(*pmont);
-                        *pmont = NULL;
-                        }
-                }
-        CRYPTO_w_unlock(lock);
-        return *pmont;
-        }
-                
-
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
deleted file mode 100644
index 05fa9d1e9a..0000000000
--- a/src/lib/libcrypto/bn/bn_mpi.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/bn/bn_mpi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
-        {
-        int bits;
-        int num=0;
-        int ext=0;
-        long l;
-
-        bits=BN_num_bits(a);
-        num=(bits+7)/8;
-        if (bits > 0)
-                {
-                ext=((bits & 0x07) == 0);
-                }
-        if (d == NULL)
-                return(num+4+ext);
-
-        l=num+ext;
-        d[0]=(unsigned char)(l>>24)&0xff;
-        d[1]=(unsigned char)(l>>16)&0xff;
-        d[2]=(unsigned char)(l>> 8)&0xff;
-        d[3]=(unsigned char)(l    )&0xff;
-        if (ext) d[4]=0;
-        num=BN_bn2bin(a,&(d[4+ext]));
-        if (a->neg)
-                d[4]|=0x80;
-        return(num+4+ext);
-        }
-
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
-        {
-        long len;
-        int neg=0;
-
-        if (n < 4)
-                {
-                BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
-                return(NULL);
-                }
-        len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
-        if ((len+4) != n)
-                {
-                BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
-                return(NULL);
-                }
-
-        if (a == NULL) a=BN_new();
-        if (a == NULL) return(NULL);
-
-        if (len == 0)
-                {
-                a->neg=0;
-                a->top=0;
-                return(a);
-                }
-        d+=4;
-        if ((*d) & 0x80)
-                neg=1;
-        if (BN_bin2bn(d,(int)len,a) == NULL)
-                return(NULL);
-        a->neg=neg;
-        if (neg)
-                {
-                BN_clear_bit(a,BN_num_bits(a)-1);
-                }
-        return(a);
-        }
-
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
deleted file mode 100644
index 3ae3822bc2..0000000000
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-             BN_ULONG *t)
-        {
-        int n=n2/2,c1,c2;
-        unsigned int neg,zero;
-        BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
-        printf(" bn_mul_recursive %d * %d\n",n2,n2);
-# endif
-# ifdef BN_MUL_COMBA
-#  if 0
-        if (n2 == 4)
-                {
-                bn_mul_comba4(r,a,b);
-                return;
-                }
-#  endif
-        if (n2 == 8)
-                {
-                bn_mul_comba8(r,a,b);
-                return; 
-                }
-# endif /* BN_MUL_COMBA */
-        if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-                {
-                /* This should not happen */
-                bn_mul_normal(r,a,n2,b,n2);
-                return;
-                }
-        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),b,n);
-        zero=neg=0;
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                break;
-        case -3:
-                zero=1;
-                break;
-        case -2:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                break;
-        case 2:
-                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                break;
-        case 4:
-                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_words(&(t[n]),&(b[n]),b,      n);
-                break;
-                }
-
-# ifdef BN_MUL_COMBA
-        if (n == 4)
-                {
-                if (!zero)
-                        bn_mul_comba4(&(t[n2]),t,&(t[n]));
-                else
-                        memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-                
-                bn_mul_comba4(r,a,b);
-                bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
-                }
-        else if (n == 8)
-                {
-                if (!zero)
-                        bn_mul_comba8(&(t[n2]),t,&(t[n]));
-                else
-                        memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-                
-                bn_mul_comba8(r,a,b);
-                bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-                }
-        else
-# endif /* BN_MUL_COMBA */
-                {
-                p= &(t[n2*2]);
-                if (!zero)
-                        bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-                else
-                        memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-                bn_mul_recursive(r,a,b,n,p);
-                bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
-                }
-
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         */
-
-        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-        if (neg) /* if t[32] is negative */
-                {
-                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-                }
-        else
-                {
-                /* Might have a carry */
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-                }
-
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         * c1 holds the carry bits
-         */
-        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-        if (c1)
-                {
-                p= &(r[n+n2]);
-                lo= *p;
-                ln=(lo+c1)&BN_MASK2;
-                *p=ln;
-
-                /* The overflow will stop before we over write
-                 * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
-                        {
-                        do      {
-                                p++;
-                                lo= *p;
-                                ln=(lo+1)&BN_MASK2;
-                                *p=ln;
-                                } while (ln == 0);
-                        }
-                }
-        }
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-             int n, BN_ULONG *t)
-        {
-        int i,j,n2=n*2;
-        int c1,c2,neg,zero;
-        BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
-        printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-# endif
-        if (n < 8)
-                {
-                i=tn+n;
-                bn_mul_normal(r,a,i,b,i);
-                return;
-                }
-
-        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),b,n);
-        zero=neg=0;
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                break;
-        case -3:
-                zero=1;
-                /* break; */
-        case -2:
-                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                /* break; */
-        case 2:
-                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                /* break; */
-        case 4:
-                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_words(&(t[n]),&(b[n]),b,      n);
-                break;
-                }
-                /* The zero case isn't yet implemented here. The speedup
-                   would probably be negligible. */
-# if 0
-        if (n == 4)
-                {
-                bn_mul_comba4(&(t[n2]),t,&(t[n]));
-                bn_mul_comba4(r,a,b);
-                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-                }
-        else
-# endif
-        if (n == 8)
-                {
-                bn_mul_comba8(&(t[n2]),t,&(t[n]));
-                bn_mul_comba8(r,a,b);
-                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-                }
-        else
-                {
-                p= &(t[n2*2]);
-                bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-                bn_mul_recursive(r,a,b,n,p);
-                i=n/2;
-                /* If there is only a bottom half to the number,
-                 * just do it */
-                j=tn-i;
-                if (j == 0)
-                        {
-                        bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
-                        memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-                        }
-                else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-                                {
-                                bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-                                        j,i,p);
-                                memset(&(r[n2+tn*2]),0,
-                                        sizeof(BN_ULONG)*(n2-tn*2));
-                                }
-                else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-                        {
-                        memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-                        if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
-                                {
-                                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                                }
-                        else
-                                {
-                                for (;;)
-                                        {
-                                        i/=2;
-                                        if (i < tn)
-                                                {
-                                                bn_mul_part_recursive(&(r[n2]),
-                                                        &(a[n]),&(b[n]),
-                                                        tn-i,i,p);
-                                                break;
-                                                }
-                                        else if (i == tn)
-                                                {
-                                                bn_mul_recursive(&(r[n2]),
-                                                        &(a[n]),&(b[n]),
-                                                        i,p);
-                                                break;
-                                                }
-                                        }
-                                }
-                        }
-                }
-
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         */
-
-        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-        if (neg) /* if t[32] is negative */
-                {
-                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-                }
-        else
-                {
-                /* Might have a carry */
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-                }
-
-        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         * c1 holds the carry bits
-         */
-        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-        if (c1)
-                {
-                p= &(r[n+n2]);
-                lo= *p;
-                ln=(lo+c1)&BN_MASK2;
-                *p=ln;
-
-                /* The overflow will stop before we over write
-                 * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
-                        {
-                        do      {
-                                p++;
-                                lo= *p;
-                                ln=(lo+1)&BN_MASK2;
-                                *p=ln;
-                                } while (ln == 0);
-                        }
-                }
-        }
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-             BN_ULONG *t)
-        {
-        int n=n2/2;
-
-# ifdef BN_COUNT
-        printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-# endif
-
-        bn_mul_recursive(r,a,b,n,&(t[0]));
-        if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-                {
-                bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                }
-        else
-                {
-                bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-                bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-                bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-                }
-        }
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-             BN_ULONG *t)
-        {
-        int i,n;
-        int c1,c2;
-        int neg,oneg,zero;
-        BN_ULONG ll,lc,*lp,*mp;
-
-# ifdef BN_COUNT
-        printf(" bn_mul_high %d * %d\n",n2,n2);
-# endif
-        n=n2/2;
-
-        /* Calculate (al-ah)*(bh-bl) */
-        neg=zero=0;
-        c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-        c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-        switch (c1*3+c2)
-                {
-        case -4:
-                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-                break;
-        case -3:
-                zero=1;
-                break;
-        case -2:
-                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-                neg=1;
-                break;
-        case -1:
-        case 0:
-        case 1:
-                zero=1;
-                break;
-        case 2:
-                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-                neg=1;
-                break;
-        case 3:
-                zero=1;
-                break;
-        case 4:
-                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-                break;
-                }
-                
-        oneg=neg;
-        /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-        /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
-        if (n == 8)
-                {
-                bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
-                bn_mul_comba8(r,&(a[n]),&(b[n]));
-                }
-        else
-# endif
-                {
-                bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-                bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
-                }
-
-        /* s0 == low(al*bl)
-         * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-         * We know s0 and s1 so the only unknown is high(al*bl)
-         * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-         * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-         */
-        if (l != NULL)
-                {
-                lp= &(t[n2+n]);
-                c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
-                }
-        else
-                {
-                c1=0;
-                lp= &(r[0]);
-                }
-
-        if (neg)
-                neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
-        else
-                {
-                bn_add_words(&(t[n2]),lp,&(t[0]),n);
-                neg=0;
-                }
-
-        if (l != NULL)
-                {
-                bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-                }
-        else
-                {
-                lp= &(t[n2+n]);
-                mp= &(t[n2]);
-                for (i=0; i<n; i++)
-                        lp[i]=((~mp[i])+1)&BN_MASK2;
-                }
-
-        /* s[0] = low(al*bl)
-         * t[3] = high(al*bl)
-         * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-         * r[10] = (a[1]*b[1])
-         */
-        /* R[10] = al*bl
-         * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-         * R[32] = ah*bh
-         */
-        /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-         * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-         * R[3]=r[1]+(carry/borrow)
-         */
-        if (l != NULL)
-                {
-                lp= &(t[n2]);
-                c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
-                }
-        else
-                {
-                lp= &(t[n2+n]);
-                c1=0;
-                }
-        c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
-        if (oneg)
-                c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-        else
-                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-
-        c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
-        c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
-        if (oneg)
-                c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
-        else
-                c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-        
-        if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-                {
-                i=0;
-                if (c1 > 0)
-                        {
-                        lc=c1;
-                        do      {
-                                ll=(r[i]+lc)&BN_MASK2;
-                                r[i++]=ll;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                else
-                        {
-                        lc= -c1;
-                        do      {
-                                ll=r[i];
-                                r[i++]=(ll-lc)&BN_MASK2;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                }
-        if (c2 != 0) /* Add starting at r[1] */
-                {
-                i=n;
-                if (c2 > 0)
-                        {
-                        lc=c2;
-                        do      {
-                                ll=(r[i]+lc)&BN_MASK2;
-                                r[i++]=ll;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                else
-                        {
-                        lc= -c2;
-                        do      {
-                                ll=r[i];
-                                r[i++]=(ll-lc)&BN_MASK2;
-                                lc=(lc > ll);
-                                } while (lc);
-                        }
-                }
-        }
-#endif /* BN_RECURSION */
-
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        int top,al,bl;
-        BIGNUM *rr;
-        int ret = 0;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-        int i;
-#endif
-#ifdef BN_RECURSION
-        BIGNUM *t;
-        int j,k;
-#endif
-
-#ifdef BN_COUNT
-        printf("BN_mul %d * %d\n",a->top,b->top);
-#endif
-
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(r);
-
-        al=a->top;
-        bl=b->top;
-
-        if ((al == 0) || (bl == 0))
-                {
-                if (!BN_zero(r)) goto err;
-                return(1);
-                }
-        top=al+bl;
-
-        BN_CTX_start(ctx);
-        if ((r == a) || (r == b))
-                {
-                if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
-                }
-        else
-                rr = r;
-        rr->neg=a->neg^b->neg;
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-        i = al-bl;
-#endif
-#ifdef BN_MUL_COMBA
-        if (i == 0)
-                {
-# if 0
-                if (al == 4)
-                        {
-                        if (bn_wexpand(rr,8) == NULL) goto err;
-                        rr->top=8;
-                        bn_mul_comba4(rr->d,a->d,b->d);
-                        goto end;
-                        }
-# endif
-                if (al == 8)
-                        {
-                        if (bn_wexpand(rr,16) == NULL) goto err;
-                        rr->top=16;
-                        bn_mul_comba8(rr->d,a->d,b->d);
-                        goto end;
-                        }
-                }
-#endif /* BN_MUL_COMBA */
-#ifdef BN_RECURSION
-        if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
-                {
-                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
-                        {
-#if 0   /* tribute to const-ification, bl<b->dmax above covers for this */
-                        if (bn_wexpand(b,al) == NULL) goto err;
-#endif
-                        b->d[bl]=0;
-                        bl++;
-                        i--;
-                        }
-                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
-                        {
-#if 0   /* tribute to const-ification, al<a->dmax above covers for this */
-                        if (bn_wexpand(a,bl) == NULL) goto err;
-#endif
-                        a->d[al]=0;
-                        al++;
-                        i++;
-                        }
-                if (i == 0)
-                        {
-                        /* symmetric and > 4 */
-                        /* 16 or larger */
-                        j=BN_num_bits_word((BN_ULONG)al);
-                        j=1<<(j-1);
-                        k=j+j;
-                        t = BN_CTX_get(ctx);
-                        if (al == j) /* exact multiple */
-                                {
-                                if (bn_wexpand(t,k*2) == NULL) goto err;
-                                if (bn_wexpand(rr,k*2) == NULL) goto err;
-                                bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
-                                rr->top=top;
-                                goto end;
-                                }
-#if 0   /* tribute to const-ification, rsa/dsa performance is not affected */
-                        else
-                                {
-                                if (bn_wexpand(a,k) == NULL ) goto err;
-                                if (bn_wexpand(b,k) == NULL ) goto err;
-                                if (bn_wexpand(t,k*4) == NULL ) goto err;
-                                if (bn_wexpand(rr,k*4) == NULL ) goto err;
-                                for (i=a->top; i<k; i++)
-                                        a->d[i]=0;
-                                for (i=b->top; i<k; i++)
-                                        b->d[i]=0;
-                                bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
-                                }
-                        rr->top=top;
-                        goto end;
-#endif
-                        }
-                }
-#endif /* BN_RECURSION */
-        if (bn_wexpand(rr,top) == NULL) goto err;
-        rr->top=top;
-        bn_mul_normal(rr->d,a->d,al,b->d,bl);
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-end:
-#endif
-        bn_fix_top(rr);
-        if (r != rr) BN_copy(r,rr);
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-        {
-        BN_ULONG *rr;
-
-#ifdef BN_COUNT
-        printf(" bn_mul_normal %d * %d\n",na,nb);
-#endif
-
-        if (na < nb)
-                {
-                int itmp;
-                BN_ULONG *ltmp;
-
-                itmp=na; na=nb; nb=itmp;
-                ltmp=a;   a=b;   b=ltmp;
-
-                }
-        rr= &(r[na]);
-        rr[0]=bn_mul_words(r,a,na,b[0]);
-
-        for (;;)
-                {
-                if (--nb <= 0) return;
-                rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-                if (--nb <= 0) return;
-                rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-                if (--nb <= 0) return;
-                rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-                if (--nb <= 0) return;
-                rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-                rr+=4;
-                r+=4;
-                b+=4;
-                }
-        }
-
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-        {
-#ifdef BN_COUNT
-        printf(" bn_mul_low_normal %d * %d\n",n,n);
-#endif
-        bn_mul_words(r,a,n,b[0]);
-
-        for (;;)
-                {
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[1]),a,n,b[1]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[2]),a,n,b[2]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[3]),a,n,b[3]);
-                if (--n <= 0) return;
-                bn_mul_add_words(&(r[4]),a,n,b[4]);
-                r+=4;
-                b+=4;
-                }
-        }
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
deleted file mode 100644
index f422172f16..0000000000
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ /dev/null
@@ -1,468 +0,0 @@
-/* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-/* The quick sieve algorithm approach to weeding out primes is
- * Philip Zimmermann's, as implemented in PGP.  I have had a read of
- * his comments and implemented my own version.
- */
-#include "bn_prime.h"
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-        const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-        const BIGNUM *add, const BIGNUM *rem,
-        void (*callback)(int,int,void *), void *cb_arg)
-        {
-        BIGNUM *rnd=NULL;
-        BIGNUM t;
-        int found=0;
-        int i,j,c1=0;
-        BN_CTX *ctx;
-        int checks = BN_prime_checks_for_size(bits);
-
-        BN_init(&t);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        if (ret == NULL)
-                {
-                if ((rnd=BN_new()) == NULL) goto err;
-                }
-        else
-                rnd=ret;
-loop: 
-        /* make a random number and set the top and bottom bits */
-        if (add == NULL)
-                {
-                if (!probable_prime(rnd,bits)) goto err;
-                }
-        else
-                {
-                if (safe)
-                        {
-                        if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
-                                 goto err;
-                        }
-                else
-                        {
-                        if (!probable_prime_dh(rnd,bits,add,rem,ctx))
-                                goto err;
-                        }
-                }
-        /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
-        if (callback != NULL) callback(0,c1++,cb_arg);
-
-        if (!safe)
-                {
-                i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
-                if (i == -1) goto err;
-                if (i == 0) goto loop;
-                }
-        else
-                {
-                /* for "safe prime" generation,
-                 * check that (p-1)/2 is prime.
-                 * Since a prime is odd, We just
-                 * need to divide by 2 */
-                if (!BN_rshift1(&t,rnd)) goto err;
-
-                for (i=0; i<checks; i++)
-                        {
-                        j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
-                        if (j == -1) goto err;
-                        if (j == 0) goto loop;
-
-                        j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
-                        if (j == -1) goto err;
-                        if (j == 0) goto loop;
-
-                        if (callback != NULL) callback(2,c1-1,cb_arg);
-                        /* We have a safe prime test pass */
-                        }
-                }
-        /* we have a prime :-) */
-        found = 1;
-err:
-        if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
-        BN_free(&t);
-        if (ctx != NULL) BN_CTX_free(ctx);
-        return(found ? rnd : NULL);
-        }
-
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
-        BN_CTX *ctx_passed, void *cb_arg)
-        {
-        return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
-        }
-
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-                void (*callback)(int,int,void *),
-                BN_CTX *ctx_passed, void *cb_arg,
-                int do_trial_division)
-        {
-        int i, j, ret = -1;
-        int k;
-        BN_CTX *ctx = NULL;
-        BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
-        BN_MONT_CTX *mont = NULL;
-        const BIGNUM *A = NULL;
-
-        if (BN_cmp(a, BN_value_one()) <= 0)
-                return 0;
-        
-        if (checks == BN_prime_checks)
-                checks = BN_prime_checks_for_size(BN_num_bits(a));
-
-        /* first look for small factors */
-        if (!BN_is_odd(a))
-                /* a is even => a is prime if and only if a == 2 */
-                return BN_is_word(a, 2);
-
-        if (do_trial_division)
-                {
-                for (i = 1; i < NUMPRIMES; i++)
-                        if (BN_mod_word(a, primes[i]) == 0) 
-                                return 0;
-                if (callback != NULL) callback(1, -1, cb_arg);
-                }
-
-        if (ctx_passed != NULL)
-                ctx = ctx_passed;
-        else
-                if ((ctx=BN_CTX_new()) == NULL)
-                        goto err;
-        BN_CTX_start(ctx);
-
-        /* A := abs(a) */
-        if (a->neg)
-                {
-                BIGNUM *t;
-                if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-                BN_copy(t, a);
-                t->neg = 0;
-                A = t;
-                }
-        else
-                A = a;
-        A1 = BN_CTX_get(ctx);
-        A1_odd = BN_CTX_get(ctx);
-        check = BN_CTX_get(ctx);
-        if (check == NULL) goto err;
-
-        /* compute A1 := A - 1 */
-        if (!BN_copy(A1, A))
-                goto err;
-        if (!BN_sub_word(A1, 1))
-                goto err;
-        if (BN_is_zero(A1))
-                {
-                ret = 0;
-                goto err;
-                }
-
-        /* write  A1  as  A1_odd * 2^k */
-        k = 1;
-        while (!BN_is_bit_set(A1, k))
-                k++;
-        if (!BN_rshift(A1_odd, A1, k))
-                goto err;
-
-        /* Montgomery setup for computations mod A */
-        mont = BN_MONT_CTX_new();
-        if (mont == NULL)
-                goto err;
-        if (!BN_MONT_CTX_set(mont, A, ctx))
-                goto err;
-        
-        for (i = 0; i < checks; i++)
-                {
-                if (!BN_pseudo_rand_range(check, A1))
-                        goto err;
-                if (!BN_add_word(check, 1))
-                        goto err;
-                /* now 1 <= check < A */
-
-                j = witness(check, A, A1, A1_odd, k, ctx, mont);
-                if (j == -1) goto err;
-                if (j)
-                        {
-                        ret=0;
-                        goto err;
-                        }
-                if (callback != NULL) callback(1,i,cb_arg);
-                }
-        ret=1;
-err:
-        if (ctx != NULL)
-                {
-                BN_CTX_end(ctx);
-                if (ctx_passed == NULL)
-                        BN_CTX_free(ctx);
-                }
-        if (mont != NULL)
-                BN_MONT_CTX_free(mont);
-
-        return(ret);
-        }
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-        const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
-        {
-        if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
-                return -1;
-        if (BN_is_one(w))
-                return 0; /* probably prime */
-        if (BN_cmp(w, a1) == 0)
-                return 0; /* w == -1 (mod a),  'a' is probably prime */
-        while (--k)
-                {
-                if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
-                        return -1;
-                if (BN_is_one(w))
-                        return 1; /* 'a' is composite, otherwise a previous 'w' would
-                                   * have been == -1 (mod 'a') */
-                if (BN_cmp(w, a1) == 0)
-                        return 0; /* w == -1 (mod a), 'a' is probably prime */
-                }
-        /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
-         * and it is neither -1 nor +1 -- so 'a' cannot be prime */
-        return 1;
-        }
-
-static int probable_prime(BIGNUM *rnd, int bits)
-        {
-        int i;
-        BN_ULONG mods[NUMPRIMES];
-        BN_ULONG delta,d;
-
-again:
-        if (!BN_rand(rnd,bits,1,1)) return(0);
-        /* we now have a random number 'rand' to test. */
-        for (i=1; i<NUMPRIMES; i++)
-                mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
-        delta=0;
-        loop: for (i=1; i<NUMPRIMES; i++)
-                {
-                /* check that rnd is not a prime and also
-                 * that gcd(rnd-1,primes) == 1 (except for 2) */
-                if (((mods[i]+delta)%primes[i]) <= 1)
-                        {
-                        d=delta;
-                        delta+=2;
-                        /* perhaps need to check for overflow of
-                         * delta (but delta can be up to 2^32)
-                         * 21-May-98 eay - added overflow check */
-                        if (delta < d) goto again;
-                        goto loop;
-                        }
-                }
-        if (!BN_add_word(rnd,delta)) return(0);
-        return(1);
-        }
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
-        {
-        int i,ret=0;
-        BIGNUM *t1;
-
-        BN_CTX_start(ctx);
-        if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
-
-        if (!BN_rand(rnd,bits,0,1)) goto err;
-
-        /* we need ((rnd-rem) % add) == 0 */
-
-        if (!BN_mod(t1,rnd,add,ctx)) goto err;
-        if (!BN_sub(rnd,rnd,t1)) goto err;
-        if (rem == NULL)
-                { if (!BN_add_word(rnd,1)) goto err; }
-        else
-                { if (!BN_add(rnd,rnd,rem)) goto err; }
-
-        /* we now have a random number 'rand' to test. */
-
-        loop: for (i=1; i<NUMPRIMES; i++)
-                {
-                /* check that rnd is a prime */
-                if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
-                        {
-                        if (!BN_add(rnd,rnd,add)) goto err;
-                        goto loop;
-                        }
-                }
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
-        const BIGNUM *rem, BN_CTX *ctx)
-        {
-        int i,ret=0;
-        BIGNUM *t1,*qadd,*q;
-
-        bits--;
-        BN_CTX_start(ctx);
-        t1 = BN_CTX_get(ctx);
-        q = BN_CTX_get(ctx);
-        qadd = BN_CTX_get(ctx);
-        if (qadd == NULL) goto err;
-
-        if (!BN_rshift1(qadd,padd)) goto err;
-                
-        if (!BN_rand(q,bits,0,1)) goto err;
-
-        /* we need ((rnd-rem) % add) == 0 */
-        if (!BN_mod(t1,q,qadd,ctx)) goto err;
-        if (!BN_sub(q,q,t1)) goto err;
-        if (rem == NULL)
-                { if (!BN_add_word(q,1)) goto err; }
-        else
-                {
-                if (!BN_rshift1(t1,rem)) goto err;
-                if (!BN_add(q,q,t1)) goto err;
-                }
-
-        /* we now have a random number 'rand' to test. */
-        if (!BN_lshift1(p,q)) goto err;
-        if (!BN_add_word(p,1)) goto err;
-
-        loop: for (i=1; i<NUMPRIMES; i++)
-                {
-                /* check that p and q are prime */
-                /* check that for p and q
-                 * gcd(p-1,primes) == 1 (except for 2) */
-                if (    (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
-                        (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
-                        {
-                        if (!BN_add(p,p,padd)) goto err;
-                        if (!BN_add(q,q,qadd)) goto err;
-                        goto loop;
-                        }
-                }
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h
deleted file mode 100644
index b7cf9a9bfe..0000000000
--- a/src/lib/libcrypto/bn/bn_prime.h
+++ /dev/null
@@ -1,325 +0,0 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef EIGHT_BIT
-#define NUMPRIMES 2048
-#else
-#define NUMPRIMES 54
-#endif
-static const unsigned int primes[NUMPRIMES]=
-        {
-           2,   3,   5,   7,  11,  13,  17,  19,
-          23,  29,  31,  37,  41,  43,  47,  53,
-          59,  61,  67,  71,  73,  79,  83,  89,
-          97, 101, 103, 107, 109, 113, 127, 131,
-         137, 139, 149, 151, 157, 163, 167, 173,
-         179, 181, 191, 193, 197, 199, 211, 223,
-         227, 229, 233, 239, 241, 251,
-#ifndef EIGHT_BIT
-         257, 263,
-         269, 271, 277, 281, 283, 293, 307, 311,
-         313, 317, 331, 337, 347, 349, 353, 359,
-         367, 373, 379, 383, 389, 397, 401, 409,
-         419, 421, 431, 433, 439, 443, 449, 457,
-         461, 463, 467, 479, 487, 491, 499, 503,
-         509, 521, 523, 541, 547, 557, 563, 569,
-         571, 577, 587, 593, 599, 601, 607, 613,
-         617, 619, 631, 641, 643, 647, 653, 659,
-         661, 673, 677, 683, 691, 701, 709, 719,
-         727, 733, 739, 743, 751, 757, 761, 769,
-         773, 787, 797, 809, 811, 821, 823, 827,
-         829, 839, 853, 857, 859, 863, 877, 881,
-         883, 887, 907, 911, 919, 929, 937, 941,
-         947, 953, 967, 971, 977, 983, 991, 997,
-        1009,1013,1019,1021,1031,1033,1039,1049,
-        1051,1061,1063,1069,1087,1091,1093,1097,
-        1103,1109,1117,1123,1129,1151,1153,1163,
-        1171,1181,1187,1193,1201,1213,1217,1223,
-        1229,1231,1237,1249,1259,1277,1279,1283,
-        1289,1291,1297,1301,1303,1307,1319,1321,
-        1327,1361,1367,1373,1381,1399,1409,1423,
-        1427,1429,1433,1439,1447,1451,1453,1459,
-        1471,1481,1483,1487,1489,1493,1499,1511,
-        1523,1531,1543,1549,1553,1559,1567,1571,
-        1579,1583,1597,1601,1607,1609,1613,1619,
-        1621,1627,1637,1657,1663,1667,1669,1693,
-        1697,1699,1709,1721,1723,1733,1741,1747,
-        1753,1759,1777,1783,1787,1789,1801,1811,
-        1823,1831,1847,1861,1867,1871,1873,1877,
-        1879,1889,1901,1907,1913,1931,1933,1949,
-        1951,1973,1979,1987,1993,1997,1999,2003,
-        2011,2017,2027,2029,2039,2053,2063,2069,
-        2081,2083,2087,2089,2099,2111,2113,2129,
-        2131,2137,2141,2143,2153,2161,2179,2203,
-        2207,2213,2221,2237,2239,2243,2251,2267,
-        2269,2273,2281,2287,2293,2297,2309,2311,
-        2333,2339,2341,2347,2351,2357,2371,2377,
-        2381,2383,2389,2393,2399,2411,2417,2423,
-        2437,2441,2447,2459,2467,2473,2477,2503,
-        2521,2531,2539,2543,2549,2551,2557,2579,
-        2591,2593,2609,2617,2621,2633,2647,2657,
-        2659,2663,2671,2677,2683,2687,2689,2693,
-        2699,2707,2711,2713,2719,2729,2731,2741,
-        2749,2753,2767,2777,2789,2791,2797,2801,
-        2803,2819,2833,2837,2843,2851,2857,2861,
-        2879,2887,2897,2903,2909,2917,2927,2939,
-        2953,2957,2963,2969,2971,2999,3001,3011,
-        3019,3023,3037,3041,3049,3061,3067,3079,
-        3083,3089,3109,3119,3121,3137,3163,3167,
-        3169,3181,3187,3191,3203,3209,3217,3221,
-        3229,3251,3253,3257,3259,3271,3299,3301,
-        3307,3313,3319,3323,3329,3331,3343,3347,
-        3359,3361,3371,3373,3389,3391,3407,3413,
-        3433,3449,3457,3461,3463,3467,3469,3491,
-        3499,3511,3517,3527,3529,3533,3539,3541,
-        3547,3557,3559,3571,3581,3583,3593,3607,
-        3613,3617,3623,3631,3637,3643,3659,3671,
-        3673,3677,3691,3697,3701,3709,3719,3727,
-        3733,3739,3761,3767,3769,3779,3793,3797,
-        3803,3821,3823,3833,3847,3851,3853,3863,
-        3877,3881,3889,3907,3911,3917,3919,3923,
-        3929,3931,3943,3947,3967,3989,4001,4003,
-        4007,4013,4019,4021,4027,4049,4051,4057,
-        4073,4079,4091,4093,4099,4111,4127,4129,
-        4133,4139,4153,4157,4159,4177,4201,4211,
-        4217,4219,4229,4231,4241,4243,4253,4259,
-        4261,4271,4273,4283,4289,4297,4327,4337,
-        4339,4349,4357,4363,4373,4391,4397,4409,
-        4421,4423,4441,4447,4451,4457,4463,4481,
-        4483,4493,4507,4513,4517,4519,4523,4547,
-        4549,4561,4567,4583,4591,4597,4603,4621,
-        4637,4639,4643,4649,4651,4657,4663,4673,
-        4679,4691,4703,4721,4723,4729,4733,4751,
-        4759,4783,4787,4789,4793,4799,4801,4813,
-        4817,4831,4861,4871,4877,4889,4903,4909,
-        4919,4931,4933,4937,4943,4951,4957,4967,
-        4969,4973,4987,4993,4999,5003,5009,5011,
-        5021,5023,5039,5051,5059,5077,5081,5087,
-        5099,5101,5107,5113,5119,5147,5153,5167,
-        5171,5179,5189,5197,5209,5227,5231,5233,
-        5237,5261,5273,5279,5281,5297,5303,5309,
-        5323,5333,5347,5351,5381,5387,5393,5399,
-        5407,5413,5417,5419,5431,5437,5441,5443,
-        5449,5471,5477,5479,5483,5501,5503,5507,
-        5519,5521,5527,5531,5557,5563,5569,5573,
-        5581,5591,5623,5639,5641,5647,5651,5653,
-        5657,5659,5669,5683,5689,5693,5701,5711,
-        5717,5737,5741,5743,5749,5779,5783,5791,
-        5801,5807,5813,5821,5827,5839,5843,5849,
-        5851,5857,5861,5867,5869,5879,5881,5897,
-        5903,5923,5927,5939,5953,5981,5987,6007,
-        6011,6029,6037,6043,6047,6053,6067,6073,
-        6079,6089,6091,6101,6113,6121,6131,6133,
-        6143,6151,6163,6173,6197,6199,6203,6211,
-        6217,6221,6229,6247,6257,6263,6269,6271,
-        6277,6287,6299,6301,6311,6317,6323,6329,
-        6337,6343,6353,6359,6361,6367,6373,6379,
-        6389,6397,6421,6427,6449,6451,6469,6473,
-        6481,6491,6521,6529,6547,6551,6553,6563,
-        6569,6571,6577,6581,6599,6607,6619,6637,
-        6653,6659,6661,6673,6679,6689,6691,6701,
-        6703,6709,6719,6733,6737,6761,6763,6779,
-        6781,6791,6793,6803,6823,6827,6829,6833,
-        6841,6857,6863,6869,6871,6883,6899,6907,
-        6911,6917,6947,6949,6959,6961,6967,6971,
-        6977,6983,6991,6997,7001,7013,7019,7027,
-        7039,7043,7057,7069,7079,7103,7109,7121,
-        7127,7129,7151,7159,7177,7187,7193,7207,
-        7211,7213,7219,7229,7237,7243,7247,7253,
-        7283,7297,7307,7309,7321,7331,7333,7349,
-        7351,7369,7393,7411,7417,7433,7451,7457,
-        7459,7477,7481,7487,7489,7499,7507,7517,
-        7523,7529,7537,7541,7547,7549,7559,7561,
-        7573,7577,7583,7589,7591,7603,7607,7621,
-        7639,7643,7649,7669,7673,7681,7687,7691,
-        7699,7703,7717,7723,7727,7741,7753,7757,
-        7759,7789,7793,7817,7823,7829,7841,7853,
-        7867,7873,7877,7879,7883,7901,7907,7919,
-        7927,7933,7937,7949,7951,7963,7993,8009,
-        8011,8017,8039,8053,8059,8069,8081,8087,
-        8089,8093,8101,8111,8117,8123,8147,8161,
-        8167,8171,8179,8191,8209,8219,8221,8231,
-        8233,8237,8243,8263,8269,8273,8287,8291,
-        8293,8297,8311,8317,8329,8353,8363,8369,
-        8377,8387,8389,8419,8423,8429,8431,8443,
-        8447,8461,8467,8501,8513,8521,8527,8537,
-        8539,8543,8563,8573,8581,8597,8599,8609,
-        8623,8627,8629,8641,8647,8663,8669,8677,
-        8681,8689,8693,8699,8707,8713,8719,8731,
-        8737,8741,8747,8753,8761,8779,8783,8803,
-        8807,8819,8821,8831,8837,8839,8849,8861,
-        8863,8867,8887,8893,8923,8929,8933,8941,
-        8951,8963,8969,8971,8999,9001,9007,9011,
-        9013,9029,9041,9043,9049,9059,9067,9091,
-        9103,9109,9127,9133,9137,9151,9157,9161,
-        9173,9181,9187,9199,9203,9209,9221,9227,
-        9239,9241,9257,9277,9281,9283,9293,9311,
-        9319,9323,9337,9341,9343,9349,9371,9377,
-        9391,9397,9403,9413,9419,9421,9431,9433,
-        9437,9439,9461,9463,9467,9473,9479,9491,
-        9497,9511,9521,9533,9539,9547,9551,9587,
-        9601,9613,9619,9623,9629,9631,9643,9649,
-        9661,9677,9679,9689,9697,9719,9721,9733,
-        9739,9743,9749,9767,9769,9781,9787,9791,
-        9803,9811,9817,9829,9833,9839,9851,9857,
-        9859,9871,9883,9887,9901,9907,9923,9929,
-        9931,9941,9949,9967,9973,10007,10009,10037,
-        10039,10061,10067,10069,10079,10091,10093,10099,
-        10103,10111,10133,10139,10141,10151,10159,10163,
-        10169,10177,10181,10193,10211,10223,10243,10247,
-        10253,10259,10267,10271,10273,10289,10301,10303,
-        10313,10321,10331,10333,10337,10343,10357,10369,
-        10391,10399,10427,10429,10433,10453,10457,10459,
-        10463,10477,10487,10499,10501,10513,10529,10531,
-        10559,10567,10589,10597,10601,10607,10613,10627,
-        10631,10639,10651,10657,10663,10667,10687,10691,
-        10709,10711,10723,10729,10733,10739,10753,10771,
-        10781,10789,10799,10831,10837,10847,10853,10859,
-        10861,10867,10883,10889,10891,10903,10909,10937,
-        10939,10949,10957,10973,10979,10987,10993,11003,
-        11027,11047,11057,11059,11069,11071,11083,11087,
-        11093,11113,11117,11119,11131,11149,11159,11161,
-        11171,11173,11177,11197,11213,11239,11243,11251,
-        11257,11261,11273,11279,11287,11299,11311,11317,
-        11321,11329,11351,11353,11369,11383,11393,11399,
-        11411,11423,11437,11443,11447,11467,11471,11483,
-        11489,11491,11497,11503,11519,11527,11549,11551,
-        11579,11587,11593,11597,11617,11621,11633,11657,
-        11677,11681,11689,11699,11701,11717,11719,11731,
-        11743,11777,11779,11783,11789,11801,11807,11813,
-        11821,11827,11831,11833,11839,11863,11867,11887,
-        11897,11903,11909,11923,11927,11933,11939,11941,
-        11953,11959,11969,11971,11981,11987,12007,12011,
-        12037,12041,12043,12049,12071,12073,12097,12101,
-        12107,12109,12113,12119,12143,12149,12157,12161,
-        12163,12197,12203,12211,12227,12239,12241,12251,
-        12253,12263,12269,12277,12281,12289,12301,12323,
-        12329,12343,12347,12373,12377,12379,12391,12401,
-        12409,12413,12421,12433,12437,12451,12457,12473,
-        12479,12487,12491,12497,12503,12511,12517,12527,
-        12539,12541,12547,12553,12569,12577,12583,12589,
-        12601,12611,12613,12619,12637,12641,12647,12653,
-        12659,12671,12689,12697,12703,12713,12721,12739,
-        12743,12757,12763,12781,12791,12799,12809,12821,
-        12823,12829,12841,12853,12889,12893,12899,12907,
-        12911,12917,12919,12923,12941,12953,12959,12967,
-        12973,12979,12983,13001,13003,13007,13009,13033,
-        13037,13043,13049,13063,13093,13099,13103,13109,
-        13121,13127,13147,13151,13159,13163,13171,13177,
-        13183,13187,13217,13219,13229,13241,13249,13259,
-        13267,13291,13297,13309,13313,13327,13331,13337,
-        13339,13367,13381,13397,13399,13411,13417,13421,
-        13441,13451,13457,13463,13469,13477,13487,13499,
-        13513,13523,13537,13553,13567,13577,13591,13597,
-        13613,13619,13627,13633,13649,13669,13679,13681,
-        13687,13691,13693,13697,13709,13711,13721,13723,
-        13729,13751,13757,13759,13763,13781,13789,13799,
-        13807,13829,13831,13841,13859,13873,13877,13879,
-        13883,13901,13903,13907,13913,13921,13931,13933,
-        13963,13967,13997,13999,14009,14011,14029,14033,
-        14051,14057,14071,14081,14083,14087,14107,14143,
-        14149,14153,14159,14173,14177,14197,14207,14221,
-        14243,14249,14251,14281,14293,14303,14321,14323,
-        14327,14341,14347,14369,14387,14389,14401,14407,
-        14411,14419,14423,14431,14437,14447,14449,14461,
-        14479,14489,14503,14519,14533,14537,14543,14549,
-        14551,14557,14561,14563,14591,14593,14621,14627,
-        14629,14633,14639,14653,14657,14669,14683,14699,
-        14713,14717,14723,14731,14737,14741,14747,14753,
-        14759,14767,14771,14779,14783,14797,14813,14821,
-        14827,14831,14843,14851,14867,14869,14879,14887,
-        14891,14897,14923,14929,14939,14947,14951,14957,
-        14969,14983,15013,15017,15031,15053,15061,15073,
-        15077,15083,15091,15101,15107,15121,15131,15137,
-        15139,15149,15161,15173,15187,15193,15199,15217,
-        15227,15233,15241,15259,15263,15269,15271,15277,
-        15287,15289,15299,15307,15313,15319,15329,15331,
-        15349,15359,15361,15373,15377,15383,15391,15401,
-        15413,15427,15439,15443,15451,15461,15467,15473,
-        15493,15497,15511,15527,15541,15551,15559,15569,
-        15581,15583,15601,15607,15619,15629,15641,15643,
-        15647,15649,15661,15667,15671,15679,15683,15727,
-        15731,15733,15737,15739,15749,15761,15767,15773,
-        15787,15791,15797,15803,15809,15817,15823,15859,
-        15877,15881,15887,15889,15901,15907,15913,15919,
-        15923,15937,15959,15971,15973,15991,16001,16007,
-        16033,16057,16061,16063,16067,16069,16073,16087,
-        16091,16097,16103,16111,16127,16139,16141,16183,
-        16187,16189,16193,16217,16223,16229,16231,16249,
-        16253,16267,16273,16301,16319,16333,16339,16349,
-        16361,16363,16369,16381,16411,16417,16421,16427,
-        16433,16447,16451,16453,16477,16481,16487,16493,
-        16519,16529,16547,16553,16561,16567,16573,16603,
-        16607,16619,16631,16633,16649,16651,16657,16661,
-        16673,16691,16693,16699,16703,16729,16741,16747,
-        16759,16763,16787,16811,16823,16829,16831,16843,
-        16871,16879,16883,16889,16901,16903,16921,16927,
-        16931,16937,16943,16963,16979,16981,16987,16993,
-        17011,17021,17027,17029,17033,17041,17047,17053,
-        17077,17093,17099,17107,17117,17123,17137,17159,
-        17167,17183,17189,17191,17203,17207,17209,17231,
-        17239,17257,17291,17293,17299,17317,17321,17327,
-        17333,17341,17351,17359,17377,17383,17387,17389,
-        17393,17401,17417,17419,17431,17443,17449,17467,
-        17471,17477,17483,17489,17491,17497,17509,17519,
-        17539,17551,17569,17573,17579,17581,17597,17599,
-        17609,17623,17627,17657,17659,17669,17681,17683,
-        17707,17713,17729,17737,17747,17749,17761,17783,
-        17789,17791,17807,17827,17837,17839,17851,17863,
-#endif
-        };
diff --git a/src/lib/libcrypto/bn/bn_prime.pl b/src/lib/libcrypto/bn/bn_prime.pl
deleted file mode 100644
index 9fc3765486..0000000000
--- a/src/lib/libcrypto/bn/bn_prime.pl
+++ /dev/null
@@ -1,117 +0,0 @@
-#!/usr/local/bin/perl
-# bn_prime.pl
-
-$num=2048;
-$num=$ARGV[0] if ($#ARGV >= 0);
-
-push(@primes,2);
-$p=1;
-loop: while ($#primes < $num-1)
-        {
-        $p+=2;
-        $s=int(sqrt($p));
-
-        for ($i=0; $primes[$i]<=$s; $i++)
-                {
-                next loop if (($p%$primes[$i]) == 0);
-                }
-        push(@primes,$p);
-        }
-
-# print <<"EOF";
-# /* Auto generated by bn_prime.pl */
-# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
-#  * All rights reserved.
-#  * Copyright remains Eric Young's, and as such any Copyright notices in
-#  * the code are not to be removed.
-#  * See the COPYRIGHT file in the SSLeay distribution for more details.
-#  */
-# 
-# EOF
-
-print <<\EOF;
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-EOF
-
-for ($i=0; $i <= $#primes; $i++)
-        {
-        if ($primes[$i] > 256)
-                {
-                $eight=$i;
-                last;
-                }
-        }
-
-printf "#ifndef EIGHT_BIT\n";
-printf "#define NUMPRIMES %d\n",$num;
-printf "#else\n";
-printf "#define NUMPRIMES %d\n",$eight;
-printf "#endif\n";
-print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
-$init=0;
-for ($i=0; $i <= $#primes; $i++)
-        {
-        printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
-        printf("\n\t") if (($i%8) == 0) && ($i != 0);
-        printf("%4d,",$primes[$i]);
-        }
-print "\n#endif\n\t};\n";
-
-
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
deleted file mode 100644
index acba7ed7ee..0000000000
--- a/src/lib/libcrypto/bn/bn_print.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include "bn_lcl.h"
-
-static const char *Hex="0123456789ABCDEF";
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
-        {
-        int i,j,v,z=0;
-        char *buf;
-        char *p;
-
-        buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
-        if (buf == NULL)
-                {
-                BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=buf;
-        if (a->neg) *(p++)='-';
-        if (BN_is_zero(a)) *(p++)='0';
-        for (i=a->top-1; i >=0; i--)
-                {
-                for (j=BN_BITS2-8; j >= 0; j-=8)
-                        {
-                        /* strip leading zeros */
-                        v=((int)(a->d[i]>>(long)j))&0xff;
-                        if (z || (v != 0))
-                                {
-                                *(p++)=Hex[v>>4];
-                                *(p++)=Hex[v&0x0f];
-                                z=1;
-                                }
-                        }
-                }
-        *p='\0';
-err:
-        return(buf);
-        }
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
-        {
-        int i=0,num;
-        char *buf=NULL;
-        char *p;
-        BIGNUM *t=NULL;
-        BN_ULONG *bn_data=NULL,*lp;
-
-        i=BN_num_bits(a)*3;
-        num=(i/10+i/1000+3)+1;
-        bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
-        buf=(char *)OPENSSL_malloc(num+3);
-        if ((buf == NULL) || (bn_data == NULL))
-                {
-                BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if ((t=BN_dup(a)) == NULL) goto err;
-
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
-        p=buf;
-        lp=bn_data;
-        if (t->neg) *(p++)='-';
-        if (BN_is_zero(t))
-                {
-                *(p++)='0';
-                *(p++)='\0';
-                }
-        else
-                {
-                i=0;
-                while (!BN_is_zero(t))
-                        {
-                        *lp=BN_div_word(t,BN_DEC_CONV);
-                        lp++;
-                        }
-                lp--;
-                /* We now have a series of blocks, BN_DEC_NUM chars
-                 * in length, where the last one needs truncation.
-                 * The blocks need to be reversed in order. */
-                BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
-                while (*p) p++;
-                while (lp != bn_data)
-                        {
-                        lp--;
-                        BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
-                        while (*p) p++;
-                        }
-                }
-err:
-        if (bn_data != NULL) OPENSSL_free(bn_data);
-        if (t != NULL) BN_free(t);
-        return(buf);
-        }
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
-        {
-        BIGNUM *ret=NULL;
-        BN_ULONG l=0;
-        int neg=0,h,m,i,j,k,c;
-        int num;
-
-        if ((a == NULL) || (*a == '\0')) return(0);
-
-        if (*a == '-') { neg=1; a++; }
-
-        for (i=0; isxdigit((unsigned char) a[i]); i++)
-                ;
-
-        num=i+neg;
-        if (bn == NULL) return(num);
-
-        /* a is the start of the hex digits, and it is 'i' long */
-        if (*bn == NULL)
-                {
-                if ((ret=BN_new()) == NULL) return(0);
-                }
-        else
-                {
-                ret= *bn;
-                BN_zero(ret);
-                }
-
-        /* i is the number of hex digests; */
-        if (bn_expand(ret,i*4) == NULL) goto err;
-
-        j=i; /* least significant 'hex' */
-        m=0;
-        h=0;
-        while (j > 0)
-                {
-                m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
-                l=0;
-                for (;;)
-                        {
-                        c=a[j-m];
-                        if ((c >= '0') && (c <= '9')) k=c-'0';
-                        else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
-                        else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
-                        else k=0; /* paranoia */
-                        l=(l<<4)|k;
-
-                        if (--m <= 0)
-                                {
-                                ret->d[h++]=l;
-                                break;
-                                }
-                        }
-                j-=(BN_BYTES*2);
-                }
-        ret->top=h;
-        bn_fix_top(ret);
-        ret->neg=neg;
-
-        *bn=ret;
-        return(num);
-err:
-        if (*bn == NULL) BN_free(ret);
-        return(0);
-        }
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
-        {
-        BIGNUM *ret=NULL;
-        BN_ULONG l=0;
-        int neg=0,i,j;
-        int num;
-
-        if ((a == NULL) || (*a == '\0')) return(0);
-        if (*a == '-') { neg=1; a++; }
-
-        for (i=0; isdigit((unsigned char) a[i]); i++)
-                ;
-
-        num=i+neg;
-        if (bn == NULL) return(num);
-
-        /* a is the start of the digits, and it is 'i' long.
-         * We chop it into BN_DEC_NUM digits at a time */
-        if (*bn == NULL)
-                {
-                if ((ret=BN_new()) == NULL) return(0);
-                }
-        else
-                {
-                ret= *bn;
-                BN_zero(ret);
-                }
-
-        /* i is the number of digests, a bit of an over expand; */
-        if (bn_expand(ret,i*4) == NULL) goto err;
-
-        j=BN_DEC_NUM-(i%BN_DEC_NUM);
-        if (j == BN_DEC_NUM) j=0;
-        l=0;
-        while (*a)
-                {
-                l*=10;
-                l+= *a-'0';
-                a++;
-                if (++j == BN_DEC_NUM)
-                        {
-                        BN_mul_word(ret,BN_DEC_CONV);
-                        BN_add_word(ret,l);
-                        l=0;
-                        j=0;
-                        }
-                }
-        ret->neg=neg;
-
-        bn_fix_top(ret);
-        *bn=ret;
-        return(num);
-err:
-        if (*bn == NULL) BN_free(ret);
-        return(0);
-        }
-
-#ifndef OPENSSL_NO_BIO
-#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                return(0);
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=BN_print(b,a);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
-        {
-        int i,j,v,z=0;
-        int ret=0;
-
-        if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
-        if ((BN_is_zero(a)) && (BIO_write(bp,"0",1) != 1)) goto end;
-        for (i=a->top-1; i >=0; i--)
-                {
-                for (j=BN_BITS2-4; j >= 0; j-=4)
-                        {
-                        /* strip leading zeros */
-                        v=((int)(a->d[i]>>(long)j))&0x0f;
-                        if (z || (v != 0))
-                                {
-                                if (BIO_write(bp,&(Hex[v]),1) != 1)
-                                        goto end;
-                                z=1;
-                                }
-                        }
-                }
-        ret=1;
-end:
-        return(ret);
-        }
-#endif
-
-#ifdef BN_DEBUG
-void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n)
-        {
-        int i;
-        fprintf(o, "%s=", a);
-        for (i=n-1;i>=0;i--)
-                fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
-        fprintf(o, "\n");
-        }
-#endif
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
deleted file mode 100644
index 893c9d2af9..0000000000
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-        {
-        unsigned char *buf=NULL;
-        int ret=0,bit,bytes,mask;
-        time_t tim;
-
-        if (bits == 0)
-                {
-                BN_zero(rnd);
-                return 1;
-                }
-
-        bytes=(bits+7)/8;
-        bit=(bits-1)%8;
-        mask=0xff<<(bit+1);
-
-        buf=(unsigned char *)OPENSSL_malloc(bytes);
-        if (buf == NULL)
-                {
-                BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        /* make a random number and set the top and bottom bits */
-        time(&tim);
-        RAND_add(&tim,sizeof(tim),0);
-
-        if (pseudorand)
-                {
-                if (RAND_pseudo_bytes(buf, bytes) == -1)
-                        goto err;
-                }
-        else
-                {
-                if (RAND_bytes(buf, bytes) <= 0)
-                        goto err;
-                }
-
-#if 1
-        if (pseudorand == 2)
-                {
-                /* generate patterns that are more likely to trigger BN
-                   library bugs */
-                int i;
-                unsigned char c;
-
-                for (i = 0; i < bytes; i++)
-                        {
-                        RAND_pseudo_bytes(&c, 1);
-                        if (c >= 128 && i > 0)
-                                buf[i] = buf[i-1];
-                        else if (c < 42)
-                                buf[i] = 0;
-                        else if (c < 84)
-                                buf[i] = 255;
-                        }
-                }
-#endif
-
-        if (top != -1)
-                {
-                if (top)
-                        {
-                        if (bit == 0)
-                                {
-                                buf[0]=1;
-                                buf[1]|=0x80;
-                                }
-                        else
-                                {
-                                buf[0]|=(3<<(bit-1));
-                                }
-                        }
-                else
-                        {
-                        buf[0]|=(1<<bit);
-                        }
-                }
-        buf[0] &= ~mask;
-        if (bottom) /* set bottom bit if requested */
-                buf[bytes-1]|=1;
-        if (!BN_bin2bn(buf,bytes,rnd)) goto err;
-        ret=1;
-err:
-        if (buf != NULL)
-                {
-                OPENSSL_cleanse(buf,bytes);
-                OPENSSL_free(buf);
-                }
-        return(ret);
-        }
-
-int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-        {
-        return bnrand(0, rnd, bits, top, bottom);
-        }
-
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-        {
-        return bnrand(1, rnd, bits, top, bottom);
-        }
-
-#if 1
-int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-        {
-        return bnrand(2, rnd, bits, top, bottom);
-        }
-#endif
-
-
-/* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
-        {
-        int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-        int n;
-
-        if (range->neg || BN_is_zero(range))
-                {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
-                return 0;
-                }
-
-        n = BN_num_bits(range); /* n > 0 */
-
-        /* BN_is_bit_set(range, n - 1) always holds */
-
-        if (n == 1)
-                {
-                if (!BN_zero(r)) return 0;
-                }
-        else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-                {
-                /* range = 100..._2,
-                 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-                do
-                        {
-                        if (!bn_rand(r, n + 1, -1, 0)) return 0;
-                        /* If  r < 3*range,  use  r := r MOD range
-                         * (which is either  r, r - range,  or  r - 2*range).
-                         * Otherwise, iterate once more.
-                         * Since  3*range = 11..._2, each iteration succeeds with
-                         * probability >= .75. */
-                        if (BN_cmp(r ,range) >= 0)
-                                {
-                                if (!BN_sub(r, r, range)) return 0;
-                                if (BN_cmp(r, range) >= 0)
-                                        if (!BN_sub(r, r, range)) return 0;
-                                }
-                        }
-                while (BN_cmp(r, range) >= 0);
-                }
-        else
-                {
-                do
-                        {
-                        /* range = 11..._2  or  range = 101..._2 */
-                        if (!bn_rand(r, n, -1, 0)) return 0;
-                        }
-                while (BN_cmp(r, range) >= 0);
-                }
-
-        return 1;
-        }
-
-
-int     BN_rand_range(BIGNUM *r, BIGNUM *range)
-        {
-        return bn_rand_range(0, r, range);
-        }
-
-int     BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
-        {
-        return bn_rand_range(1, r, range);
-        }
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
deleted file mode 100644
index ef5fdd4708..0000000000
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
-        {
-        BN_init(&(recp->N));
-        BN_init(&(recp->Nr));
-        recp->num_bits=0;
-        recp->flags=0;
-        }
-
-BN_RECP_CTX *BN_RECP_CTX_new(void)
-        {
-        BN_RECP_CTX *ret;
-
-        if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
-                return(NULL);
-
-        BN_RECP_CTX_init(ret);
-        ret->flags=BN_FLG_MALLOCED;
-        return(ret);
-        }
-
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
-        {
-        if(recp == NULL)
-            return;
-
-        BN_free(&(recp->N));
-        BN_free(&(recp->Nr));
-        if (recp->flags & BN_FLG_MALLOCED)
-                OPENSSL_free(recp);
-        }
-
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-        {
-        if (!BN_copy(&(recp->N),d)) return 0;
-        if (!BN_zero(&(recp->Nr))) return 0;
-        recp->num_bits=BN_num_bits(d);
-        recp->shift=0;
-        return(1);
-        }
-
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-        BN_RECP_CTX *recp, BN_CTX *ctx)
-        {
-        int ret=0;
-        BIGNUM *a;
-        const BIGNUM *ca;
-
-        BN_CTX_start(ctx);
-        if ((a = BN_CTX_get(ctx)) == NULL) goto err;
-        if (y != NULL)
-                {
-                if (x == y)
-                        { if (!BN_sqr(a,x,ctx)) goto err; }
-                else
-                        { if (!BN_mul(a,x,y,ctx)) goto err; }
-                ca = a;
-                }
-        else
-                ca=x; /* Just do the mod */
-
-        ret = BN_div_recp(NULL,r,ca,recp,ctx);
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-        BN_RECP_CTX *recp, BN_CTX *ctx)
-        {
-        int i,j,ret=0;
-        BIGNUM *a,*b,*d,*r;
-
-        BN_CTX_start(ctx);
-        a=BN_CTX_get(ctx);
-        b=BN_CTX_get(ctx);
-        if (dv != NULL)
-                d=dv;
-        else
-                d=BN_CTX_get(ctx);
-        if (rem != NULL)
-                r=rem;
-        else
-                r=BN_CTX_get(ctx);
-        if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
-
-        if (BN_ucmp(m,&(recp->N)) < 0)
-                {
-                if (!BN_zero(d)) return 0;
-                if (!BN_copy(r,m)) return 0;
-                BN_CTX_end(ctx);
-                return(1);
-                }
-
-        /* We want the remainder
-         * Given input of ABCDEF / ab
-         * we need multiply ABCDEF by 3 digests of the reciprocal of ab
-         *
-         */
-
-        /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
-        i=BN_num_bits(m);
-        j=recp->num_bits<<1;
-        if (j>i) i=j;
-
-        /* Nr := round(2^i / N) */
-        if (i != recp->shift)
-                recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-                        i,ctx); /* BN_reciprocal returns i, or -1 for an error */
-        if (recp->shift == -1) goto err;
-
-        /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
-         *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
-         *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
-         *    = |m/N|
-         */
-        if (!BN_rshift(a,m,recp->num_bits)) goto err;
-        if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-        if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
-        d->neg=0;
-
-        if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
-        if (!BN_usub(r,m,b)) goto err;
-        r->neg=0;
-
-#if 1
-        j=0;
-        while (BN_ucmp(r,&(recp->N)) >= 0)
-                {
-                if (j++ > 2)
-                        {
-                        BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
-                        goto err;
-                        }
-                if (!BN_usub(r,r,&(recp->N))) goto err;
-                if (!BN_add_word(d,1)) goto err;
-                }
-#endif
-
-        r->neg=BN_is_zero(r)?0:m->neg;
-        d->neg=m->neg^recp->N.neg;
-        ret=1;
-err:
-        BN_CTX_end(ctx);
-        return(ret);
-        } 
-
-/* len is the expected size of the result
- * We actually calculate with an extra word of precision, so
- * we can do faster division if the remainder is not required.
- */
-/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-        {
-        int ret= -1;
-        BIGNUM t;
-
-        BN_init(&t);
-
-        if (!BN_zero(&t)) goto err;
-        if (!BN_set_bit(&t,len)) goto err;
-
-        if (!BN_div(r,NULL,&t,m,ctx)) goto err;
-
-        ret=len;
-err:
-        BN_free(&t);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
deleted file mode 100644
index 70f785ea18..0000000000
--- a/src/lib/libcrypto/bn/bn_shift.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
-        {
-        register BN_ULONG *ap,*rp,t,c;
-        int i;
-
-        if (r != a)
-                {
-                r->neg=a->neg;
-                if (bn_wexpand(r,a->top+1) == NULL) return(0);
-                r->top=a->top;
-                }
-        else
-                {
-                if (bn_wexpand(r,a->top+1) == NULL) return(0);
-                }
-        ap=a->d;
-        rp=r->d;
-        c=0;
-        for (i=0; i<a->top; i++)
-                {
-                t= *(ap++);
-                *(rp++)=((t<<1)|c)&BN_MASK2;
-                c=(t & BN_TBIT)?1:0;
-                }
-        if (c)
-                {
-                *rp=1;
-                r->top++;
-                }
-        return(1);
-        }
-
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
-        {
-        BN_ULONG *ap,*rp,t,c;
-        int i;
-
-        if (BN_is_zero(a))
-                {
-                BN_zero(r);
-                return(1);
-                }
-        if (a != r)
-                {
-                if (bn_wexpand(r,a->top) == NULL) return(0);
-                r->top=a->top;
-                r->neg=a->neg;
-                }
-        ap=a->d;
-        rp=r->d;
-        c=0;
-        for (i=a->top-1; i>=0; i--)
-                {
-                t=ap[i];
-                rp[i]=((t>>1)&BN_MASK2)|c;
-                c=(t&1)?BN_TBIT:0;
-                }
-        bn_fix_top(r);
-        return(1);
-        }
-
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
-        {
-        int i,nw,lb,rb;
-        BN_ULONG *t,*f;
-        BN_ULONG l;
-
-        r->neg=a->neg;
-        nw=n/BN_BITS2;
-        if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
-        lb=n%BN_BITS2;
-        rb=BN_BITS2-lb;
-        f=a->d;
-        t=r->d;
-        t[a->top+nw]=0;
-        if (lb == 0)
-                for (i=a->top-1; i>=0; i--)
-                        t[nw+i]=f[i];
-        else
-                for (i=a->top-1; i>=0; i--)
-                        {
-                        l=f[i];
-                        t[nw+i+1]|=(l>>rb)&BN_MASK2;
-                        t[nw+i]=(l<<lb)&BN_MASK2;
-                        }
-        memset(t,0,nw*sizeof(t[0]));
-/*      for (i=0; i<nw; i++)
-                t[i]=0;*/
-        r->top=a->top+nw+1;
-        bn_fix_top(r);
-        return(1);
-        }
-
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
-        {
-        int i,j,nw,lb,rb;
-        BN_ULONG *t,*f;
-        BN_ULONG l,tmp;
-
-        nw=n/BN_BITS2;
-        rb=n%BN_BITS2;
-        lb=BN_BITS2-rb;
-        if (nw > a->top || a->top == 0)
-                {
-                BN_zero(r);
-                return(1);
-                }
-        if (r != a)
-                {
-                r->neg=a->neg;
-                if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
-                }
-        else
-                {
-                if (n == 0)
-                        return 1; /* or the copying loop will go berserk */
-                }
-
-        f= &(a->d[nw]);
-        t=r->d;
-        j=a->top-nw;
-        r->top=j;
-
-        if (rb == 0)
-                {
-                for (i=j+1; i > 0; i--)
-                        *(t++)= *(f++);
-                }
-        else
-                {
-                l= *(f++);
-                for (i=1; i<j; i++)
-                        {
-                        tmp =(l>>rb)&BN_MASK2;
-                        l= *(f++);
-                        *(t++) =(tmp|(l<<lb))&BN_MASK2;
-                        }
-                *(t++) =(l>>rb)&BN_MASK2;
-                }
-        *t=0;
-        bn_fix_top(r);
-        return(1);
-        }
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
deleted file mode 100644
index c1d0cca438..0000000000
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r must not be a */
-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-        {
-        int max,al;
-        int ret = 0;
-        BIGNUM *tmp,*rr;
-
-#ifdef BN_COUNT
-        fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
-#endif
-        bn_check_top(a);
-
-        al=a->top;
-        if (al <= 0)
-                {
-                r->top=0;
-                return(1);
-                }
-
-        BN_CTX_start(ctx);
-        rr=(a != r) ? r : BN_CTX_get(ctx);
-        tmp=BN_CTX_get(ctx);
-        if (tmp == NULL) goto err;
-
-        max=(al+al);
-        if (bn_wexpand(rr,max+1) == NULL) goto err;
-
-        if (al == 4)
-                {
-#ifndef BN_SQR_COMBA
-                BN_ULONG t[8];
-                bn_sqr_normal(rr->d,a->d,4,t);
-#else
-                bn_sqr_comba4(rr->d,a->d);
-#endif
-                }
-        else if (al == 8)
-                {
-#ifndef BN_SQR_COMBA
-                BN_ULONG t[16];
-                bn_sqr_normal(rr->d,a->d,8,t);
-#else
-                bn_sqr_comba8(rr->d,a->d);
-#endif
-                }
-        else 
-                {
-#if defined(BN_RECURSION)
-                if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
-                        {
-                        BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
-                        bn_sqr_normal(rr->d,a->d,al,t);
-                        }
-                else
-                        {
-                        int j,k;
-
-                        j=BN_num_bits_word((BN_ULONG)al);
-                        j=1<<(j-1);
-                        k=j+j;
-                        if (al == j)
-                                {
-                                if (bn_wexpand(tmp,k*2) == NULL) goto err;
-                                bn_sqr_recursive(rr->d,a->d,al,tmp->d);
-                                }
-                        else
-                                {
-                                if (bn_wexpand(tmp,max) == NULL) goto err;
-                                bn_sqr_normal(rr->d,a->d,al,tmp->d);
-                                }
-                        }
-#else
-                if (bn_wexpand(tmp,max) == NULL) goto err;
-                bn_sqr_normal(rr->d,a->d,al,tmp->d);
-#endif
-                }
-
-        rr->top=max;
-        rr->neg=0;
-        if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
-        if (rr != r) BN_copy(r,rr);
-        ret = 1;
- err:
-        BN_CTX_end(ctx);
-        return(ret);
-        }
-
-/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
-        {
-        int i,j,max;
-        const BN_ULONG *ap;
-        BN_ULONG *rp;
-
-        max=n*2;
-        ap=a;
-        rp=r;
-        rp[0]=rp[max-1]=0;
-        rp++;
-        j=n;
-
-        if (--j > 0)
-                {
-                ap++;
-                rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
-                rp+=2;
-                }
-
-        for (i=n-2; i>0; i--)
-                {
-                j--;
-                ap++;
-                rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
-                rp+=2;
-                }
-
-        bn_add_words(r,r,r,max);
-
-        /* There will not be a carry */
-
-        bn_sqr_words(tmp,a,n);
-
-        bn_add_words(r,r,tmp,max);
-        }
-
-#ifdef BN_RECURSION
-/* r is 2*n words in size,
- * a and b are both n words in size.    (There's not actually a 'b' here ...)
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
-        {
-        int n=n2/2;
-        int zero,c1;
-        BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-        fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
-        if (n2 == 4)
-                {
-#ifndef BN_SQR_COMBA
-                bn_sqr_normal(r,a,4,t);
-#else
-                bn_sqr_comba4(r,a);
-#endif
-                return;
-                }
-        else if (n2 == 8)
-                {
-#ifndef BN_SQR_COMBA
-                bn_sqr_normal(r,a,8,t);
-#else
-                bn_sqr_comba8(r,a);
-#endif
-                return;
-                }
-        if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
-                {
-                bn_sqr_normal(r,a,n2,t);
-                return;
-                }
-        /* r=(a[0]-a[1])*(a[1]-a[0]) */
-        c1=bn_cmp_words(a,&(a[n]),n);
-        zero=0;
-        if (c1 > 0)
-                bn_sub_words(t,a,&(a[n]),n);
-        else if (c1 < 0)
-                bn_sub_words(t,&(a[n]),a,n);
-        else
-                zero=1;
-
-        /* The result will always be negative unless it is zero */
-        p= &(t[n2*2]);
-
-        if (!zero)
-                bn_sqr_recursive(&(t[n2]),t,n,p);
-        else
-                memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-        bn_sqr_recursive(r,a,n,p);
-        bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
-
-        /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
-         * r[10] holds (a[0]*b[0])
-         * r[32] holds (b[1]*b[1])
-         */
-
-        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-        /* t[32] is negative */
-        c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-
-        /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
-         * r[10] holds (a[0]*a[0])
-         * r[32] holds (a[1]*a[1])
-         * c1 holds the carry bits
-         */
-        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-        if (c1)
-                {
-                p= &(r[n+n2]);
-                lo= *p;
-                ln=(lo+c1)&BN_MASK2;
-                *p=ln;
-
-                /* The overflow will stop before we over write
-                 * words we should not overwrite */
-                if (ln < (BN_ULONG)c1)
-                        {
-                        do      {
-                                p++;
-                                lo= *p;
-                                ln=(lo+1)&BN_MASK2;
-                                *p=ln;
-                                } while (ln == 0);
-                        }
-                }
-        }
-#endif
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
deleted file mode 100644
index e2a1105dc8..0000000000
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/* crypto/bn/bn_mod.c */
-/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * and Bodo Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
-/* Returns 'ret' such that
- *      ret^2 == a (mod p),
- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
- * in Algebraic Computational Number Theory", algorithm 1.5.1).
- * 'p' must be prime!
- * If 'a' is not a square, this is not necessarily detected by
- * the algorithms; a bogus result must be expected in this case.
- */
-        {
-        BIGNUM *ret = in;
-        int err = 1;
-        int r;
-        BIGNUM *b, *q, *t, *x, *y;
-        int e, i, j;
-        
-        if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
-                {
-                if (BN_abs_is_word(p, 2))
-                        {
-                        if (ret == NULL)
-                                ret = BN_new();
-                        if (ret == NULL)
-                                goto end;
-                        if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
-                                {
-                                BN_free(ret);
-                                return NULL;
-                                }
-                        return ret;
-                        }
-
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-                return(NULL);
-                }
-
-        if (BN_is_zero(a) || BN_is_one(a))
-                {
-                if (ret == NULL)
-                        ret = BN_new();
-                if (ret == NULL)
-                        goto end;
-                if (!BN_set_word(ret, BN_is_one(a)))
-                        {
-                        BN_free(ret);
-                        return NULL;
-                        }
-                return ret;
-                }
-
-#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */
-        r = BN_kronecker(a, p, ctx);
-        if (r < -1) return NULL;
-        if (r == -1)
-                {
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-                return(NULL);
-                }
-#endif
-
-        BN_CTX_start(ctx);
-        b = BN_CTX_get(ctx);
-        q = BN_CTX_get(ctx);
-        t = BN_CTX_get(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL) goto end;
-        
-        if (ret == NULL)
-                ret = BN_new();
-        if (ret == NULL) goto end;
-
-        /* now write  |p| - 1  as  2^e*q  where  q  is odd */
-        e = 1;
-        while (!BN_is_bit_set(p, e))
-                e++;
-        /* we'll set  q  later (if needed) */
-
-        if (e == 1)
-                {
-                /* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
-                 * modulo  (|p|-1)/2,  and square roots can be computed
-                 * directly by modular exponentiation.
-                 * We have
-                 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
-                 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
-                 */
-                if (!BN_rshift(q, p, 2)) goto end;
-                q->neg = 0;
-                if (!BN_add_word(q, 1)) goto end;
-                if (!BN_mod_exp(ret, a, q, p, ctx)) goto end;
-                err = 0;
-                goto end;
-                }
-        
-        if (e == 2)
-                {
-                /* |p| == 5  (mod 8)
-                 *
-                 * In this case  2  is always a non-square since
-                 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
-                 * So if  a  really is a square, then  2*a  is a non-square.
-                 * Thus for
-                 *      b := (2*a)^((|p|-5)/8),
-                 *      i := (2*a)*b^2
-                 * we have
-                 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
-                 *         = (2*a)^((p-1)/2)
-                 *         = -1;
-                 * so if we set
-                 *      x := a*b*(i-1),
-                 * then
-                 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
-                 *         = a^2 * b^2 * (-2*i)
-                 *         = a*(-i)*(2*a*b^2)
-                 *         = a*(-i)*i
-                 *         = a.
-                 *
-                 * (This is due to A.O.L. Atkin, 
-                 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
-                 * November 1992.)
-                 */
-
-                /* make sure that  a  is reduced modulo p */
-                if (a->neg || BN_ucmp(a, p) >= 0)
-                        {
-                        if (!BN_nnmod(x, a, p, ctx)) goto end;
-                        a = x; /* use x as temporary variable */
-                        }
-
-                /* t := 2*a */
-                if (!BN_mod_lshift1_quick(t, a, p)) goto end;
-
-                /* b := (2*a)^((|p|-5)/8) */
-                if (!BN_rshift(q, p, 3)) goto end;
-                q->neg = 0;
-                if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
-
-                /* y := b^2 */
-                if (!BN_mod_sqr(y, b, p, ctx)) goto end;
-
-                /* t := (2*a)*b^2 - 1*/
-                if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
-                if (!BN_sub_word(t, 1)) goto end;
-
-                /* x = a*b*t */
-                if (!BN_mod_mul(x, a, b, p, ctx)) goto end;
-                if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-
-                if (!BN_copy(ret, x)) goto end;
-                err = 0;
-                goto end;
-                }
-        
-        /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
-         * First, find some  y  that is not a square. */
-        if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
-        q->neg = 0;
-        i = 2;
-        do
-                {
-                /* For efficiency, try small numbers first;
-                 * if this fails, try random numbers.
-                 */
-                if (i < 22)
-                        {
-                        if (!BN_set_word(y, i)) goto end;
-                        }
-                else
-                        {
-                        if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
-                        if (BN_ucmp(y, p) >= 0)
-                                {
-                                if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
-                                }
-                        /* now 0 <= y < |p| */
-                        if (BN_is_zero(y))
-                                if (!BN_set_word(y, i)) goto end;
-                        }
-                
-                r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
-                if (r < -1) goto end;
-                if (r == 0)
-                        {
-                        /* m divides p */
-                        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-                        goto end;
-                        }
-                }
-        while (r == 1 && ++i < 82);
-        
-        if (r != -1)
-                {
-                /* Many rounds and still no non-square -- this is more likely
-                 * a bug than just bad luck.
-                 * Even if  p  is not prime, we should have found some  y
-                 * such that r == -1.
-                 */
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
-                goto end;
-                }
-
-        /* Here's our actual 'q': */
-        if (!BN_rshift(q, q, e)) goto end;
-
-        /* Now that we have some non-square, we can find an element
-         * of order  2^e  by computing its q'th power. */
-        if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
-        if (BN_is_one(y))
-                {
-                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-                goto end;
-                }
-
-        /* Now we know that (if  p  is indeed prime) there is an integer
-         * k,  0 <= k < 2^e,  such that
-         *
-         *      a^q * y^k == 1   (mod p).
-         *
-         * As  a^q  is a square and  y  is not,  k  must be even.
-         * q+1  is even, too, so there is an element
-         *
-         *     X := a^((q+1)/2) * y^(k/2),
-         *
-         * and it satisfies
-         *
-         *     X^2 = a^q * a     * y^k
-         *         = a,
-         *
-         * so it is the square root that we are looking for.
-         */
-        
-        /* t := (q-1)/2  (note that  q  is odd) */
-        if (!BN_rshift1(t, q)) goto end;
-        
-        /* x := a^((q-1)/2) */
-        if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
-                {
-                if (!BN_nnmod(t, a, p, ctx)) goto end;
-                if (BN_is_zero(t))
-                        {
-                        /* special case: a == 0  (mod p) */
-                        if (!BN_zero(ret)) goto end;
-                        err = 0;
-                        goto end;
-                        }
-                else
-                        if (!BN_one(x)) goto end;
-                }
-        else
-                {
-                if (!BN_mod_exp(x, a, t, p, ctx)) goto end;
-                if (BN_is_zero(x))
-                        {
-                        /* special case: a == 0  (mod p) */
-                        if (!BN_zero(ret)) goto end;
-                        err = 0;
-                        goto end;
-                        }
-                }
-
-        /* b := a*x^2  (= a^q) */
-        if (!BN_mod_sqr(b, x, p, ctx)) goto end;
-        if (!BN_mod_mul(b, b, a, p, ctx)) goto end;
-        
-        /* x := a*x    (= a^((q+1)/2)) */
-        if (!BN_mod_mul(x, x, a, p, ctx)) goto end;
-
-        while (1)
-                {
-                /* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
-                 * where  E  refers to the original value of  e,  which we
-                 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
-                 *
-                 * We have  a*b = x^2,
-                 *    y^2^(e-1) = -1,
-                 *    b^2^(e-1) = 1.
-                 */
-
-                if (BN_is_one(b))
-                        {
-                        if (!BN_copy(ret, x)) goto end;
-                        err = 0;
-                        goto end;
-                        }
-
-
-                /* find smallest  i  such that  b^(2^i) = 1 */
-                i = 1;
-                if (!BN_mod_sqr(t, b, p, ctx)) goto end;
-                while (!BN_is_one(t))
-                        {
-                        i++;
-                        if (i == e)
-                                {
-                                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-                                goto end;
-                                }
-                        if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
-                        }
-                
-
-                /* t := y^2^(e - i - 1) */
-                if (!BN_copy(t, y)) goto end;
-                for (j = e - i - 1; j > 0; j--)
-                        {
-                        if (!BN_mod_sqr(t, t, p, ctx)) goto end;
-                        }
-                if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
-                if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-                if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
-                e = i;
-                }
-
- end:
-        if (err)
-                {
-                if (ret != NULL && ret != in)
-                        {
-                        BN_clear_free(ret);
-                        }
-                ret = NULL;
-                }
-        BN_CTX_end(ctx);
-        return ret;
-        }
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
deleted file mode 100644
index de610ce54c..0000000000
--- a/src/lib/libcrypto/bn/bn_word.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
-        {
-#ifndef BN_LLONG
-        BN_ULONG ret=0;
-#else
-        BN_ULLONG ret=0;
-#endif
-        int i;
-
-        w&=BN_MASK2;
-        for (i=a->top-1; i>=0; i--)
-                {
-#ifndef BN_LLONG
-                ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
-                ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
-#else
-                ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
-                        (BN_ULLONG)w);
-#endif
-                }
-        return((BN_ULONG)ret);
-        }
-
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
-        {
-        BN_ULONG ret;
-        int i;
-
-        if (a->top == 0) return(0);
-        ret=0;
-        w&=BN_MASK2;
-        for (i=a->top-1; i>=0; i--)
-                {
-                BN_ULONG l,d;
-                
-                l=a->d[i];
-                d=bn_div_words(ret,l,w);
-                ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
-                a->d[i]=d;
-                }
-        if ((a->top > 0) && (a->d[a->top-1] == 0))
-                a->top--;
-        return(ret);
-        }
-
-int BN_add_word(BIGNUM *a, BN_ULONG w)
-        {
-        BN_ULONG l;
-        int i;
-
-        if ((w & BN_MASK2) == 0)
-                return(1);
-
-        if (a->neg)
-                {
-                a->neg=0;
-                i=BN_sub_word(a,w);
-                if (!BN_is_zero(a))
-                        a->neg=!(a->neg);
-                return(i);
-                }
-        w&=BN_MASK2;
-        if (bn_wexpand(a,a->top+1) == NULL) return(0);
-        i=0;
-        for (;;)
-                {
-                if (i >= a->top)
-                        l=w;
-                else
-                        l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
-                a->d[i]=l;
-                if (w > l)
-                        w=1;
-                else
-                        break;
-                i++;
-                }
-        if (i >= a->top)
-                a->top++;
-        return(1);
-        }
-
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
-        {
-        int i;
-
-        if ((w & BN_MASK2) == 0)
-                return(1);
-
-        if (BN_is_zero(a) || a->neg)
-                {
-                a->neg=0;
-                i=BN_add_word(a,w);
-                a->neg=1;
-                return(i);
-                }
-
-        w&=BN_MASK2;
-        if ((a->top == 1) && (a->d[0] < w))
-                {
-                a->d[0]=w-a->d[0];
-                a->neg=1;
-                return(1);
-                }
-        i=0;
-        for (;;)
-                {
-                if (a->d[i] >= w)
-                        {
-                        a->d[i]-=w;
-                        break;
-                        }
-                else
-                        {
-                        a->d[i]=(a->d[i]-w)&BN_MASK2;
-                        i++;
-                        w=1;
-                        }
-                }
-        if ((a->d[i] == 0) && (i == (a->top-1)))
-                a->top--;
-        return(1);
-        }
-
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
-        {
-        BN_ULONG ll;
-
-        w&=BN_MASK2;
-        if (a->top)
-                {
-                if (w == 0)
-                        BN_zero(a);
-                else
-                        {
-                        ll=bn_mul_words(a->d,a->d,a->top,w);
-                        if (ll)
-                                {
-                                if (bn_wexpand(a,a->top+1) == NULL) return(0);
-                                a->d[a->top++]=ll;
-                                }
-                        }
-                }
-        return(1);
-        }
-
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
deleted file mode 100644
index c64410dd3a..0000000000
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/* bn_x931p.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-/* X9.31 routines for prime derivation */
-
-
-/* X9.31 prime derivation. This is used to generate the primes pi
- * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
- * integers.
- */
-
-static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
-        {
-        int i = 0;
-        if (!BN_copy(pi, Xpi))
-                return 0;
-        if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
-                return 0;
-        for(;;)
-                {
-                i++;
-                if (cb)
-                        cb(0, i, cb_arg);
-                /* NB 27 MR is specificed in X9.31 */
-                if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
-                        break;
-                if (!BN_add_word(pi, 2))
-                        return 0;
-                }
-        if (cb)
-                cb(2, i, cb_arg);
-        return 1;
-        }
-
-/* This is the main X9.31 prime derivation function. From parameters
- * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
- * not NULL they will be returned too: this is needed for testing.
- */
-
-int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        void (*cb)(int, int, void *), void *cb_arg,
-                        const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx)
-        {
-        int ret = 0;
-
-        BIGNUM *t, *p1p2, *pm1;
-
-        /* Only even e supported */
-        if (!BN_is_odd(e))
-                return 0;
-
-        BN_CTX_start(ctx);
-        if (!p1)
-                p1 = BN_CTX_get(ctx);
-
-        if (!p2)
-                p2 = BN_CTX_get(ctx);
-
-        t = BN_CTX_get(ctx);
-
-        p1p2 = BN_CTX_get(ctx);
-
-        pm1 = BN_CTX_get(ctx);
-
-        if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
-                goto err;
-
-        if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
-                goto err;
-
-        if (!BN_mul(p1p2, p1, p2, ctx))
-                goto err;
-
-        /* First set p to value of Rp */
-
-        if (!BN_mod_inverse(p, p2, p1, ctx))
-                goto err;
-
-        if (!BN_mul(p, p, p2, ctx))
-                goto err;
-
-        if (!BN_mod_inverse(t, p1, p2, ctx))
-                goto err;
-
-        if (!BN_mul(t, t, p1, ctx))
-                goto err;
-
-        if (!BN_sub(p, p, t))
-                goto err;
-
-        if (p->neg && !BN_add(p, p, p1p2))
-                goto err;
-
-        /* p now equals Rp */
-
-        if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
-                goto err;
-
-        if (!BN_add(p, p, Xp))
-                goto err;
-
-        /* p now equals Yp0 */
-
-        for (;;)
-                {
-                int i = 1;
-                if (cb)
-                        cb(0, i++, cb_arg);
-                if (!BN_copy(pm1, p))
-                        goto err;
-                if (!BN_sub_word(pm1, 1))
-                        goto err;
-                if (!BN_gcd(t, pm1, e, ctx))
-                        goto err;
-                if (BN_is_one(t)
-                /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
-                 * offering similar or better guarantees 50 MR is considerably 
-                 * better.
-                 */
-                        && BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
-                        break;
-                if (!BN_add(p, p, p1p2))
-                        goto err;
-                }
-
-        if (cb)
-                cb(3, 0, cb_arg);
-
-        ret = 1;
-
-        err:
-
-        BN_CTX_end(ctx);
-
-        return ret;
-        }
-
-/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
- * Note: nbits paramter is sum of number of bits in both.
- */
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
-        {
-        BIGNUM *t;
-        int i;
-        /* Number of bits for each prime is of the form
-         * 512+128s for s = 0, 1, ...
-         */
-        if ((nbits < 1024) || (nbits & 0xff))
-                return 0;
-        nbits >>= 1;
-        /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
-         * 2^nbits - 1. By setting the top two bits we ensure that the lower
-         * bound is exceeded.
-         */
-        if (!BN_rand(Xp, nbits, 1, 0))
-                return 0;
-
-        BN_CTX_start(ctx);
-        t = BN_CTX_get(ctx);
-
-        for (i = 0; i < 1000; i++)
-                {
-                if (!BN_rand(Xq, nbits, 1, 0))
-                        return 0;
-                /* Check that |Xp - Xq| > 2^(nbits - 100) */
-                BN_sub(t, Xp, Xq);
-                if (BN_num_bits(t) > (nbits - 100))
-                        break;
-                }
-
-        BN_CTX_end(ctx);
-
-        if (i < 1000)
-                return 1;
-
-        return 0;
-
-        }
-
-/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
- * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
- * the relevant parameter will be stored in it.
- *
- * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
- * are generated using the previous function and supplied as input.
- */
-
-int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        BIGNUM *Xp1, BIGNUM *Xp2,
-                        const BIGNUM *Xp,
-                        const BIGNUM *e, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
-        {
-        int ret = 0;
-
-        BN_CTX_start(ctx);
-        if (!Xp1)
-                Xp1 = BN_CTX_get(ctx);
-        if (!Xp2)
-                Xp2 = BN_CTX_get(ctx);
-
-        if (!BN_rand(Xp1, 101, 0, 0))
-                goto error;
-        if (!BN_rand(Xp2, 101, 0, 0))
-                goto error;
-        if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
-                                                Xp, Xp1, Xp2, e, ctx))
-                goto error;
-
-        ret = 1;
-
-        error:
-        BN_CTX_end(ctx);
-
-        return ret;
-
-        }
-
-#endif
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
deleted file mode 100644
index 1fc32a6861..0000000000
--- a/src/lib/libcrypto/buffer/buf_err.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* crypto/buffer/buf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
-
-static ERR_STRING_DATA BUF_str_functs[]=
-        {
-{ERR_FUNC(BUF_F_BUF_MEM_GROW),  "BUF_MEM_grow"},
-{ERR_FUNC(BUF_F_BUF_MEM_NEW),   "BUF_MEM_new"},
-{ERR_FUNC(BUF_F_BUF_STRDUP),    "BUF_strdup"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA BUF_str_reasons[]=
-        {
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_BUF_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,BUF_str_functs);
-                ERR_load_strings(0,BUF_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
deleted file mode 100644
index d96487e7db..0000000000
--- a/src/lib/libcrypto/buffer/buffer.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-
-BUF_MEM *BUF_MEM_new(void)
-        {
-        BUF_MEM *ret;
-
-        ret=OPENSSL_malloc(sizeof(BUF_MEM));
-        if (ret == NULL)
-                {
-                BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->length=0;
-        ret->max=0;
-        ret->data=NULL;
-        return(ret);
-        }
-
-void BUF_MEM_free(BUF_MEM *a)
-        {
-        if(a == NULL)
-            return;
-
-        if (a->data != NULL)
-                {
-                memset(a->data,0,(unsigned int)a->max);
-                OPENSSL_free(a->data);
-                }
-        OPENSSL_free(a);
-        }
-
-int BUF_MEM_grow(BUF_MEM *str, int len)
-        {
-        char *ret;
-        unsigned int n;
-
-        if (str->length >= len)
-                {
-                str->length=len;
-                return(len);
-                }
-        if (str->max >= len)
-                {
-                memset(&str->data[str->length],0,len-str->length);
-                str->length=len;
-                return(len);
-                }
-        n=(len+3)/3*4;
-        if (str->data == NULL)
-                ret=OPENSSL_malloc(n);
-        else
-                ret=OPENSSL_realloc(str->data,n);
-        if (ret == NULL)
-                {
-                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-                len=0;
-                }
-        else
-                {
-                str->data=ret;
-                str->max=n;
-                memset(&str->data[str->length],0,len-str->length);
-                str->length=len;
-                }
-        return(len);
-        }
-
-int BUF_MEM_grow_clean(BUF_MEM *str, int len)
-        {
-        char *ret;
-        unsigned int n;
-
-        if (str->length >= len)
-                {
-                memset(&str->data[len],0,str->length-len);
-                str->length=len;
-                return(len);
-                }
-        if (str->max >= len)
-                {
-                memset(&str->data[str->length],0,len-str->length);
-                str->length=len;
-                return(len);
-                }
-        n=(len+3)/3*4;
-        if (str->data == NULL)
-                ret=OPENSSL_malloc(n);
-        else
-                ret=OPENSSL_realloc_clean(str->data,str->max,n);
-        if (ret == NULL)
-                {
-                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-                len=0;
-                }
-        else
-                {
-                str->data=ret;
-                str->max=n;
-                memset(&str->data[str->length],0,len-str->length);
-                str->length=len;
-                }
-        return(len);
-        }
-
-char *BUF_strdup(const char *str)
-        {
-        char *ret;
-        int n;
-
-        if (str == NULL) return(NULL);
-
-        n=strlen(str);
-        ret=OPENSSL_malloc(n+1);
-        if (ret == NULL) 
-                {
-                BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        memcpy(ret,str,n+1);
-        return(ret);
-        }
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
-        {
-        size_t l = 0;
-        for(; size > 1 && *src; size--)
-                {
-                *dst++ = *src++;
-                l++;
-                }
-        if (size)
-                *dst = '\0';
-        return l + strlen(src);
-        }
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
-        {
-        size_t l = 0;
-        for(; size > 0 && *dst; size--, dst++)
-                l++;
-        return l + BUF_strlcpy(dst, src, size);
-        }
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
deleted file mode 100644
index 465dc34f3f..0000000000
--- a/src/lib/libcrypto/buffer/buffer.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BUFFER_H
-#define HEADER_BUFFER_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stddef.h>
-#include <sys/types.h>
-
-typedef struct buf_mem_st
-        {
-        int length;     /* current number of bytes */
-        char *data;
-        int max;        /* size of buffer */
-        } BUF_MEM;
-
-BUF_MEM *BUF_MEM_new(void);
-void    BUF_MEM_free(BUF_MEM *a);
-int     BUF_MEM_grow(BUF_MEM *str, int len);
-int     BUF_MEM_grow_clean(BUF_MEM *str, int len);
-char *  BUF_strdup(const char *str);
-
-/* safe string functions */
-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
-size_t BUF_strlcat(char *dst,const char *src,size_t siz);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BUF_strings(void);
-
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEM_GROW                               100
-#define BUF_F_BUF_MEM_NEW                                101
-#define BUF_F_BUF_STRDUP                                 102
-
-/* Reason codes. */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl
deleted file mode 100644
index 0ed55d1905..0000000000
--- a/src/lib/libcrypto/cast/asm/cast-586.pl
+++ /dev/null
@@ -1,176 +0,0 @@
-#!/usr/local/bin/perl
-
-# define for pentium pro friendly version
-$ppro=1;
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-
-&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
-
-$CAST_ROUNDS=16;
-$L="edi";
-$R="esi";
-$K="ebp";
-$tmp1="ecx";
-$tmp2="ebx";
-$tmp3="eax";
-$tmp4="edx";
-$S1="CAST_S_table0";
-$S2="CAST_S_table1";
-$S3="CAST_S_table2";
-$S4="CAST_S_table3";
-
-@F1=("add","xor","sub");
-@F2=("xor","sub","add");
-@F3=("sub","add","xor");
-
-&CAST_encrypt("CAST_encrypt",1);
-&CAST_encrypt("CAST_decrypt",0);
-&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
-
-&asm_finish();
-
-sub CAST_encrypt {
-    local($name,$enc)=@_;
-
-    local($win_ex)=<<"EOF";
-EXTERN  _CAST_S_table0:DWORD
-EXTERN  _CAST_S_table1:DWORD
-EXTERN  _CAST_S_table2:DWORD
-EXTERN  _CAST_S_table3:DWORD
-EOF
-    &main::external_label(
-                          "CAST_S_table0",
-                          "CAST_S_table1",
-                          "CAST_S_table2",
-                          "CAST_S_table3",
-                          );
-
-    &function_begin_B($name,$win_ex);
-
-    &comment("");
-
-    &push("ebp");
-    &push("ebx");
-    &mov($tmp2,&wparam(0));
-    &mov($K,&wparam(1));
-    &push("esi");
-    &push("edi");
-
-    &comment("Load the 2 words");
-    &mov($L,&DWP(0,$tmp2,"",0));
-    &mov($R,&DWP(4,$tmp2,"",0));
-
-    &comment('Get short key flag');
-    &mov($tmp3,&DWP(128,$K,"",0));
-    if($enc) {
-        &push($tmp3);
-    } else {
-        &or($tmp3,$tmp3);
-        &jnz(&label('cast_dec_skip'));
-    }
-
-    &xor($tmp3, $tmp3);
-
-    # encrypting part
-
-    if ($enc) {
-        &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &comment('test short key flag');
-        &pop($tmp4);
-        &or($tmp4,$tmp4);
-        &jnz(&label('cast_enc_done'));
-        &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-    } else {
-        &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &set_label('cast_dec_skip');
-        &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-        &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-    }
-
-    &set_label('cast_enc_done') if $enc;
-# Why the nop? - Ben 17/1/99
-    &nop();
-    &mov($tmp3,&wparam(0));
-    &mov(&DWP(4,$tmp3,"",0),$L);
-    &mov(&DWP(0,$tmp3,"",0),$R);
-    &function_end($name);
-}
-
-sub E_CAST {
-    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
-    # Ri needs to have 16 pre added.
-
-    &comment("round $i");
-    &mov(       $tmp4,          &DWP($i*8,$K,"",1));
-
-    &mov(       $tmp1,          &DWP($i*8+4,$K,"",1));
-    &$OP1(      $tmp4,          $R);
-
-    &rotl(      $tmp4,          &LB($tmp1));
-
-    if ($ppro) {
-        &mov(   $tmp2,          $tmp4);         # B
-        &xor(   $tmp1,          $tmp1);
-        
-        &movb(  &LB($tmp1),     &HB($tmp4));    # A
-        &and(   $tmp2,          0xff);
-
-        &shr(   $tmp4,          16);            #
-        &xor(   $tmp3,          $tmp3);
-    } else {
-        &mov(   $tmp2,          $tmp4);         # B
-        &movb(  &LB($tmp1),     &HB($tmp4));    # A     # BAD BAD BAD
-        
-        &shr(   $tmp4,          16);            #
-        &and(   $tmp2,          0xff);
-    }
-
-    &movb(      &LB($tmp3),     &HB($tmp4));    # C     # BAD BAD BAD
-    &and(       $tmp4,          0xff);          # D
-
-    &mov(       $tmp1,          &DWP($S1,"",$tmp1,4));
-    &mov(       $tmp2,          &DWP($S2,"",$tmp2,4));
-
-    &$OP2(      $tmp1,          $tmp2);
-    &mov(       $tmp2,          &DWP($S3,"",$tmp3,4));
-
-    &$OP3(      $tmp1,          $tmp2);
-    &mov(       $tmp2,          &DWP($S4,"",$tmp4,4));
-
-    &$OP1(      $tmp1,          $tmp2);
-    # XXX
-
-    &xor(       $L,             $tmp1);
-    # XXX
-}
-
diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c
deleted file mode 100644
index 514c005c32..0000000000
--- a/src/lib/libcrypto/cast/c_cfb64.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/cast/c_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
-                        int *num, int enc)
-        {
-        register CAST_LONG v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        CAST_LONG ti[2];
-        unsigned char *iv,c,cc;
-
-        iv=ivec;
-        if (enc)
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                n2l(iv,v0); ti[0]=v0;
-                                n2l(iv,v1); ti[1]=v1;
-                                CAST_encrypt((CAST_LONG *)ti,schedule);
-                                iv=ivec;
-                                t=ti[0]; l2n(t,iv);
-                                t=ti[1]; l2n(t,iv);
-                                iv=ivec;
-                                }
-                        c= *(in++)^iv[n];
-                        *(out++)=c;
-                        iv[n]=c;
-                        n=(n+1)&0x07;
-                        }
-                }
-        else
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                n2l(iv,v0); ti[0]=v0;
-                                n2l(iv,v1); ti[1]=v1;
-                                CAST_encrypt((CAST_LONG *)ti,schedule);
-                                iv=ivec;
-                                t=ti[0]; l2n(t,iv);
-                                t=ti[1]; l2n(t,iv);
-                                iv=ivec;
-                                }
-                        cc= *(in++);
-                        c=iv[n];
-                        iv[n]=cc;
-                        *(out++)=c^cc;
-                        n=(n+1)&0x07;
-                        }
-                }
-        v0=v1=ti[0]=ti[1]=t=c=cc=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c
deleted file mode 100644
index 0b3da9ad87..0000000000
--- a/src/lib/libcrypto/cast/c_ecb.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/cast/c_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-#include <openssl/opensslv.h>
-
-const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
-
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      CAST_KEY *ks, int enc)
-        {
-        CAST_LONG l,d[2];
-
-        n2l(in,l); d[0]=l;
-        n2l(in,l); d[1]=l;
-        if (enc)
-                CAST_encrypt(d,ks);
-        else
-                CAST_decrypt(d,ks);
-        l=d[0]; l2n(l,out);
-        l=d[1]; l2n(l,out);
-        l=d[0]=d[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
deleted file mode 100644
index e80f65b698..0000000000
--- a/src/lib/libcrypto/cast/c_enc.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/* crypto/cast/c_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-#ifndef OPENBSD_CAST_ASM
-void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
-        {
-        register CAST_LONG l,r,*k,t;
-
-        k= &(key->data[0]);
-        l=data[0];
-        r=data[1];
-
-        E_CAST( 0,k,l,r,+,^,-);
-        E_CAST( 1,k,r,l,^,-,+);
-        E_CAST( 2,k,l,r,-,+,^);
-        E_CAST( 3,k,r,l,+,^,-);
-        E_CAST( 4,k,l,r,^,-,+);
-        E_CAST( 5,k,r,l,-,+,^);
-        E_CAST( 6,k,l,r,+,^,-);
-        E_CAST( 7,k,r,l,^,-,+);
-        E_CAST( 8,k,l,r,-,+,^);
-        E_CAST( 9,k,r,l,+,^,-);
-        E_CAST(10,k,l,r,^,-,+);
-        E_CAST(11,k,r,l,-,+,^);
-        if(!key->short_key)
-            {
-            E_CAST(12,k,l,r,+,^,-);
-            E_CAST(13,k,r,l,^,-,+);
-            E_CAST(14,k,l,r,-,+,^);
-            E_CAST(15,k,r,l,+,^,-);
-            }
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-        }
-
-void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
-        {
-        register CAST_LONG l,r,*k,t;
-
-        k= &(key->data[0]);
-        l=data[0];
-        r=data[1];
-
-        if(!key->short_key)
-            {
-            E_CAST(15,k,l,r,+,^,-);
-            E_CAST(14,k,r,l,-,+,^);
-            E_CAST(13,k,l,r,^,-,+);
-            E_CAST(12,k,r,l,+,^,-);
-            }
-        E_CAST(11,k,l,r,-,+,^);
-        E_CAST(10,k,r,l,^,-,+);
-        E_CAST( 9,k,l,r,+,^,-);
-        E_CAST( 8,k,r,l,-,+,^);
-        E_CAST( 7,k,l,r,^,-,+);
-        E_CAST( 6,k,r,l,+,^,-);
-        E_CAST( 5,k,l,r,-,+,^);
-        E_CAST( 4,k,r,l,^,-,+);
-        E_CAST( 3,k,l,r,+,^,-);
-        E_CAST( 2,k,r,l,-,+,^);
-        E_CAST( 1,k,l,r,^,-,+);
-        E_CAST( 0,k,r,l,+,^,-);
-
-        data[1]=l&0xffffffffL;
-        data[0]=r&0xffffffffL;
-        }
-#endif
-
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             CAST_KEY *ks, unsigned char *iv, int enc)
-        {
-        register CAST_LONG tin0,tin1;
-        register CAST_LONG tout0,tout1,xor0,xor1;
-        register long l=length;
-        CAST_LONG tin[2];
-
-        if (enc)
-                {
-                n2l(iv,tout0);
-                n2l(iv,tout1);
-                iv-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        CAST_encrypt(tin,ks);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        n2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        CAST_encrypt(tin,ks);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        }
-                l2n(tout0,iv);
-                l2n(tout1,iv);
-                }
-        else
-                {
-                n2l(iv,xor0);
-                n2l(iv,xor1);
-                iv-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        CAST_decrypt(tin,ks);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2n(tout0,out);
-                        l2n(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        n2l(in,tin0);
-                        n2l(in,tin1);
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        CAST_decrypt(tin,ks);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2nn(tout0,tout1,out,l+8);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                l2n(xor0,iv);
-                l2n(xor1,iv);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c
deleted file mode 100644
index fd0469a62f..0000000000
--- a/src/lib/libcrypto/cast/c_ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/cast/c_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
-                        int *num)
-        {
-        register CAST_LONG v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        unsigned char d[8];
-        register char *dp;
-        CAST_LONG ti[2];
-        unsigned char *iv;
-        int save=0;
-
-        iv=ivec;
-        n2l(iv,v0);
-        n2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        dp=(char *)d;
-        l2n(v0,dp);
-        l2n(v1,dp);
-        while (l--)
-                {
-                if (n == 0)
-                        {
-                        CAST_encrypt((CAST_LONG *)ti,schedule);
-                        dp=(char *)d;
-                        t=ti[0]; l2n(t,dp);
-                        t=ti[1]; l2n(t,dp);
-                        save++;
-                        }
-                *(out++)= *(in++)^d[n];
-                n=(n+1)&0x07;
-                }
-        if (save)
-                {
-                v0=ti[0];
-                v1=ti[1];
-                iv=ivec;
-                l2n(v0,iv);
-                l2n(v1,iv);
-                }
-        t=v0=v1=ti[0]=ti[1]=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
deleted file mode 100644
index db9b7573e0..0000000000
--- a/src/lib/libcrypto/cast/c_skey.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* crypto/cast/c_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/cast.h>
-
-#include "cast_lcl.h"
-#include "cast_s.h"
-
-#define CAST_exp(l,A,a,n) \
-        A[n/4]=l; \
-        a[n+3]=(l    )&0xff; \
-        a[n+2]=(l>> 8)&0xff; \
-        a[n+1]=(l>>16)&0xff; \
-        a[n+0]=(l>>24)&0xff;
-
-#define S4 CAST_S_table4
-#define S5 CAST_S_table5
-#define S6 CAST_S_table6
-#define S7 CAST_S_table7
-
-FIPS_NON_FIPS_VCIPHER_Init(CAST)
-        {
-        CAST_LONG x[16];
-        CAST_LONG z[16];
-        CAST_LONG k[32];
-        CAST_LONG X[4],Z[4];
-        CAST_LONG l,*K;
-        int i;
-
-        for (i=0; i<16; i++) x[i]=0;
-        if (len > 16) len=16;
-        for (i=0; i<len; i++)
-                x[i]=data[i];
-        if(len <= 10)
-            key->short_key=1;
-        else
-            key->short_key=0;
-
-        K= &k[0];
-        X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
-        X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
-        X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
-        X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
-
-        for (;;)
-                {
-        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
-        CAST_exp(l,Z,z, 0);
-        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
-        CAST_exp(l,Z,z, 4);
-        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
-        CAST_exp(l,Z,z, 8);
-        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
-        CAST_exp(l,Z,z,12);
-
-        K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
-        K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
-        K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
-        K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
-
-        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
-        CAST_exp(l,X,x, 0);
-        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
-        CAST_exp(l,X,x, 4);
-        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
-        CAST_exp(l,X,x, 8);
-        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
-        CAST_exp(l,X,x,12);
-
-        K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
-        K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
-        K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
-        K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
-
-        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
-        CAST_exp(l,Z,z, 0);
-        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
-        CAST_exp(l,Z,z, 4);
-        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
-        CAST_exp(l,Z,z, 8);
-        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
-        CAST_exp(l,Z,z,12);
-
-        K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
-        K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
-        K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
-        K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
-
-        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
-        CAST_exp(l,X,x, 0);
-        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
-        CAST_exp(l,X,x, 4);
-        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
-        CAST_exp(l,X,x, 8);
-        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
-        CAST_exp(l,X,x,12);
-
-        K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
-        K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
-        K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
-        K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
-        if (K != k)  break;
-        K+=16;
-                }
-
-        for (i=0; i<16; i++)
-                {
-                key->data[i*2]=k[i];
-                key->data[i*2+1]=((k[i+16])+16)&0x1f;
-                }
-        }
-
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h
deleted file mode 100644
index 9e300178d9..0000000000
--- a/src/lib/libcrypto/cast/cast.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/cast/cast.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CAST_H
-#define HEADER_CAST_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_CAST
-#error CAST is disabled.
-#endif
-
-#define CAST_ENCRYPT    1
-#define CAST_DECRYPT    0
-
-#define CAST_LONG unsigned long
-
-#define CAST_BLOCK      8
-#define CAST_KEY_LENGTH 16
-
-typedef struct cast_key_st
-        {
-        CAST_LONG data[32];
-        int short_key;  /* Use reduced rounds for short key */
-        } CAST_KEY;
-
-
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
-                      int enc);
-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                      CAST_KEY *ks, unsigned char *iv, int enc);
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
-                        int *num, int enc);
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
-                        int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h
deleted file mode 100644
index e756021a33..0000000000
--- a/src/lib/libcrypto/cast/cast_lcl.h
+++ /dev/null
@@ -1,227 +0,0 @@
-/* crypto/cast/cast_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include "e_os.h"
-
-#ifdef OPENSSL_SYS_WIN32
-#include <stdlib.h>
-#endif
-
-
-#undef c2l
-#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                                } \
-                        }
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
-#define ROTL(a,n)     (_lrotl(a,n))
-#else
-#define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
-#endif
-
-#define C_M    0x3fc
-#define C_0    22L
-#define C_1    14L
-#define C_2     6L
-#define C_3     2L /* left shift */
-
-/* The rotate has an extra 16 added to it to help the x86 asm */
-#if defined(CAST_PTR)
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
-        { \
-        int i; \
-        t=(key[n*2] OP1 R)&0xffffffffL; \
-        i=key[n*2+1]; \
-        t=ROTL(t,i); \
-        L^= (((((*(CAST_LONG *)((unsigned char *) \
-                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
-                *(CAST_LONG *)((unsigned char *) \
-                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
-                *(CAST_LONG *)((unsigned char *) \
-                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
-                *(CAST_LONG *)((unsigned char *) \
-                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
-        }
-#elif defined(CAST_PTR2)
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
-        { \
-        int i; \
-        CAST_LONG u,v,w; \
-        w=(key[n*2] OP1 R)&0xffffffffL; \
-        i=key[n*2+1]; \
-        w=ROTL(w,i); \
-        u=w>>C_2; \
-        v=w<<C_3; \
-        u&=C_M; \
-        v&=C_M; \
-        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
-        u=w>>C_0; \
-        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
-        v=w>>C_1; \
-        u&=C_M; \
-        v&=C_M; \
-        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
-        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
-        L^=(t&0xffffffff); \
-        }
-#else
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
-        { \
-        CAST_LONG a,b,c,d; \
-        t=(key[n*2] OP1 R)&0xffffffff; \
-        t=ROTL(t,(key[n*2+1])); \
-        a=CAST_S_table0[(t>> 8)&0xff]; \
-        b=CAST_S_table1[(t    )&0xff]; \
-        c=CAST_S_table2[(t>>24)&0xff]; \
-        d=CAST_S_table3[(t>>16)&0xff]; \
-        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
-        }
-#endif
-
-extern const CAST_LONG CAST_S_table0[256];
-extern const CAST_LONG CAST_S_table1[256];
-extern const CAST_LONG CAST_S_table2[256];
-extern const CAST_LONG CAST_S_table3[256];
-extern const CAST_LONG CAST_S_table4[256];
-extern const CAST_LONG CAST_S_table5[256];
-extern const CAST_LONG CAST_S_table6[256];
-extern const CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libcrypto/cast/cast_s.h b/src/lib/libcrypto/cast/cast_s.h
deleted file mode 100644
index c483fd5e43..0000000000
--- a/src/lib/libcrypto/cast/cast_s.h
+++ /dev/null
@@ -1,585 +0,0 @@
-/* crypto/cast/cast_s.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={
-        0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
-        0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
-        0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
-        0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
-        0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
-        0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
-        0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,
-        0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,
-        0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,
-        0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,
-        0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,
-        0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,
-        0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,
-        0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,
-        0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,
-        0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,
-        0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,
-        0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,
-        0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,
-        0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,
-        0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,
-        0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,
-        0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,
-        0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,
-        0xd7894360,0x425c750d,0x93b39e26,0x187184c9,
-        0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,
-        0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,
-        0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,
-        0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,
-        0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,
-        0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,
-        0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,
-        0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,
-        0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,
-        0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,
-        0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,
-        0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,
-        0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,
-        0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,
-        0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,
-        0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,
-        0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,
-        0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,
-        0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,
-        0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,
-        0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,
-        0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,
-        0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,
-        0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,
-        0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,
-        0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,
-        0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,
-        0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,
-        0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,
-        0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,
-        0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,
-        0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,
-        0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,
-        0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,
-        0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,
-        0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,
-        0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,
-        0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
-        0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={
-        0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
-        0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
-        0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
-        0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,
-        0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,
-        0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,
-        0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,
-        0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,
-        0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,
-        0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,
-        0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,
-        0x62143154,0x0d554b63,0x5d681121,0xc866c359,
-        0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,
-        0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,
-        0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,
-        0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,
-        0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,
-        0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,
-        0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,
-        0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,
-        0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,
-        0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,
-        0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,
-        0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,
-        0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,
-        0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,
-        0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,
-        0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,
-        0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,
-        0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,
-        0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,
-        0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,
-        0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,
-        0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,
-        0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,
-        0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,
-        0x73f98417,0xa1269859,0xec645c44,0x52c877a9,
-        0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,
-        0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,
-        0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,
-        0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,
-        0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,
-        0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,
-        0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,
-        0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,
-        0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,
-        0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,
-        0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,
-        0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,
-        0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,
-        0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,
-        0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,
-        0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,
-        0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,
-        0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,
-        0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,
-        0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,
-        0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,
-        0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,
-        0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,
-        0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,
-        0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,
-        0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
-        0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={
-        0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
-        0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
-        0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
-        0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,
-        0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,
-        0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,
-        0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,
-        0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,
-        0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,
-        0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,
-        0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,
-        0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,
-        0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,
-        0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,
-        0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,
-        0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,
-        0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,
-        0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,
-        0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,
-        0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,
-        0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,
-        0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,
-        0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,
-        0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,
-        0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,
-        0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,
-        0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,
-        0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,
-        0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,
-        0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,
-        0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,
-        0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,
-        0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,
-        0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,
-        0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,
-        0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,
-        0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,
-        0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,
-        0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,
-        0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,
-        0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,
-        0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,
-        0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,
-        0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,
-        0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,
-        0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,
-        0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,
-        0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,
-        0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,
-        0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,
-        0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,
-        0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,
-        0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,
-        0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,
-        0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,
-        0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,
-        0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,
-        0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,
-        0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,
-        0xaf96da0f,0x68458425,0x99833be5,0x600d457d,
-        0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,
-        0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,
-        0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
-        0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={
-        0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
-        0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
-        0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
-        0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,
-        0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,
-        0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,
-        0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,
-        0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,
-        0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,
-        0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,
-        0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,
-        0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,
-        0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,
-        0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,
-        0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,
-        0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,
-        0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,
-        0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,
-        0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,
-        0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,
-        0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,
-        0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,
-        0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,
-        0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,
-        0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,
-        0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,
-        0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,
-        0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,
-        0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,
-        0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,
-        0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,
-        0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,
-        0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,
-        0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,
-        0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,
-        0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,
-        0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,
-        0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,
-        0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,
-        0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,
-        0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,
-        0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,
-        0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,
-        0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,
-        0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,
-        0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,
-        0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,
-        0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,
-        0x109873f6,0x00613096,0xc32d9521,0xada121ff,
-        0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,
-        0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,
-        0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,
-        0x77079103,0xdea03af6,0x78a8565e,0xdee356df,
-        0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,
-        0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,
-        0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,
-        0x39e4460c,0x1fda8538,0x1987832f,0xca007367,
-        0xa99144f8,0x296b299e,0x492fc295,0x9266beab,
-        0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,
-        0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,
-        0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,
-        0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,
-        0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
-        0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={
-        0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
-        0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
-        0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
-        0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,
-        0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,
-        0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,
-        0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,
-        0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,
-        0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,
-        0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,
-        0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,
-        0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,
-        0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,
-        0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,
-        0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,
-        0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,
-        0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,
-        0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,
-        0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,
-        0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,
-        0x911e739a,0x17af8975,0x32c7911c,0x89f89468,
-        0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,
-        0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,
-        0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,
-        0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,
-        0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,
-        0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,
-        0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,
-        0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,
-        0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,
-        0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,
-        0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,
-        0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,
-        0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,
-        0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,
-        0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,
-        0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,
-        0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,
-        0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,
-        0x309e374f,0x2cb6356a,0x85808573,0x4991f840,
-        0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,
-        0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,
-        0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,
-        0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,
-        0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,
-        0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,
-        0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,
-        0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,
-        0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,
-        0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,
-        0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,
-        0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,
-        0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,
-        0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,
-        0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,
-        0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,
-        0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,
-        0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,
-        0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,
-        0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,
-        0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,
-        0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,
-        0xe822fe15,0x88570983,0x750e6249,0xda627e55,
-        0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={
-        0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
-        0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
-        0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
-        0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,
-        0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,
-        0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,
-        0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,
-        0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,
-        0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,
-        0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,
-        0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,
-        0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,
-        0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,
-        0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,
-        0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,
-        0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,
-        0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,
-        0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,
-        0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,
-        0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,
-        0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,
-        0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,
-        0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,
-        0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,
-        0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,
-        0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,
-        0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,
-        0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,
-        0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,
-        0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,
-        0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,
-        0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,
-        0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,
-        0x20951063,0x4576698d,0xb6fad407,0x592af950,
-        0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,
-        0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,
-        0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,
-        0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,
-        0x7dede786,0xc39a3373,0x42410005,0x6a091751,
-        0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,
-        0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,
-        0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,
-        0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,
-        0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,
-        0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,
-        0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,
-        0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,
-        0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,
-        0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,
-        0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,
-        0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,
-        0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,
-        0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,
-        0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,
-        0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,
-        0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,
-        0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,
-        0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,
-        0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,
-        0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,
-        0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,
-        0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,
-        0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
-        0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={
-        0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
-        0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
-        0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
-        0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,
-        0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,
-        0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,
-        0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,
-        0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,
-        0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,
-        0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,
-        0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,
-        0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,
-        0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,
-        0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,
-        0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,
-        0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,
-        0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,
-        0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,
-        0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,
-        0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,
-        0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,
-        0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,
-        0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,
-        0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,
-        0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,
-        0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,
-        0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,
-        0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,
-        0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,
-        0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,
-        0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,
-        0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,
-        0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,
-        0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,
-        0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,
-        0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,
-        0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,
-        0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,
-        0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,
-        0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,
-        0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,
-        0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,
-        0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,
-        0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,
-        0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,
-        0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,
-        0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,
-        0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,
-        0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,
-        0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,
-        0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,
-        0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,
-        0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,
-        0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,
-        0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,
-        0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,
-        0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,
-        0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,
-        0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,
-        0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,
-        0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,
-        0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,
-        0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
-        0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
-        };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={
-        0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
-        0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
-        0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
-        0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,
-        0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,
-        0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,
-        0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,
-        0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,
-        0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,
-        0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,
-        0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,
-        0x38129022,0xce949ad4,0xb84769ad,0x965bd862,
-        0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,
-        0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,
-        0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,
-        0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,
-        0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,
-        0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,
-        0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,
-        0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,
-        0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,
-        0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,
-        0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,
-        0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,
-        0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,
-        0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,
-        0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,
-        0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,
-        0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,
-        0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,
-        0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,
-        0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,
-        0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,
-        0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,
-        0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,
-        0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,
-        0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,
-        0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,
-        0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,
-        0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,
-        0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,
-        0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,
-        0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,
-        0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,
-        0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,
-        0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,
-        0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,
-        0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,
-        0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,
-        0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,
-        0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,
-        0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,
-        0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,
-        0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,
-        0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,
-        0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,
-        0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,
-        0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,
-        0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
-        0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
-        0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
-        0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
-        0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
-        0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
-        };
diff --git a/src/lib/libcrypto/comp/c_rle.c b/src/lib/libcrypto/comp/c_rle.c
deleted file mode 100644
index efd366fa22..0000000000
--- a/src/lib/libcrypto/comp/c_rle.c
+++ /dev/null
@@ -1,62 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static COMP_METHOD rle_method={
-        NID_rle_compression,
-        LN_rle_compression,
-        NULL,
-        NULL,
-        rle_compress_block,
-        rle_expand_block,
-        NULL,
-        NULL,
-        };
-
-COMP_METHOD *COMP_rle(void)
-        {
-        return(&rle_method);
-        }
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-             unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        /* int i; */
-
-        if (olen < (ilen+1))
-                {
-                /* ZZZZZZZZZZZZZZZZZZZZZZ */
-                return(-1);
-                }
-
-        *(out++)=0;
-        memcpy(out,in,ilen);
-        return(ilen+1);
-        }
-
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-             unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        int i;
-
-        if (olen < (ilen-1))
-                {
-                /* ZZZZZZZZZZZZZZZZZZZZZZ */
-                return(-1);
-                }
-
-        i= *(in++);
-        if (i == 0)
-                {
-                memcpy(out,in,ilen-1);
-                }
-        return(ilen-1);
-        }
-
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
deleted file mode 100644
index 5fcb521ffb..0000000000
--- a/src/lib/libcrypto/comp/c_zlib.c
+++ /dev/null
@@ -1,215 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include <openssl/err.h>
-
-COMP_METHOD *COMP_zlib(void );
-
-static COMP_METHOD zlib_method_nozlib={
-        NID_undef,
-        "(undef)",
-        NULL,
-        NULL,
-        NULL,
-        NULL,
-        NULL,
-        NULL,
-        };
-
-#ifndef ZLIB
-#undef ZLIB_SHARED
-#else
-
-#include <zlib.h>
-
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
-        uLong sourceLen);
-
-static COMP_METHOD zlib_method={
-        NID_zlib_compression,
-        LN_zlib_compression,
-        NULL,
-        NULL,
-        zlib_compress_block,
-        zlib_expand_block,
-        NULL,
-        NULL,
-        };
-
-/* 
- * When OpenSSL is built on Windows, we do not want to require that
- * the ZLIB.DLL be available in order for the OpenSSL DLLs to
- * work.  Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
-
-#ifdef ZLIB_SHARED
-#include <openssl/dso.h>
-
-/* Function pointers */
-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
-        const Bytef *source, uLong sourceLen);
-typedef int (*inflateEnd_ft)(z_streamp strm);
-typedef int (*inflate_ft)(z_streamp strm, int flush);
-typedef int (*inflateInit__ft)(z_streamp strm,
-        const char * version, int stream_size);
-static compress_ft      p_compress=NULL;
-static inflateEnd_ft    p_inflateEnd=NULL;
-static inflate_ft       p_inflate=NULL;
-static inflateInit__ft  p_inflateInit_=NULL;
-
-static int zlib_loaded = 0;     /* only attempt to init func pts once */
-static DSO *zlib_dso = NULL;
-
-#define compress                p_compress
-#define inflateEnd              p_inflateEnd
-#define inflate                 p_inflate
-#define inflateInit_            p_inflateInit_
-#endif /* ZLIB_SHARED */
-
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-             unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        unsigned long l;
-        int i;
-        int clear=1;
-
-        if (ilen > 128)
-                {
-                out[0]=1;
-                l=olen-1;
-                i=compress(&(out[1]),&l,in,(unsigned long)ilen);
-                if (i != Z_OK)
-                        return(-1);
-                if (ilen > l)
-                        {
-                        clear=0;
-                        l++;
-                        }
-                }
-        if (clear)
-                {
-                out[0]=0;
-                memcpy(&(out[1]),in,ilen);
-                l=ilen+1;
-                }
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"compress(%4d)->%4d %s\n",
-                ilen,(int)l,(clear)?"clear":"zlib");
-#endif
-        return((int)l);
-        }
-
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-             unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        unsigned long l;
-        int i;
-
-        if (in[0])
-                {
-                l=olen;
-                i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
-                if (i != Z_OK)
-                        return(-1);
-                }
-        else
-                {
-                memcpy(out,&(in[1]),ilen-1);
-                l=ilen-1;
-                }
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"expand  (%4d)->%4d %s\n",
-                ilen,(int)l,in[0]?"zlib":"clear");
-#endif
-        return((int)l);
-        }
-
-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
-             uLong sourceLen)
-{
-    z_stream stream;
-    int err;
-
-    stream.next_in = (Bytef*)source;
-    stream.avail_in = (uInt)sourceLen;
-    /* Check for source > 64K on 16-bit machine: */
-    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-
-    stream.next_out = dest;
-    stream.avail_out = (uInt)*destLen;
-    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
-    stream.zalloc = (alloc_func)0;
-    stream.zfree = (free_func)0;
-
-    err = inflateInit(&stream);
-    if (err != Z_OK) return err;
-
-    err = inflate(&stream, Z_FINISH);
-    if (err != Z_STREAM_END) {
-        inflateEnd(&stream);
-        return err;
-    }
-    *destLen = stream.total_out;
-
-    err = inflateEnd(&stream);
-    return err;
-}
-
-#endif
-
-COMP_METHOD *COMP_zlib(void)
-        {
-        COMP_METHOD *meth = &zlib_method_nozlib;
-
-#ifdef ZLIB_SHARED
-        if (!zlib_loaded)
-                {
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-                zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-#else
-                zlib_dso = DSO_load(NULL, "z", NULL, 0);
-#endif
-                if (zlib_dso != NULL)
-                        {
-                        p_compress
-                                = (compress_ft) DSO_bind_func(zlib_dso,
-                                        "compress");
-                        p_inflateEnd
-                                = (inflateEnd_ft) DSO_bind_func(zlib_dso,
-                                        "inflateEnd");
-                        p_inflate
-                                = (inflate_ft) DSO_bind_func(zlib_dso,
-                                        "inflate");
-                        p_inflateInit_
-                                = (inflateInit__ft) DSO_bind_func(zlib_dso,
-                                        "inflateInit_");
-
-                        if (p_compress && p_inflateEnd && p_inflate
-                                && p_inflateInit_)
-                                zlib_loaded++;
-                        }
-                }
-
-#endif
-#ifdef ZLIB_SHARED
-        if (zlib_loaded)
-#endif
-#if defined(ZLIB) || defined(ZLIB_SHARED)
-                meth = &zlib_method;
-#endif
-
-        return(meth);
-        }
-
diff --git a/src/lib/libcrypto/comp/comp.h b/src/lib/libcrypto/comp/comp.h
deleted file mode 100644
index ab48b78ae9..0000000000
--- a/src/lib/libcrypto/comp/comp.h
+++ /dev/null
@@ -1,59 +0,0 @@
-
-#ifndef HEADER_COMP_H
-#define HEADER_COMP_H
-
-#include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_method_st
-        {
-        int type;               /* NID for compression library */
-        const char *name;       /* A text string to identify the library */
-        int (*init)();
-        void (*finish)();
-        int (*compress)();
-        int (*expand)();
-        long (*ctrl)();
-        long (*callback_ctrl)();
-        } COMP_METHOD;
-
-typedef struct comp_ctx_st
-        {
-        COMP_METHOD *meth;
-        unsigned long compress_in;
-        unsigned long compress_out;
-        unsigned long expand_in;
-        unsigned long expand_out;
-
-        CRYPTO_EX_DATA  ex_data;
-        } COMP_CTX;
-
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-        unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-        unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void );
-COMP_METHOD *COMP_zlib(void );
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-
-/* Reason codes. */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c
deleted file mode 100644
index 1652b8c2c4..0000000000
--- a/src/lib/libcrypto/comp/comp_err.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* crypto/comp/comp_err.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/comp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA COMP_str_functs[]=
-        {
-{0,NULL}
-        };
-
-static ERR_STRING_DATA COMP_str_reasons[]=
-        {
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_COMP_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
-                ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/comp/comp_lib.c b/src/lib/libcrypto/comp/comp_lib.c
deleted file mode 100644
index beb98ce8cc..0000000000
--- a/src/lib/libcrypto/comp/comp_lib.c
+++ /dev/null
@@ -1,78 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
-        {
-        COMP_CTX *ret;
-
-        if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
-                {
-                /* ZZZZZZZZZZZZZZZZ */
-                return(NULL);
-                }
-        memset(ret,0,sizeof(COMP_CTX));
-        ret->meth=meth;
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-                {
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-#if 0
-        else
-                CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
-#endif
-        return(ret);
-        }
-
-void COMP_CTX_free(COMP_CTX *ctx)
-        {
-        /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
-
-        if(ctx == NULL)
-            return;
-
-        if (ctx->meth->finish != NULL)
-                ctx->meth->finish(ctx);
-
-        OPENSSL_free(ctx);
-        }
-
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-             unsigned char *in, int ilen)
-        {
-        int ret;
-        if (ctx->meth->compress == NULL)
-                {
-                /* ZZZZZZZZZZZZZZZZZ */
-                return(-1);
-                }
-        ret=ctx->meth->compress(ctx,out,olen,in,ilen);
-        if (ret > 0)
-                {
-                ctx->compress_in+=ilen;
-                ctx->compress_out+=ret;
-                }
-        return(ret);
-        }
-
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-             unsigned char *in, int ilen)
-        {
-        int ret;
-
-        if (ctx->meth->expand == NULL)
-                {
-                /* ZZZZZZZZZZZZZZZZZ */
-                return(-1);
-                }
-        ret=ctx->meth->expand(ctx,out,olen,in,ilen);
-        if (ret > 0)
-                {
-                ctx->expand_in+=ilen;
-                ctx->expand_out+=ret;
-                }
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/conf/README b/src/lib/libcrypto/conf/README
deleted file mode 100644
index ca58d0240f..0000000000
--- a/src/lib/libcrypto/conf/README
+++ /dev/null
@@ -1,78 +0,0 @@
-WARNING WARNING WARNING!!!
-
-This stuff is experimental, may change radically or be deleted altogether
-before OpenSSL 0.9.7 release. You have been warned!
-
-Configuration modules. These are a set of modules which can perform
-various configuration functions.
-
-Currently the routines should be called at most once when an application
-starts up: that is before it starts any threads.
-
-The routines read a configuration file set up like this:
-
------
-#default section
-openssl_init=init_section
-
-[init_section]
-
-module1=value1
-#Second instance of module1
-module1.1=valueX
-module2=value2
-module3=dso_literal
-module4=dso_section
-
-[dso_section]
-
-path=/some/path/to/some/dso.so
-other_stuff=other_value
-----
-
-When this file is loaded a configuration module with the specified
-string (module* in the above example) is looked up and its init
-function called as:
-
-int conf_init_func(CONF_IMODULE *md, CONF *cnf);
-
-The function can then take whatever action is appropriate, for example
-further lookups based on the value. Multiple instances of the same 
-config module can be loaded.
-
-When the application closes down the modules are cleaned up by calling
-an optional finish function:
-
-void conf_finish_func(CONF_IMODULE *md);
-
-The finish functions are called in reverse order: that is the last module
-loaded is the first one cleaned up.
-
-If no module exists with a given name then an attempt is made to load
-a DSO with the supplied name. This might mean that "module3" attempts
-to load a DSO called libmodule3.so or module3.dll for example. An explicit
-DSO name can be given by including a separate section as in the module4 example
-above.
-
-The DSO is expected to at least contain an initialization function:
-
-int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
-
-and may also include a finish function:
-
-void OPENSSL_finish(CONF_IMODULE *md);
-
-Static modules can also be added using,
-
-int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
-
-where "name" is the name in the configuration file this function corresponds to.
-
-A set of builtin modules (currently only an ASN1 non functional test module) can be 
-added by calling OPENSSL_load_builtin_modules(). 
-
-The function OPENSSL_config() is intended as a simple configuration function that
-any application can call to perform various default configuration tasks. It uses the
-file openssl.cnf in the usual locations.
-
-
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h
deleted file mode 100644
index f4671442ab..0000000000
--- a/src/lib/libcrypto/conf/conf.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/* crypto/conf/conf.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_H
-#define HEADER_CONF_H
-
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct
-        {
-        char *section;
-        char *name;
-        char *value;
-        } CONF_VALUE;
-
-DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_STACK_OF(CONF_MODULE)
-DECLARE_STACK_OF(CONF_IMODULE)
-
-struct conf_st;
-typedef struct conf_st CONF;
-struct conf_method_st;
-typedef struct conf_method_st CONF_METHOD;
-
-struct conf_method_st
-        {
-        const char *name;
-        CONF *(*create)(CONF_METHOD *meth);
-        int (*init)(CONF *conf);
-        int (*destroy)(CONF *conf);
-        int (*destroy_data)(CONF *conf);
-        int (*load_bio)(CONF *conf, BIO *bp, long *eline);
-        int (*dump)(const CONF *conf, BIO *bp);
-        int (*is_number)(const CONF *conf, char c);
-        int (*to_int)(const CONF *conf, char c);
-        int (*load)(CONF *conf, const char *name, long *eline);
-        };
-
-/* Module definitions */
-
-typedef struct conf_imodule_st CONF_IMODULE;
-typedef struct conf_module_st CONF_MODULE;
-
-/* DSO module function typedefs */
-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
-typedef void conf_finish_func(CONF_IMODULE *md);
-
-#define CONF_MFLAGS_IGNORE_ERRORS       0x1
-#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
-#define CONF_MFLAGS_SILENT              0x4
-#define CONF_MFLAGS_NO_DSO              0x8
-#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
-
-int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH *hash);
-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
-#endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
-char *CONF_get_string(LHASH *conf,const char *group,const char *name);
-long CONF_get_number(LHASH *conf,const char *group,const char *name);
-void CONF_free(LHASH *conf);
-int CONF_dump_fp(LHASH *conf, FILE *out);
-int CONF_dump_bio(LHASH *conf, BIO *out);
-
-void OPENSSL_config(const char *config_name);
-void OPENSSL_no_config(void);
-
-/* New conf code.  The semantics are different from the functions above.
-   If that wasn't the case, the above functions would have been replaced */
-
-struct conf_st
-        {
-        CONF_METHOD *meth;
-        void *meth_data;
-        LHASH *data;
-        };
-
-CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
-#if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML(void);
-#endif
-void NCONF_free(CONF *conf);
-void NCONF_free_data(CONF *conf);
-
-int NCONF_load(CONF *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
-#endif
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-                       long *result);
-int NCONF_dump_fp(const CONF *conf, FILE *out);
-int NCONF_dump_bio(const CONF *conf, BIO *out);
-
-#if 0 /* The following function has no error checking,
-         and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-#endif
-  
-/* Module functions */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-                      unsigned long flags);
-int CONF_modules_load_file(const char *filename, const char *appname,
-                           unsigned long flags);
-void CONF_modules_unload(int all);
-void CONF_modules_finish(void);
-void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
-                    conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
-
-char *CONF_get1_default_config_file(void);
-
-int CONF_parse_list(const char *list, int sep, int nospc,
-        int (*list_cb)(const char *elem, int len, void *usr), void *arg);
-
-void OPENSSL_load_builtin_modules(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CONF_strings(void);
-
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_DUMP_FP                              104
-#define CONF_F_CONF_LOAD                                 100
-#define CONF_F_CONF_LOAD_BIO                             102
-#define CONF_F_CONF_LOAD_FP                              103
-#define CONF_F_CONF_MODULES_LOAD                         116
-#define CONF_F_MODULE_INIT                               115
-#define CONF_F_MODULE_LOAD_DSO                           117
-#define CONF_F_MODULE_RUN                                118
-#define CONF_F_NCONF_DUMP_BIO                            105
-#define CONF_F_NCONF_DUMP_FP                             106
-#define CONF_F_NCONF_GET_NUMBER                          107
-#define CONF_F_NCONF_GET_NUMBER_E                        112
-#define CONF_F_NCONF_GET_SECTION                         108
-#define CONF_F_NCONF_GET_STRING                          109
-#define CONF_F_NCONF_LOAD                                113
-#define CONF_F_NCONF_LOAD_BIO                            110
-#define CONF_F_NCONF_LOAD_FP                             114
-#define CONF_F_NCONF_NEW                                 111
-#define CONF_F_STR_COPY                                  101
-
-/* Reason codes. */
-#define CONF_R_ERROR_LOADING_DSO                         110
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
-#define CONF_R_MISSING_EQUAL_SIGN                        101
-#define CONF_R_MISSING_FINISH_FUNCTION                   111
-#define CONF_R_MISSING_INIT_FUNCTION                     112
-#define CONF_R_MODULE_INITIALIZATION_ERROR               109
-#define CONF_R_NO_CLOSE_BRACE                            102
-#define CONF_R_NO_CONF                                   105
-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
-#define CONF_R_NO_SECTION                                107
-#define CONF_R_NO_SUCH_FILE                              114
-#define CONF_R_NO_VALUE                                  108
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
-#define CONF_R_UNKNOWN_MODULE_NAME                       113
-#define CONF_R_VARIABLE_HAS_NO_VALUE                     104
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
deleted file mode 100644
index 0032baa711..0000000000
--- a/src/lib/libcrypto/conf/conf_api.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* conf_api.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#ifndef CONF_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "e_os.h"
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
-/* We don't use function pointer casting or wrapper functions - but cast each
- * callback parameter inside the callback functions. */
-/* static unsigned long hash(CONF_VALUE *v); */
-static unsigned long hash(const void *v_void);
-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
-static int cmp_conf(const void *a_void,const void *b_void);
-
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
-        {
-        CONF_VALUE *v,vv;
-
-        if ((conf == NULL) || (section == NULL)) return(NULL);
-        vv.name=NULL;
-        vv.section=(char *)section;
-        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-        return(v);
-        }
-
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-                                               const char *section)
-        {
-        CONF_VALUE *v;
-
-        v=_CONF_get_section(conf,section);
-        if (v != NULL)
-                return((STACK_OF(CONF_VALUE) *)v->value);
-        else
-                return(NULL);
-        }
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
-        {
-        CONF_VALUE *v = NULL;
-        STACK_OF(CONF_VALUE) *ts;
-
-        ts = (STACK_OF(CONF_VALUE) *)section->value;
-
-        value->section=section->section;        
-        if (!sk_CONF_VALUE_push(ts,value))
-                {
-                return 0;
-                }
-
-        v = (CONF_VALUE *)lh_insert(conf->data, value);
-        if (v != NULL)
-                {
-                sk_CONF_VALUE_delete_ptr(ts,v);
-                OPENSSL_free(v->name);
-                OPENSSL_free(v->value);
-                OPENSSL_free(v);
-                }
-        return 1;
-        }
-
-char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
-        {
-        CONF_VALUE *v,vv;
-        char *p;
-
-        if (name == NULL) return(NULL);
-        if (conf != NULL)
-                {
-                if (section != NULL)
-                        {
-                        vv.name=(char *)name;
-                        vv.section=(char *)section;
-                        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-                        if (v != NULL) return(v->value);
-                        if (strcmp(section,"ENV") == 0)
-                                {
-                                p=Getenv(name);
-                                if (p != NULL) return(p);
-                                }
-                        }
-                vv.section="default";
-                vv.name=(char *)name;
-                v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-                if (v != NULL)
-                        return(v->value);
-                else
-                        return(NULL);
-                }
-        else
-                return(Getenv(name));
-        }
-
-#if 0 /* There's no way to provide error checking with this function, so
-         force implementors of the higher levels to get a string and read
-         the number themselves. */
-long _CONF_get_number(CONF *conf, char *section, char *name)
-        {
-        char *str;
-        long ret=0;
-
-        str=_CONF_get_string(conf,section,name);
-        if (str == NULL) return(0);
-        for (;;)
-                {
-                if (conf->meth->is_number(conf, *str))
-                        ret=ret*10+conf->meth->to_int(conf, *str);
-                else
-                        return(ret);
-                str++;
-                }
-        }
-#endif
-
-int _CONF_new_data(CONF *conf)
-        {
-        if (conf == NULL)
-                {
-                return 0;
-                }
-        if (conf->data == NULL)
-                if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
-                        {
-                        return 0;
-                        }
-        return 1;
-        }
-
-void _CONF_free_data(CONF *conf)
-        {
-        if (conf == NULL || conf->data == NULL) return;
-
-        conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
-                                  * works as expected */
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
-                        conf->data);
-
-        /* We now have only 'section' entries in the hash table.
-         * Due to problems with */
-
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
-                        conf->data);
-        lh_free(conf->data);
-        }
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
-        {
-        if (a->name != NULL)
-                {
-                a=(CONF_VALUE *)lh_delete(conf,a);
-                }
-        }
-
-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
-        {
-        CONF_VALUE *vv;
-        STACK *sk;
-        int i;
-
-        if (a->name != NULL) return;
-
-        sk=(STACK *)a->value;
-        for (i=sk_num(sk)-1; i>=0; i--)
-                {
-                vv=(CONF_VALUE *)sk_value(sk,i);
-                OPENSSL_free(vv->value);
-                OPENSSL_free(vv->name);
-                OPENSSL_free(vv);
-                }
-        if (sk != NULL) sk_free(sk);
-        OPENSSL_free(a->section);
-        OPENSSL_free(a);
-        }
-
-/* static unsigned long hash(CONF_VALUE *v) */
-static unsigned long hash(const void *v_void)
-        {
-        CONF_VALUE *v = (CONF_VALUE *)v_void;
-        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-        }
-
-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
-static int cmp_conf(const void *a_void,const  void *b_void)
-        {
-        int i;
-        CONF_VALUE *a = (CONF_VALUE *)a_void;
-        CONF_VALUE *b = (CONF_VALUE *)b_void;
-
-        if (a->section != b->section)
-                {
-                i=strcmp(a->section,b->section);
-                if (i) return(i);
-                }
-
-        if ((a->name != NULL) && (b->name != NULL))
-                {
-                i=strcmp(a->name,b->name);
-                return(i);
-                }
-        else if (a->name == b->name)
-                return(0);
-        else
-                return((a->name == NULL)?-1:1);
-        }
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
-        {
-        STACK *sk=NULL;
-        int ok=0,i;
-        CONF_VALUE *v=NULL,*vv;
-
-        if ((sk=sk_new_null()) == NULL)
-                goto err;
-        if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
-                goto err;
-        i=strlen(section)+1;
-        if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
-                goto err;
-
-        memcpy(v->section,section,i);
-        v->name=NULL;
-        v->value=(char *)sk;
-        
-        vv=(CONF_VALUE *)lh_insert(conf->data,v);
-        assert(vv == NULL);
-        ok=1;
-err:
-        if (!ok)
-                {
-                if (sk != NULL) sk_free(sk);
-                if (v != NULL) OPENSSL_free(v);
-                v=NULL;
-                }
-        return(v);
-        }
-
-IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/src/lib/libcrypto/conf/conf_api.h b/src/lib/libcrypto/conf/conf_api.h
deleted file mode 100644
index 87a954aff6..0000000000
--- a/src/lib/libcrypto/conf/conf_api.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* conf_api.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_API_H
-#define HEADER_CONF_API_H
-
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-                                               const char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(const CONF *conf, const char *section,
-                       const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
deleted file mode 100644
index 2464f8ed90..0000000000
--- a/src/lib/libcrypto/conf/conf_def.c
+++ /dev/null
@@ -1,750 +0,0 @@
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "conf_def.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include "cryptlib.h"
-
-static char *eat_ws(CONF *conf, char *p);
-static char *eat_alpha_numeric(CONF *conf, char *p);
-static void clear_comments(CONF *conf, char *p);
-static int str_copy(CONF *conf,char *section,char **to, char *from);
-static char *scan_quote(CONF *conf, char *p);
-static char *scan_dquote(CONF *conf, char *p);
-#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
-
-static CONF *def_create(CONF_METHOD *meth);
-static int def_init_default(CONF *conf);
-static int def_init_WIN32(CONF *conf);
-static int def_destroy(CONF *conf);
-static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, const char *name, long *eline);
-static int def_load_bio(CONF *conf, BIO *bp, long *eline);
-static int def_dump(const CONF *conf, BIO *bp);
-static int def_is_number(const CONF *conf, char c);
-static int def_to_int(const CONF *conf, char c);
-
-const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD default_method = {
-        "OpenSSL default",
-        def_create,
-        def_init_default,
-        def_destroy,
-        def_destroy_data,
-        def_load_bio,
-        def_dump,
-        def_is_number,
-        def_to_int,
-        def_load
-        };
-
-static CONF_METHOD WIN32_method = {
-        "WIN32",
-        def_create,
-        def_init_WIN32,
-        def_destroy,
-        def_destroy_data,
-        def_load_bio,
-        def_dump,
-        def_is_number,
-        def_to_int,
-        def_load
-        };
-
-CONF_METHOD *NCONF_default()
-        {
-        return &default_method;
-        }
-CONF_METHOD *NCONF_WIN32()
-        {
-        return &WIN32_method;
-        }
-
-static CONF *def_create(CONF_METHOD *meth)
-        {
-        CONF *ret;
-
-        ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
-        if (ret)
-                if (meth->init(ret) == 0)
-                        {
-                        OPENSSL_free(ret);
-                        ret = NULL;
-                        }
-        return ret;
-        }
-        
-static int def_init_default(CONF *conf)
-        {
-        if (conf == NULL)
-                return 0;
-
-        conf->meth = &default_method;
-        conf->meth_data = (void *)CONF_type_default;
-        conf->data = NULL;
-
-        return 1;
-        }
-
-static int def_init_WIN32(CONF *conf)
-        {
-        if (conf == NULL)
-                return 0;
-
-        conf->meth = &WIN32_method;
-        conf->meth_data = (void *)CONF_type_win32;
-        conf->data = NULL;
-
-        return 1;
-        }
-
-static int def_destroy(CONF *conf)
-        {
-        if (def_destroy_data(conf))
-                {
-                OPENSSL_free(conf);
-                return 1;
-                }
-        return 0;
-        }
-
-static int def_destroy_data(CONF *conf)
-        {
-        if (conf == NULL)
-                return 0;
-        _CONF_free_data(conf);
-        return 1;
-        }
-
-static int def_load(CONF *conf, const char *name, long *line)
-        {
-        int ret;
-        BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
-        in=BIO_new_file(name, "r");
-#else
-        in=BIO_new_file(name, "rb");
-#endif
-        if (in == NULL)
-                {
-                if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
-                        CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE);
-                else
-                        CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-                return 0;
-                }
-
-        ret = def_load_bio(conf, in, line);
-        BIO_free(in);
-
-        return ret;
-        }
-
-static int def_load_bio(CONF *conf, BIO *in, long *line)
-        {
-/* The macro BUFSIZE conflicts with a system macro in VxWorks */
-#define CONFBUFSIZE     512
-        int bufnum=0,i,ii;
-        BUF_MEM *buff=NULL;
-        char *s,*p,*end;
-        int again,n;
-        long eline=0;
-        char btmp[DECIMAL_SIZE(eline)+1];
-        CONF_VALUE *v=NULL,*tv;
-        CONF_VALUE *sv=NULL;
-        char *section=NULL,*buf;
-        STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
-        char *start,*psection,*pname;
-        void *h = (void *)(conf->data);
-
-        if ((buff=BUF_MEM_new()) == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
-                goto err;
-                }
-
-        section=(char *)OPENSSL_malloc(10);
-        if (section == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        BUF_strlcpy(section,"default",10);
-
-        if (_CONF_new_data(conf) == 0)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        sv=_CONF_new_section(conf,section);
-        if (sv == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                goto err;
-                }
-        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
-
-        bufnum=0;
-        again=0;
-        for (;;)
-                {
-                if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
-                        {
-                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
-                        goto err;
-                        }
-                p= &(buff->data[bufnum]);
-                *p='\0';
-                BIO_gets(in, p, CONFBUFSIZE-1);
-                p[CONFBUFSIZE-1]='\0';
-                ii=i=strlen(p);
-                if (i == 0 && !again) break;
-                again=0;
-                while (i > 0)
-                        {
-                        if ((p[i-1] != '\r') && (p[i-1] != '\n'))
-                                break;
-                        else
-                                i--;
-                        }
-                /* we removed some trailing stuff so there is a new
-                 * line on the end. */
-                if (ii && i == ii)
-                        again=1; /* long line */
-                else
-                        {
-                        p[i]='\0';
-                        eline++; /* another input line */
-                        }
-
-                /* we now have a line with trailing \r\n removed */
-
-                /* i is the number of bytes */
-                bufnum+=i;
-
-                v=NULL;
-                /* check for line continuation */
-                if (bufnum >= 1)
-                        {
-                        /* If we have bytes and the last char '\\' and
-                         * second last char is not '\\' */
-                        p= &(buff->data[bufnum-1]);
-                        if (IS_ESC(conf,p[0]) &&
-                                ((bufnum <= 1) || !IS_ESC(conf,p[-1])))
-                                {
-                                bufnum--;
-                                again=1;
-                                }
-                        }
-                if (again) continue;
-                bufnum=0;
-                buf=buff->data;
-
-                clear_comments(conf, buf);
-                n=strlen(buf);
-                s=eat_ws(conf, buf);
-                if (IS_EOF(conf,*s)) continue; /* blank line */
-                if (*s == '[')
-                        {
-                        char *ss;
-
-                        s++;
-                        start=eat_ws(conf, s);
-                        ss=start;
-again:
-                        end=eat_alpha_numeric(conf, ss);
-                        p=eat_ws(conf, end);
-                        if (*p != ']')
-                                {
-                                if (*p != '\0')
-                                        {
-                                        ss=p;
-                                        goto again;
-                                        }
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
-                                goto err;
-                                }
-                        *end='\0';
-                        if (!str_copy(conf,NULL,&section,start)) goto err;
-                        if ((sv=_CONF_get_section(conf,section)) == NULL)
-                                sv=_CONF_new_section(conf,section);
-                        if (sv == NULL)
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                                goto err;
-                                }
-                        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
-                        continue;
-                        }
-                else
-                        {
-                        pname=s;
-                        psection=NULL;
-                        end=eat_alpha_numeric(conf, s);
-                        if ((end[0] == ':') && (end[1] == ':'))
-                                {
-                                *end='\0';
-                                end+=2;
-                                psection=pname;
-                                pname=end;
-                                end=eat_alpha_numeric(conf, end);
-                                }
-                        p=eat_ws(conf, end);
-                        if (*p != '=')
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                CONF_R_MISSING_EQUAL_SIGN);
-                                goto err;
-                                }
-                        *end='\0';
-                        p++;
-                        start=eat_ws(conf, p);
-                        while (!IS_EOF(conf,*p))
-                                p++;
-                        p--;
-                        while ((p != start) && (IS_WS(conf,*p)))
-                                p--;
-                        p++;
-                        *p='\0';
-
-                        if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        if (psection == NULL) psection=section;
-                        v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
-                        v->value=NULL;
-                        if (v->name == NULL)
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        BUF_strlcpy(v->name,pname,strlen(pname)+1);
-                        if (!str_copy(conf,psection,&(v->value),start)) goto err;
-
-                        if (strcmp(psection,section) != 0)
-                                {
-                                if ((tv=_CONF_get_section(conf,psection))
-                                        == NULL)
-                                        tv=_CONF_new_section(conf,psection);
-                                if (tv == NULL)
-                                        {
-                                        CONFerr(CONF_F_CONF_LOAD_BIO,
-                                           CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-                                        goto err;
-                                        }
-                                ts=(STACK_OF(CONF_VALUE) *)tv->value;
-                                }
-                        else
-                                {
-                                tv=sv;
-                                ts=section_sk;
-                                }
-#if 1
-                        if (_CONF_add_string(conf, tv, v) == 0)
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-#else
-                        v->section=tv->section; 
-                        if (!sk_CONF_VALUE_push(ts,v))
-                                {
-                                CONFerr(CONF_F_CONF_LOAD_BIO,
-                                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        vv=(CONF_VALUE *)lh_insert(conf->data,v);
-                        if (vv != NULL)
-                                {
-                                sk_CONF_VALUE_delete_ptr(ts,vv);
-                                OPENSSL_free(vv->name);
-                                OPENSSL_free(vv->value);
-                                OPENSSL_free(vv);
-                                }
-#endif
-                        v=NULL;
-                        }
-                }
-        if (buff != NULL) BUF_MEM_free(buff);
-        if (section != NULL) OPENSSL_free(section);
-        return(1);
-err:
-        if (buff != NULL) BUF_MEM_free(buff);
-        if (section != NULL) OPENSSL_free(section);
-        if (line != NULL) *line=eline;
-        BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
-        ERR_add_error_data(2,"line ",btmp);
-        if ((h != conf->data) && (conf->data != NULL))
-                {
-                CONF_free(conf->data);
-                conf->data=NULL;
-                }
-        if (v != NULL)
-                {
-                if (v->name != NULL) OPENSSL_free(v->name);
-                if (v->value != NULL) OPENSSL_free(v->value);
-                if (v != NULL) OPENSSL_free(v);
-                }
-        return(0);
-        }
-
-static void clear_comments(CONF *conf, char *p)
-        {
-        char *to;
-
-        to=p;
-        for (;;)
-                {
-                if (IS_FCOMMENT(conf,*p))
-                        {
-                        *p='\0';
-                        return;
-                        }
-                if (!IS_WS(conf,*p))
-                        {
-                        break;
-                        }
-                p++;
-                }
-
-        for (;;)
-                {
-                if (IS_COMMENT(conf,*p))
-                        {
-                        *p='\0';
-                        return;
-                        }
-                if (IS_DQUOTE(conf,*p))
-                        {
-                        p=scan_dquote(conf, p);
-                        continue;
-                        }
-                if (IS_QUOTE(conf,*p))
-                        {
-                        p=scan_quote(conf, p);
-                        continue;
-                        }
-                if (IS_ESC(conf,*p))
-                        {
-                        p=scan_esc(conf,p);
-                        continue;
-                        }
-                if (IS_EOF(conf,*p))
-                        return;
-                else
-                        p++;
-                }
-        }
-
-static int str_copy(CONF *conf, char *section, char **pto, char *from)
-        {
-        int q,r,rr=0,to=0,len=0;
-        char *s,*e,*rp,*p,*rrp,*np,*cp,v;
-        BUF_MEM *buf;
-
-        if ((buf=BUF_MEM_new()) == NULL) return(0);
-
-        len=strlen(from)+1;
-        if (!BUF_MEM_grow(buf,len)) goto err;
-
-        for (;;)
-                {
-                if (IS_QUOTE(conf,*from))
-                        {
-                        q= *from;
-                        from++;
-                        while (!IS_EOF(conf,*from) && (*from != q))
-                                {
-                                if (IS_ESC(conf,*from))
-                                        {
-                                        from++;
-                                        if (IS_EOF(conf,*from)) break;
-                                        }
-                                buf->data[to++]= *(from++);
-                                }
-                        if (*from == q) from++;
-                        }
-                else if (IS_DQUOTE(conf,*from))
-                        {
-                        q= *from;
-                        from++;
-                        while (!IS_EOF(conf,*from))
-                                {
-                                if (*from == q)
-                                        {
-                                        if (*(from+1) == q)
-                                                {
-                                                from++;
-                                                }
-                                        else
-                                                {
-                                                break;
-                                                }
-                                        }
-                                buf->data[to++]= *(from++);
-                                }
-                        if (*from == q) from++;
-                        }
-                else if (IS_ESC(conf,*from))
-                        {
-                        from++;
-                        v= *(from++);
-                        if (IS_EOF(conf,v)) break;
-                        else if (v == 'r') v='\r';
-                        else if (v == 'n') v='\n';
-                        else if (v == 'b') v='\b';
-                        else if (v == 't') v='\t';
-                        buf->data[to++]= v;
-                        }
-                else if (IS_EOF(conf,*from))
-                        break;
-                else if (*from == '$')
-                        {
-                        /* try to expand it */
-                        rrp=NULL;
-                        s= &(from[1]);
-                        if (*s == '{')
-                                q='}';
-                        else if (*s == '(')
-                                q=')';
-                        else q=0;
-
-                        if (q) s++;
-                        cp=section;
-                        e=np=s;
-                        while (IS_ALPHA_NUMERIC(conf,*e))
-                                e++;
-                        if ((e[0] == ':') && (e[1] == ':'))
-                                {
-                                cp=np;
-                                rrp=e;
-                                rr= *e;
-                                *rrp='\0';
-                                e+=2;
-                                np=e;
-                                while (IS_ALPHA_NUMERIC(conf,*e))
-                                        e++;
-                                }
-                        r= *e;
-                        *e='\0';
-                        rp=e;
-                        if (q)
-                                {
-                                if (r != q)
-                                        {
-                                        CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
-                                        goto err;
-                                        }
-                                e++;
-                                }
-                        /* So at this point we have
-                         * np which is the start of the name string which is
-                         *   '\0' terminated. 
-                         * cp which is the start of the section string which is
-                         *   '\0' terminated.
-                         * e is the 'next point after'.
-                         * r and rr are the chars replaced by the '\0'
-                         * rp and rrp is where 'r' and 'rr' came from.
-                         */
-                        p=_CONF_get_string(conf,cp,np);
-                        if (rrp != NULL) *rrp=rr;
-                        *rp=r;
-                        if (p == NULL)
-                                {
-                                CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
-                                goto err;
-                                }
-                        BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
-                        while (*p)
-                                buf->data[to++]= *(p++);
-
-                        /* Since we change the pointer 'from', we also have
-                           to change the perceived length of the string it
-                           points at.  /RL */
-                        len -= e-from;
-                        from=e;
-
-                        /* In case there were no braces or parenthesis around
-                           the variable reference, we have to put back the
-                           character that was replaced with a '\0'.  /RL */
-                        *rp = r;
-                        }
-                else
-                        buf->data[to++]= *(from++);
-                }
-        buf->data[to]='\0';
-        if (*pto != NULL) OPENSSL_free(*pto);
-        *pto=buf->data;
-        OPENSSL_free(buf);
-        return(1);
-err:
-        if (buf != NULL) BUF_MEM_free(buf);
-        return(0);
-        }
-
-static char *eat_ws(CONF *conf, char *p)
-        {
-        while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
-                p++;
-        return(p);
-        }
-
-static char *eat_alpha_numeric(CONF *conf, char *p)
-        {
-        for (;;)
-                {
-                if (IS_ESC(conf,*p))
-                        {
-                        p=scan_esc(conf,p);
-                        continue;
-                        }
-                if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
-                        return(p);
-                p++;
-                }
-        }
-
-static char *scan_quote(CONF *conf, char *p)
-        {
-        int q= *p;
-
-        p++;
-        while (!(IS_EOF(conf,*p)) && (*p != q))
-                {
-                if (IS_ESC(conf,*p))
-                        {
-                        p++;
-                        if (IS_EOF(conf,*p)) return(p);
-                        }
-                p++;
-                }
-        if (*p == q) p++;
-        return(p);
-        }
-
-
-static char *scan_dquote(CONF *conf, char *p)
-        {
-        int q= *p;
-
-        p++;
-        while (!(IS_EOF(conf,*p)))
-                {
-                if (*p == q)
-                        {
-                        if (*(p+1) == q)
-                                {
-                                p++;
-                                }
-                        else
-                                {
-                                break;
-                                }
-                        }
-                p++;
-                }
-        if (*p == q) p++;
-        return(p);
-        }
-
-static void dump_value(CONF_VALUE *a, BIO *out)
-        {
-        if (a->name)
-                BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
-        else
-                BIO_printf(out, "[[%s]]\n", a->section);
-        }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
-
-static int def_dump(const CONF *conf, BIO *out)
-        {
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
-        return 1;
-        }
-
-static int def_is_number(const CONF *conf, char c)
-        {
-        return IS_NUMBER(conf,c);
-        }
-
-static int def_to_int(const CONF *conf, char c)
-        {
-        return c - '0';
-        }
-
diff --git a/src/lib/libcrypto/conf/conf_def.h b/src/lib/libcrypto/conf/conf_def.h
deleted file mode 100644
index 92a7d8ad77..0000000000
--- a/src/lib/libcrypto/conf/conf_def.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
-   Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER             1
-#define CONF_UPPER              2
-#define CONF_LOWER              4
-#define CONF_UNDER              256
-#define CONF_PUNCTUATION        512
-#define CONF_WS                 16
-#define CONF_ESC                32
-#define CONF_QUOTE              64
-#define CONF_DQUOTE             1024
-#define CONF_COMMENT            128
-#define CONF_FCOMMENT           2048
-#define CONF_EOF                8
-#define CONF_HIGHBIT            4096
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-                                        CONF_PUNCTUATION)
-
-#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-                                (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
-
-static unsigned short CONF_type_default[256]={
-        0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
-        0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-        0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-        0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
-        0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
-        0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        };
-
-static unsigned short CONF_type_win32[256]={
-        0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-        0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
-        0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-        0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-        0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
-        0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-        0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
-        0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-        0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-        };
-
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
deleted file mode 100644
index f5e2ca4bf0..0000000000
--- a/src/lib/libcrypto/conf/conf_err.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/conf/conf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
-
-static ERR_STRING_DATA CONF_str_functs[]=
-        {
-{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
-{ERR_FUNC(CONF_F_CONF_LOAD),    "CONF_load"},
-{ERR_FUNC(CONF_F_CONF_LOAD_BIO),        "CONF_load_bio"},
-{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD),    "CONF_modules_load"},
-{ERR_FUNC(CONF_F_MODULE_INIT),  "MODULE_INIT"},
-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO),      "MODULE_LOAD_DSO"},
-{ERR_FUNC(CONF_F_MODULE_RUN),   "MODULE_RUN"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO),       "NCONF_dump_bio"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_FP),        "NCONF_dump_fp"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER),     "NCONF_get_number"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),   "NCONF_get_number_e"},
-{ERR_FUNC(CONF_F_NCONF_GET_SECTION),    "NCONF_get_section"},
-{ERR_FUNC(CONF_F_NCONF_GET_STRING),     "NCONF_get_string"},
-{ERR_FUNC(CONF_F_NCONF_LOAD),   "NCONF_load"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO),       "NCONF_load_bio"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_FP),        "NCONF_load_fp"},
-{ERR_FUNC(CONF_F_NCONF_NEW),    "NCONF_new"},
-{ERR_FUNC(CONF_F_STR_COPY),     "STR_COPY"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA CONF_str_reasons[]=
-        {
-{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},
-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},
-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
-{ERR_REASON(CONF_R_NO_CLOSE_BRACE)       ,"no close brace"},
-{ERR_REASON(CONF_R_NO_CONF)              ,"no conf"},
-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
-{ERR_REASON(CONF_R_NO_SECTION)           ,"no section"},
-{ERR_REASON(CONF_R_NO_SUCH_FILE)         ,"no such file"},
-{ERR_REASON(CONF_R_NO_VALUE)             ,"no value"},
-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME)  ,"unknown module name"},
-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_CONF_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,CONF_str_functs);
-                ERR_load_strings(0,CONF_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
deleted file mode 100644
index 6a3cf109dd..0000000000
--- a/src/lib/libcrypto/conf/conf_lib.c
+++ /dev/null
@@ -1,401 +0,0 @@
-/* conf_lib.c */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include <openssl/lhash.h>
-
-const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD *default_CONF_method=NULL;
-
-/* Init a 'CONF' structure from an old LHASH */
-
-void CONF_set_nconf(CONF *conf, LHASH *hash)
-        {
-        if (default_CONF_method == NULL)
-                default_CONF_method = NCONF_default();
-
-        default_CONF_method->init(conf);
-        conf->data = hash;
-        }
-
-/* The following section contains the "CONF classic" functions,
-   rewritten in terms of the new CONF interface. */
-
-int CONF_set_default_method(CONF_METHOD *meth)
-        {
-        default_CONF_method = meth;
-        return 1;
-        }
-
-LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
-        {
-        LHASH *ltmp;
-        BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
-        in=BIO_new_file(file, "r");
-#else
-        in=BIO_new_file(file, "rb");
-#endif
-        if (in == NULL)
-                {
-                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-                return NULL;
-                }
-
-        ltmp = CONF_load_bio(conf, in, eline);
-        BIO_free(in);
-
-        return ltmp;
-        }
-
-#ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
-        {
-        BIO *btmp;
-        LHASH *ltmp;
-        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
-                return NULL;
-        }
-        ltmp = CONF_load_bio(conf, btmp, eline);
-        BIO_free(btmp);
-        return ltmp;
-        }
-#endif
-
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
-        {
-        CONF ctmp;
-        int ret;
-
-        CONF_set_nconf(&ctmp, conf);
-
-        ret = NCONF_load_bio(&ctmp, bp, eline);
-        if (ret)
-                return ctmp.data;
-        return NULL;
-        }
-
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
-        {
-        if (conf == NULL)
-                {
-                return NULL;
-                }
-        else
-                {
-                CONF ctmp;
-                CONF_set_nconf(&ctmp, conf);
-                return NCONF_get_section(&ctmp, section);
-                }
-        }
-
-char *CONF_get_string(LHASH *conf,const char *group,const char *name)
-        {
-        if (conf == NULL)
-                {
-                return NCONF_get_string(NULL, group, name);
-                }
-        else
-                {
-                CONF ctmp;
-                CONF_set_nconf(&ctmp, conf);
-                return NCONF_get_string(&ctmp, group, name);
-                }
-        }
-
-long CONF_get_number(LHASH *conf,const char *group,const char *name)
-        {
-        int status;
-        long result = 0;
-
-        if (conf == NULL)
-                {
-                status = NCONF_get_number_e(NULL, group, name, &result);
-                }
-        else
-                {
-                CONF ctmp;
-                CONF_set_nconf(&ctmp, conf);
-                status = NCONF_get_number_e(&ctmp, group, name, &result);
-                }
-
-        if (status == 0)
-                {
-                /* This function does not believe in errors... */
-                ERR_get_error();
-                }
-        return result;
-        }
-
-void CONF_free(LHASH *conf)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        NCONF_free_data(&ctmp);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int CONF_dump_fp(LHASH *conf, FILE *out)
-        {
-        BIO *btmp;
-        int ret;
-
-        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
-                return 0;
-        }
-        ret = CONF_dump_bio(conf, btmp);
-        BIO_free(btmp);
-        return ret;
-        }
-#endif
-
-int CONF_dump_bio(LHASH *conf, BIO *out)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return NCONF_dump_bio(&ctmp, out);
-        }
-
-/* The following section contains the "New CONF" functions.  They are
-   completely centralised around a new CONF structure that may contain
-   basically anything, but at least a method pointer and a table of data.
-   These functions are also written in terms of the bridge functions used
-   by the "CONF classic" functions, for consistency.  */
-
-CONF *NCONF_new(CONF_METHOD *meth)
-        {
-        CONF *ret;
-
-        if (meth == NULL)
-                meth = NCONF_default();
-
-        ret = meth->create(meth);
-        if (ret == NULL)
-                {
-                CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-
-        return ret;
-        }
-
-void NCONF_free(CONF *conf)
-        {
-        if (conf == NULL)
-                return;
-        conf->meth->destroy(conf);
-        }
-
-void NCONF_free_data(CONF *conf)
-        {
-        if (conf == NULL)
-                return;
-        conf->meth->destroy_data(conf);
-        }
-
-int NCONF_load(CONF *conf, const char *file, long *eline)
-        {
-        if (conf == NULL)
-                {
-                CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
-                return 0;
-                }
-
-        return conf->meth->load(conf, file, eline);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
-        {
-        BIO *btmp;
-        int ret;
-        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
-                {
-                CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
-                return 0;
-                }
-        ret = NCONF_load_bio(conf, btmp, eline);
-        BIO_free(btmp);
-        return ret;
-        }
-#endif
-
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
-        {
-        if (conf == NULL)
-                {
-                CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
-                return 0;
-                }
-
-        return conf->meth->load_bio(conf, bp, eline);
-        }
-
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
-        {
-        if (conf == NULL)
-                {
-                CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
-                return NULL;
-                }
-
-        if (section == NULL)
-                {
-                CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
-                return NULL;
-                }
-
-        return _CONF_get_section_values(conf, section);
-        }
-
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
-        {
-        char *s = _CONF_get_string(conf, group, name);
-
-        /* Since we may get a value from an environment variable even
-           if conf is NULL, let's check the value first */
-        if (s) return s;
-
-        if (conf == NULL)
-                {
-                CONFerr(CONF_F_NCONF_GET_STRING,
-                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
-                return NULL;
-                }
-        CONFerr(CONF_F_NCONF_GET_STRING,
-                CONF_R_NO_VALUE);
-        ERR_add_error_data(4,"group=",group," name=",name);
-        return NULL;
-        }
-
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-                       long *result)
-        {
-        char *str;
-
-        if (result == NULL)
-                {
-                CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-
-        str = NCONF_get_string(conf,group,name);
-
-        if (str == NULL)
-                return 0;
-
-        for (*result = 0;conf->meth->is_number(conf, *str);)
-                {
-                *result = (*result)*10 + conf->meth->to_int(conf, *str);
-                str++;
-                }
-
-        return 1;
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_dump_fp(const CONF *conf, FILE *out)
-        {
-        BIO *btmp;
-        int ret;
-        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-                CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
-                return 0;
-        }
-        ret = NCONF_dump_bio(conf, btmp);
-        BIO_free(btmp);
-        return ret;
-        }
-#endif
-
-int NCONF_dump_bio(const CONF *conf, BIO *out)
-        {
-        if (conf == NULL)
-                {
-                CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
-                return 0;
-                }
-
-        return conf->meth->dump(conf, out);
-        }
-
-
-/* This function should be avoided */
-#if 0
-long NCONF_get_number(CONF *conf,char *group,char *name)
-        {
-        int status;
-        long ret=0;
-
-        status = NCONF_get_number_e(conf, group, name, &ret);
-        if (status == 0)
-                {
-                /* This function does not believe in errors... */
-                ERR_get_error();
-                }
-        return ret;
-        }
-#endif
diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c
deleted file mode 100644
index 4ba40cf44c..0000000000
--- a/src/lib/libcrypto/conf/conf_mall.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* conf_mall.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* Load all OpenSSL builtin modules */
-
-void OPENSSL_load_builtin_modules(void)
-        {
-        /* Add builtin modules here */
-        ASN1_add_oid_module();
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_add_conf_module();
-#endif
-        }
-
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
deleted file mode 100644
index 812e60dc70..0000000000
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/* conf_mod.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-
-#define DSO_mod_init_name "OPENSSL_init"
-#define DSO_mod_finish_name "OPENSSL_finish"
-
-
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
-
-struct conf_module_st
-        {
-        /* DSO of this module or NULL if static */
-        DSO *dso;
-        /* Name of the module */
-        char *name;
-        /* Init function */
-        conf_init_func *init; 
-        /* Finish function */
-        conf_finish_func *finish;
-        /* Number of successfully initialized modules */
-        int links;
-        void *usr_data;
-        };
-
-
-/* This structure contains information about modules that have been
- * successfully initialized. There may be more than one entry for a
- * given module.
- */
-
-struct conf_imodule_st
-        {
-        CONF_MODULE *pmod;
-        char *name;
-        char *value;
-        unsigned long flags;
-        void *usr_data;
-        };
-
-static STACK_OF(CONF_MODULE) *supported_modules = NULL;
-static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
-
-static void module_free(CONF_MODULE *md);
-static void module_finish(CONF_IMODULE *imod);
-static int module_run(const CONF *cnf, char *name, char *value,
-                                          unsigned long flags);
-static CONF_MODULE *module_add(DSO *dso, const char *name,
-                        conf_init_func *ifunc, conf_finish_func *ffunc);
-static CONF_MODULE *module_find(char *name);
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
-                                           const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-                                                                        unsigned long flags);
-
-/* Main function: load modules from a CONF structure */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-                      unsigned long flags)
-        {
-        STACK_OF(CONF_VALUE) *values;
-        CONF_VALUE *vl;
-        char *vsection;
-
-        int ret, i;
-
-        if (!cnf)
-                return 1;
-
-        if (appname == NULL)
-                appname = "openssl_conf";
-
-        vsection = NCONF_get_string(cnf, NULL, appname); 
-
-        if (!vsection)
-                {
-                ERR_clear_error();
-                return 1;
-                }
-
-        values = NCONF_get_section(cnf, vsection);
-
-        if (!values)
-                return 0;
-
-        for (i = 0; i < sk_CONF_VALUE_num(values); i++)
-                {
-                vl = sk_CONF_VALUE_value(values, i);
-                ret = module_run(cnf, vl->name, vl->value, flags);
-                if (ret <= 0)
-                        if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
-                                return ret;
-                }
-
-        return 1;
-
-        }
-
-int CONF_modules_load_file(const char *filename, const char *appname,
-                           unsigned long flags)
-        {
-        char *file = NULL;
-        CONF *conf = NULL;
-        int ret = 0;
-        conf = NCONF_new(NULL);
-        if (!conf)
-                goto err;
-
-        if (filename == NULL)
-                {
-                file = CONF_get1_default_config_file();
-                if (!file)
-                        goto err;
-                }
-        else
-                file = (char *)filename;
-
-        if (NCONF_load(conf, file, NULL) <= 0)
-                {
-                if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
-                  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
-                        {
-                        ERR_clear_error();
-                        ret = 1;
-                        }
-                goto err;
-                }
-
-        ret = CONF_modules_load(conf, appname, flags);
-
-        err:
-        if (filename == NULL)
-                OPENSSL_free(file);
-        NCONF_free(conf);
-
-        return ret;
-        }
-
-static int module_run(const CONF *cnf, char *name, char *value,
-                      unsigned long flags)
-        {
-        CONF_MODULE *md;
-        int ret;
-
-        md = module_find(name);
-
-        /* Module not found: try to load DSO */
-        if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-                md = module_load_dso(cnf, name, value, flags);
-
-        if (!md)
-                {
-                if (!(flags & CONF_MFLAGS_SILENT))
-                        {
-                        CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
-                        ERR_add_error_data(2, "module=", name);
-                        }
-                return -1;
-                }
-
-        ret = module_init(md, name, value, cnf);
-
-        if (ret <= 0)
-                {
-                if (!(flags & CONF_MFLAGS_SILENT))
-                        {
-                        char rcode[DECIMAL_SIZE(ret)+1];
-                        CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
-                        BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
-                        ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
-                        }
-                }
-
-        return ret;
-        }
-
-/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-                                    unsigned long flags)
-        {
-        DSO *dso = NULL;
-        conf_init_func *ifunc;
-        conf_finish_func *ffunc;
-        char *path = NULL;
-        int errcode = 0;
-        CONF_MODULE *md;
-        /* Look for alternative path in module section */
-        path = NCONF_get_string(cnf, value, "path");
-        if (!path)
-                {
-                ERR_get_error();
-                path = name;
-                }
-        dso = DSO_load(NULL, path, NULL, 0);
-        if (!dso)
-                {
-                errcode = CONF_R_ERROR_LOADING_DSO;
-                goto err;
-                }
-        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
-        if (!ifunc)
-                {
-                errcode = CONF_R_MISSING_INIT_FUNCTION;
-                goto err;
-                }
-        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
-        /* All OK, add module */
-        md = module_add(dso, name, ifunc, ffunc);
-
-        if (!md)
-                goto err;
-
-        return md;
-
-        err:
-        if (dso)
-                DSO_free(dso);
-        CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
-        ERR_add_error_data(4, "module=", name, ", path=", path);
-        return NULL;
-        }
-
-/* add module to list */
-static CONF_MODULE *module_add(DSO *dso, const char *name,
-                               conf_init_func *ifunc, conf_finish_func *ffunc)
-        {
-        CONF_MODULE *tmod = NULL;
-        if (supported_modules == NULL)
-                supported_modules = sk_CONF_MODULE_new_null();
-        if (supported_modules == NULL)
-                return NULL;
-        tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
-        if (tmod == NULL)
-                return NULL;
-
-        tmod->dso = dso;
-        tmod->name = BUF_strdup(name);
-        tmod->init = ifunc;
-        tmod->finish = ffunc;
-        tmod->links = 0;
-
-        if (!sk_CONF_MODULE_push(supported_modules, tmod))
-                {
-                OPENSSL_free(tmod);
-                return NULL;
-                }
-
-        return tmod;
-        }
-
-/* Find a module from the list. We allow module names of the
- * form modname.XXXX to just search for modname to allow the
- * same module to be initialized more than once.
- */
-
-static CONF_MODULE *module_find(char *name)
-        {
-        CONF_MODULE *tmod;
-        int i, nchar;
-        char *p;
-        p = strrchr(name, '.');
-
-        if (p)
-                nchar = p - name;
-        else 
-                nchar = strlen(name);
-
-        for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
-                {
-                tmod = sk_CONF_MODULE_value(supported_modules, i);
-                if (!strncmp(tmod->name, name, nchar))
-                        return tmod;
-                }
-
-        return NULL;
-
-        }
-
-/* initialize a module */
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
-                       const CONF *cnf)
-        {
-        int ret = 1;
-        int init_called = 0;
-        CONF_IMODULE *imod = NULL;
-
-        /* Otherwise add initialized module to list */
-        imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
-        if (!imod)
-                goto err;
-
-        imod->pmod = pmod;
-        imod->name = BUF_strdup(name);
-        imod->value = BUF_strdup(value);
-        imod->usr_data = NULL;
-
-        if (!imod->name || !imod->value)
-                goto memerr;
-
-        /* Try to initialize module */
-        if(pmod->init)
-                {
-                ret = pmod->init(imod, cnf);
-                init_called = 1;
-                /* Error occurred, exit */
-                if (ret <= 0)
-                        goto err;
-                }
-
-        if (initialized_modules == NULL)
-                {
-                initialized_modules = sk_CONF_IMODULE_new_null();
-                if (!initialized_modules)
-                        {
-                        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-
-        if (!sk_CONF_IMODULE_push(initialized_modules, imod))
-                {
-                CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        pmod->links++;
-
-        return ret;
-
-        err:
-
-        /* We've started the module so we'd better finish it */
-        if (pmod->finish && init_called)
-                pmod->finish(imod);
-
-        memerr:
-        if (imod)
-                {
-                if (imod->name)
-                        OPENSSL_free(imod->name);
-                if (imod->value)
-                        OPENSSL_free(imod->value);
-                OPENSSL_free(imod);
-                }
-
-        return -1;
-
-        }
-
-/* Unload any dynamic modules that have a link count of zero:
- * i.e. have no active initialized modules. If 'all' is set
- * then all modules are unloaded including static ones.
- */
-
-void CONF_modules_unload(int all)
-        {
-        int i;
-        CONF_MODULE *md;
-        CONF_modules_finish();
-        /* unload modules in reverse order */
-        for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
-                {
-                md = sk_CONF_MODULE_value(supported_modules, i);
-                /* If static or in use and 'all' not set ignore it */
-                if (((md->links > 0) || !md->dso) && !all)
-                        continue;
-                /* Since we're working in reverse this is OK */
-                sk_CONF_MODULE_delete(supported_modules, i);
-                module_free(md);
-                }
-        if (sk_CONF_MODULE_num(supported_modules) == 0)
-                {
-                sk_CONF_MODULE_free(supported_modules);
-                supported_modules = NULL;
-                }
-        }
-
-/* unload a single module */
-static void module_free(CONF_MODULE *md)
-        {
-        if (md->dso)
-                DSO_free(md->dso);
-        OPENSSL_free(md->name);
-        OPENSSL_free(md);
-        }
-
-/* finish and free up all modules instances */
-
-void CONF_modules_finish(void)
-        {
-        CONF_IMODULE *imod;
-        while (sk_CONF_IMODULE_num(initialized_modules) > 0)
-                {
-                imod = sk_CONF_IMODULE_pop(initialized_modules);
-                module_finish(imod);
-                }
-        sk_CONF_IMODULE_free(initialized_modules);
-        initialized_modules = NULL;
-        }
-
-/* finish a module instance */
-
-static void module_finish(CONF_IMODULE *imod)
-        {
-        if (imod->pmod->finish)
-                imod->pmod->finish(imod);
-        imod->pmod->links--;
-        OPENSSL_free(imod->name);
-        OPENSSL_free(imod->value);
-        OPENSSL_free(imod);
-        }
-
-/* Add a static module to OpenSSL */
-
-int CONF_module_add(const char *name, conf_init_func *ifunc, 
-                    conf_finish_func *ffunc)
-        {
-        if (module_add(NULL, name, ifunc, ffunc))
-                return 1;
-        else
-                return 0;
-        }
-
-void CONF_modules_free(void)
-        {
-        CONF_modules_finish();
-        CONF_modules_unload(1);
-        }
-
-/* Utility functions */
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md)
-        {
-        return md->name;
-        }
-
-const char *CONF_imodule_get_value(const CONF_IMODULE *md)
-        {
-        return md->value;
-        }
-
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
-        {
-        return md->usr_data;
-        }
-
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
-        {
-        md->usr_data = usr_data;
-        }
-
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
-        {
-        return md->pmod;
-        }
-
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
-        {
-        return md->flags;
-        }
-
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
-        {
-        md->flags = flags;
-        }
-
-void *CONF_module_get_usr_data(CONF_MODULE *pmod)
-        {
-        return pmod->usr_data;
-        }
-
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
-        {
-        pmod->usr_data = usr_data;
-        }
-
-/* Return default config file name */
-
-char *CONF_get1_default_config_file(void)
-        {
-        char *file;
-        int len;
-
-        file = getenv("OPENSSL_CONF");
-        if (file) 
-                return BUF_strdup(file);
-
-        len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-        len++;
-#endif
-        len += strlen(OPENSSL_CONF);
-
-        file = OPENSSL_malloc(len + 1);
-
-        if (!file)
-                return NULL;
-        BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
-#ifndef OPENSSL_SYS_VMS
-        BUF_strlcat(file,"/",len + 1);
-#endif
-        BUF_strlcat(file,OPENSSL_CONF,len + 1);
-
-        return file;
-        }
-
-/* This function takes a list separated by 'sep' and calls the
- * callback function giving the start and length of each member
- * optionally stripping leading and trailing whitespace. This can
- * be used to parse comma separated lists for example.
- */
-
-int CONF_parse_list(const char *list_, int sep, int nospc,
-        int (*list_cb)(const char *elem, int len, void *usr), void *arg)
-        {
-        int ret;
-        const char *lstart, *tmpend, *p;
-        lstart = list_;
-
-        for(;;)
-                {
-                if (nospc)
-                        {
-                        while(isspace((unsigned char)*lstart))
-                                lstart++;
-                        }
-                p = strchr(lstart, sep);
-                if (p == lstart || !*lstart)
-                        ret = list_cb(NULL, 0, arg);
-                else
-                        {
-                        if (p)
-                                tmpend = p - 1;
-                        else 
-                                tmpend = lstart + strlen(lstart) - 1;
-                        if (nospc)
-                                {
-                                while(isspace((unsigned char)*tmpend))
-                                        tmpend--;
-                                }
-                        ret = list_cb(lstart, tmpend - lstart + 1, arg);
-                        }
-                if (ret <= 0)
-                        return ret;
-                if (p == NULL)
-                        return 1;
-                lstart = p + 1;
-                }
-        }
-
diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
deleted file mode 100644
index e15c2e5546..0000000000
--- a/src/lib/libcrypto/conf/conf_sap.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* conf_sap.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* This is the automatic configuration loader: it is called automatically by
- * OpenSSL when any of a number of standard initialisation functions are called,
- * unless this is overridden by calling OPENSSL_no_config()
- */
-
-static int openssl_configured = 0;
-
-void OPENSSL_config(const char *config_name)
-        {
-        if (openssl_configured)
-                return;
-
-        OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
-        /* Need to load ENGINEs */
-        ENGINE_load_builtin_engines();
-#endif
-        /* Add others here? */
-
-
-        ERR_clear_error();
-        if (CONF_modules_load_file(NULL, NULL,
-                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
-                {
-                BIO *bio_err;
-                ERR_load_crypto_strings();
-                if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
-                        {
-                        BIO_printf(bio_err,"Auto configuration failed\n");
-                        ERR_print_errors(bio_err);
-                        BIO_free(bio_err);
-                        }
-                exit(1);
-                }
-
-        return;
-        }
-
-void OPENSSL_no_config()
-        {
-        openssl_configured = 1;
-        }
diff --git a/src/lib/libcrypto/conf/keysets.pl b/src/lib/libcrypto/conf/keysets.pl
deleted file mode 100644
index 50ed67fa52..0000000000
--- a/src/lib/libcrypto/conf/keysets.pl
+++ /dev/null
@@ -1,185 +0,0 @@
-#!/usr/local/bin/perl
-
-$NUMBER=0x01;
-$UPPER=0x02;
-$LOWER=0x04;
-$UNDER=0x100;
-$PUNCTUATION=0x200;
-$WS=0x10;
-$ESC=0x20;
-$QUOTE=0x40;
-$DQUOTE=0x400;
-$COMMENT=0x80;
-$FCOMMENT=0x800;
-$EOF=0x08;
-$HIGHBIT=0x1000;
-
-foreach (0 .. 255)
-        {
-        $v=0;
-        $c=sprintf("%c",$_);
-        $v|=$NUMBER     if ($c =~ /[0-9]/);
-        $v|=$UPPER      if ($c =~ /[A-Z]/);
-        $v|=$LOWER      if ($c =~ /[a-z]/);
-        $v|=$UNDER      if ($c =~ /_/);
-        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-        $v|=$WS         if ($c =~ /[ \t\r\n]/);
-        $v|=$ESC        if ($c =~ /\\/);
-        $v|=$QUOTE      if ($c =~ /['`"]/); # for emacs: "`'}/)
-        $v|=$COMMENT    if ($c =~ /\#/);
-        $v|=$EOF        if ($c =~ /\0/);
-        $v|=$HIGHBIT    if ($c =~/[\x80-\xff]/);
-
-        push(@V_def,$v);
-        }
-
-foreach (0 .. 255)
-        {
-        $v=0;
-        $c=sprintf("%c",$_);
-        $v|=$NUMBER     if ($c =~ /[0-9]/);
-        $v|=$UPPER      if ($c =~ /[A-Z]/);
-        $v|=$LOWER      if ($c =~ /[a-z]/);
-        $v|=$UNDER      if ($c =~ /_/);
-        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-        $v|=$WS         if ($c =~ /[ \t\r\n]/);
-        $v|=$DQUOTE     if ($c =~ /["]/); # for emacs: "}/)
-        $v|=$FCOMMENT   if ($c =~ /;/);
-        $v|=$EOF        if ($c =~ /\0/);
-        $v|=$HIGHBIT    if ($c =~/[\x80-\xff]/);
-
-        push(@V_w32,$v);
-        }
-
-print <<"EOF";
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay\@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay\@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
-   Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER             $NUMBER
-#define CONF_UPPER              $UPPER
-#define CONF_LOWER              $LOWER
-#define CONF_UNDER              $UNDER
-#define CONF_PUNCTUATION        $PUNCTUATION
-#define CONF_WS                 $WS
-#define CONF_ESC                $ESC
-#define CONF_QUOTE              $QUOTE
-#define CONF_DQUOTE             $DQUOTE
-#define CONF_COMMENT            $COMMENT
-#define CONF_FCOMMENT           $FCOMMENT
-#define CONF_EOF                $EOF
-#define CONF_HIGHBIT            $HIGHBIT
-#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
-                                        CONF_PUNCTUATION)
-
-#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-                                (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
-
-EOF
-
-print "static unsigned short CONF_type_default[256]={";
-
-for ($i=0; $i<256; $i++)
-        {
-        print "\n\t" if ($i % 8) == 0;
-        printf "0x%04X,",$V_def[$i];
-        }
-
-print "\n\t};\n\n";
-
-print "static unsigned short CONF_type_win32[256]={";
-
-for ($i=0; $i<256; $i++)
-        {
-        print "\n\t" if ($i % 8) == 0;
-        printf "0x%04X,",$V_w32[$i];
-        }
-
-print "\n\t};\n\n";
diff --git a/src/lib/libcrypto/conf/ssleay.cnf b/src/lib/libcrypto/conf/ssleay.cnf
deleted file mode 100644
index ed33af601e..0000000000
--- a/src/lib/libcrypto/conf/ssleay.cnf
+++ /dev/null
@@ -1,78 +0,0 @@
-#
-# This is a test configuration file for use in SSLeay etc...
-#
-
-init = 5
-in\#it1 =10
-init2='10'
-init3='10\''
-init4="10'"
-init5='='10\'' again'
-
-SSLeay::version = 0.5.0
-
-[genrsa]
-default_bits    = 512
-SSLEAY::version = 0.5.0
-
-[gendh]
-default_bits    = 512
-def_generator   = 2
-
-[s_client]
-cipher1         = DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
-cipher2         = 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
-cipher3         = "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
-cipher4         = DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
-
-[ default ]
-cert_dir        = $ENV::HOME/.ca_certs
-
-HOME            = /tmp/eay
-
-tmp_cert_dir    = $HOME/.ca_certs
-tmp2_cert_dir   = thisis$(HOME)stuff
-
-LOGNAME = Eric Young (home=$HOME)
-
-[ special ]
-
-H=$HOME
-H=$default::HOME
-H=$ENV::HOME
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = $HOME/.rand
-
-[ req ]
-default_bits            = 512
-default_keyfile         = privkey.pem
-
-Attribute_type_1        = countryName
-Attribute_text_1        = Country Name (2 letter code)
-Attribute_default_1     = AU
-
-Attribute_type_2        = stateOrProvinceName
-Attribute_text_2        = State or Province Name (full name)
-Attribute_default_2     = Queensland
-
-Attribute_type_3        = localityName
-Attribute_text_3        = Locality Name (eg, city)
-
-Attribute_type_4        = organizationName
-Attribute_text_4        = Organization Name (eg, company)
-Attribute_default_4     = Mincom Pty Ltd
-
-Attribute_type_5        = organizationalUnitName
-Attribute_text_5        = Organizational Unit Name (eg, section)
-Attribute_default_5     = TR
-
-Attribute_type_6        = commonName
-Attribute_text_6        = Common Name (eg, YOUR name)
-
-Attribute_type_7        = emailAddress
-Attribute_text_7        = Email Address
-
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c
deleted file mode 100644
index 06a6109cce..0000000000
--- a/src/lib/libcrypto/cpt_err.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/cpt_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
-
-static ERR_STRING_DATA CRYPTO_str_functs[]=
-        {
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX),    "CRYPTO_get_ex_new_index"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID),   "CRYPTO_get_new_dynlockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID),      "CRYPTO_get_new_lockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),      "DEF_ADD_INDEX"},
-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),      "DEF_GET_CLASS"},
-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),    "INT_DUP_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),   "INT_FREE_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),    "INT_NEW_EX_DATA"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA CRYPTO_str_reasons[]=
-        {
-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_CRYPTO_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,CRYPTO_str_functs);
-                ERR_load_strings(0,CRYPTO_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
deleted file mode 100644
index e63bbe8dba..0000000000
--- a/src/lib/libcrypto/cryptlib.c
+++ /dev/null
@@ -1,744 +0,0 @@
-/* crypto/cryptlib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/safestack.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
-#endif
-
-DECLARE_STACK_OF(CRYPTO_dynlock)
-IMPLEMENT_STACK_OF(CRYPTO_dynlock)
-
-/* real #defines in crypto.h, keep these upto date */
-static const char* lock_names[CRYPTO_NUM_LOCKS] =
-        {
-        "<<ERROR>>",
-        "err",
-        "ex_data",
-        "x509",
-        "x509_info",
-        "x509_pkey",
-        "x509_crl",
-        "x509_req",
-        "dsa",
-        "rsa",
-        "evp_pkey",
-        "x509_store",
-        "ssl_ctx",
-        "ssl_cert",
-        "ssl_session",
-        "ssl_sess_cert",
-        "ssl",
-        "ssl_method",
-        "rand",
-        "rand2",
-        "debug_malloc",
-        "BIO",
-        "gethostbyname",
-        "getservbyname",
-        "readdir",
-        "RSA_blinding",
-        "dh",
-        "debug_malloc2",
-        "dso",
-        "dynlock",
-        "engine",
-        "ui",
-        "hwcrhk",               /* This is a HACK which will disappear in 0.9.8 */
-        "fips",
-        "fips2",
-#if CRYPTO_NUM_LOCKS != 35
-# error "Inconsistency between crypto.h and cryptlib.c"
-#endif
-        };
-
-/* This is for applications to allocate new type names in the non-dynamic
-   array of lock names.  These are numbered with positive numbers.  */
-static STACK *app_locks=NULL;
-
-/* For applications that want a more dynamic way of handling threads, the
-   following stack is used.  These are externally numbered with negative
-   numbers.  */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-
-static void (MS_FAR *locking_callback)(int mode,int type,
-        const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-        int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-        (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-        struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-        const char *file,int line)=NULL;
-
-int CRYPTO_get_new_lockid(char *name)
-        {
-        char *str;
-        int i;
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-        /* A hack to make Visual C++ 5.0 work correctly when linking as
-         * a DLL using /MT. Without this, the application cannot use
-         * and floating point printf's.
-         * It also seems to be needed for Visual C 1.5 (win16) */
-        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
-#endif
-
-        if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
-                {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((str=BUF_strdup(name)) == NULL)
-                {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        i=sk_push(app_locks,str);
-        if (!i)
-                OPENSSL_free(str);
-        else
-                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
-        return(i);
-        }
-
-int CRYPTO_num_locks(void)
-        {
-        return CRYPTO_NUM_LOCKS;
-        }
-
-int CRYPTO_get_new_dynlockid(void)
-        {
-        int i = 0;
-        CRYPTO_dynlock *pointer = NULL;
-
-        if (dynlock_create_callback == NULL)
-                {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
-                return(0);
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-        if ((dyn_locks == NULL)
-                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
-                {
-                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
-        if (pointer == NULL)
-                {
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        pointer->references = 1;
-        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
-        if (pointer->data == NULL)
-                {
-                OPENSSL_free(pointer);
-                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-
-        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-        /* First, try to find an existing empty slot */
-        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
-        /* If there was none, push, thereby creating a new one */
-        if (i == -1)
-                /* Since sk_push() returns the number of items on the
-                   stack, not the location of the pushed item, we need
-                   to transform the returned number into a position,
-                   by decreasing it.  */
-                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
-        else
-                /* If we found a place with a NULL pointer, put our pointer
-                   in it.  */
-                sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-        if (i == -1)
-                {
-                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-                OPENSSL_free(pointer);
-                }
-        else
-                i += 1; /* to avoid 0 */
-        return -i;
-        }
-
-void CRYPTO_destroy_dynlockid(int i)
-        {
-        CRYPTO_dynlock *pointer = NULL;
-        if (i)
-                i = -i-1;
-        if (dynlock_destroy_callback == NULL)
-                return;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
-                {
-                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-                return;
-                }
-        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-        if (pointer != NULL)
-                {
-                --pointer->references;
-#ifdef REF_CHECK
-                if (pointer->references < 0)
-                        {
-                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
-                        abort();
-                        }
-                else
-#endif
-                        if (pointer->references <= 0)
-                                {
-                                sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
-                                }
-                        else
-                                pointer = NULL;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-        if (pointer)
-                {
-                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-                OPENSSL_free(pointer);
-                }
-        }
-
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
-        {
-        CRYPTO_dynlock *pointer = NULL;
-        if (i)
-                i = -i-1;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
-                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-        if (pointer)
-                pointer->references++;
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-        if (pointer)
-                return pointer->data;
-        return NULL;
-        }
-
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
-        (const char *file,int line)
-        {
-        return(dynlock_create_callback);
-        }
-
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
-        struct CRYPTO_dynlock_value *l, const char *file,int line)
-        {
-        return(dynlock_lock_callback);
-        }
-
-void (*CRYPTO_get_dynlock_destroy_callback(void))
-        (struct CRYPTO_dynlock_value *l, const char *file,int line)
-        {
-        return(dynlock_destroy_callback);
-        }
-
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
-        (const char *file, int line))
-        {
-        dynlock_create_callback=func;
-        }
-
-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
-        struct CRYPTO_dynlock_value *l, const char *file, int line))
-        {
-        dynlock_lock_callback=func;
-        }
-
-void CRYPTO_set_dynlock_destroy_callback(void (*func)
-        (struct CRYPTO_dynlock_value *l, const char *file, int line))
-        {
-        dynlock_destroy_callback=func;
-        }
-
-
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-                int line)
-        {
-        return(locking_callback);
-        }
-
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-                                          const char *file,int line)
-        {
-        return(add_lock_callback);
-        }
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-                                              const char *file,int line))
-        {
-        locking_callback=func;
-        }
-
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-                                              const char *file,int line))
-        {
-        add_lock_callback=func;
-        }
-
-unsigned long (*CRYPTO_get_id_callback(void))(void)
-        {
-        return(id_callback);
-        }
-
-void CRYPTO_set_id_callback(unsigned long (*func)(void))
-        {
-        id_callback=func;
-        }
-
-unsigned long CRYPTO_thread_id(void)
-        {
-        unsigned long ret=0;
-
-        if (id_callback == NULL)
-                {
-#ifdef OPENSSL_SYS_WIN16
-                ret=(unsigned long)GetCurrentTask();
-#elif defined(OPENSSL_SYS_WIN32)
-                ret=(unsigned long)GetCurrentThreadId();
-#elif defined(GETPID_IS_MEANINGLESS)
-                ret=1L;
-#else
-                ret=(unsigned long)getpid();
-#endif
-                }
-        else
-                ret=id_callback();
-        return(ret);
-        }
-
-void CRYPTO_lock(int mode, int type, const char *file, int line)
-        {
-#ifdef LOCK_DEBUG
-                {
-                char *rw_text,*operation_text;
-
-                if (mode & CRYPTO_LOCK)
-                        operation_text="lock  ";
-                else if (mode & CRYPTO_UNLOCK)
-                        operation_text="unlock";
-                else
-                        operation_text="ERROR ";
-
-                if (mode & CRYPTO_READ)
-                        rw_text="r";
-                else if (mode & CRYPTO_WRITE)
-                        rw_text="w";
-                else
-                        rw_text="ERROR";
-
-                fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
-                        CRYPTO_thread_id(), rw_text, operation_text,
-                        CRYPTO_get_lock_name(type), file, line);
-                }
-#endif
-        if (type < 0)
-                {
-                if (dynlock_lock_callback != NULL)
-                        {
-                        struct CRYPTO_dynlock_value *pointer
-                                = CRYPTO_get_dynlock_value(type);
-
-                        OPENSSL_assert(pointer != NULL);
-
-                        dynlock_lock_callback(mode, pointer, file, line);
-
-                        CRYPTO_destroy_dynlockid(type);
-                        }
-                }
-        else
-                if (locking_callback != NULL)
-                        locking_callback(mode,type,file,line);
-        }
-
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
-             int line)
-        {
-        int ret = 0;
-
-        if (add_lock_callback != NULL)
-                {
-#ifdef LOCK_DEBUG
-                int before= *pointer;
-#endif
-
-                ret=add_lock_callback(pointer,amount,type,file,line);
-#ifdef LOCK_DEBUG
-                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
-                        before,amount,ret,
-                        CRYPTO_get_lock_name(type),
-                        file,line);
-#endif
-                }
-        else
-                {
-                CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
-
-                ret= *pointer+amount;
-#ifdef LOCK_DEBUG
-                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
-                        *pointer,amount,ret,
-                        CRYPTO_get_lock_name(type),
-                        file,line);
-#endif
-                *pointer=ret;
-                CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
-                }
-        return(ret);
-        }
-
-const char *CRYPTO_get_lock_name(int type)
-        {
-        if (type < 0)
-                return("dynamic");
-        else if (type < CRYPTO_NUM_LOCKS)
-                return(lock_names[type]);
-        else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
-                return("ERROR");
-        else
-                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
-        }
-
-int OPENSSL_NONPIC_relocated=0;
-
-#if defined(_WIN32) && defined(_WINDLL)
-
-/* All we really need to do is remove the 'error' state when a thread
- * detaches */
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
-             LPVOID lpvReserved)
-        {
-        switch(fdwReason)
-                {
-        case DLL_PROCESS_ATTACH:
-#if defined(_WIN32_WINNT)
-                {
-                IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
-                IMAGE_NT_HEADERS *nt_headers;
-
-                if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-                        {
-                        nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
-                                                + dos_header->e_lfanew);
-                        if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-                            hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
-                                OPENSSL_NONPIC_relocated=1;
-                        }
-                }
-#endif
-                break;
-        case DLL_THREAD_ATTACH:
-                break;
-        case DLL_THREAD_DETACH:
-                ERR_remove_state(0);
-                break;
-        case DLL_PROCESS_DETACH:
-                break;
-                }
-        return(TRUE);
-        }
-#endif
-
-#if defined(_WIN32)
-#include <tchar.h>
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-static int IsService(void)
-{ HWINSTA h;
-  DWORD len;
-  WCHAR *name;
-
-    (void)GetDesktopWindow(); /* return value is ignored */
-
-    h = GetProcessWindowStation();
-    if (h==NULL) return -1;
-
-    if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
-        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-        return -1;
-
-    if (len>512) return -1;             /* paranoia */
-    len++,len&=~1;                      /* paranoia */
-#ifdef _MSC_VER
-    name=(WCHAR *)_alloca(len+sizeof(WCHAR));
-#else
-    name=(WCHAR *)alloca(len+sizeof(WCHAR));
-#endif
-    if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
-        return -1;
-
-    len++,len&=~1;                      /* paranoia */
-    name[len/sizeof(WCHAR)]=L'\0';      /* paranoia */
-#if 1
-    /* This doesn't cover "interactive" services [working with real
-     * WinSta0's] nor programs started non-interactively by Task
-     * Scheduler [those are working with SAWinSta]. */
-    if (wcsstr(name,L"Service-0x"))     return 1;
-#else
-    /* This covers all non-interactive programs such as services. */
-    if (!wcsstr(name,L"WinSta0"))       return 1;
-#endif
-    else                                return 0;
-}
-#endif
-
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-  TCHAR buf[256];
-  const TCHAR *fmt;
-  HANDLE h;
-
-    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
-        GetFileType(h)!=FILE_TYPE_UNKNOWN)
-    {   /* must be console application */
-        va_start (ap,fmta);
-        vfprintf (stderr,fmta,ap);
-        va_end (ap);
-        return;
-    }
-
-    if (sizeof(TCHAR)==sizeof(char))
-        fmt=(const TCHAR *)fmta;
-    else do
-    { int    keepgoing;
-      size_t len_0=strlen(fmta)+1,i;
-      WCHAR *fmtw;
-
-#ifdef _MSC_VER
-        fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
-        fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
-        if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
-
-#ifndef OPENSSL_NO_MULTIBYTE
-        if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
-#endif
-            for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
-
-        for (i=0;i<len_0;i++)
-        {   if (fmtw[i]==L'%') do
-            {   keepgoing=0;
-                switch (fmtw[i+1])
-                {   case L'0': case L'1': case L'2': case L'3': case L'4':
-                    case L'5': case L'6': case L'7': case L'8': case L'9':
-                    case L'.': case L'*':
-                    case L'-':  i++; keepgoing=1; break;
-                    case L's':  fmtw[i+1]=L'S';   break;
-                    case L'S':  fmtw[i+1]=L's';   break;
-                    case L'c':  fmtw[i+1]=L'C';   break;
-                    case L'C':  fmtw[i+1]=L'c';   break;
-                }
-            } while (keepgoing);
-        }
-        fmt = (const TCHAR *)fmtw;
-    } while (0);
-
-    va_start (ap,fmta);
-    _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
-    buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
-    va_end (ap);
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-    /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && IsService())
-    {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
-        const TCHAR *pmsg=buf;
-        ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
-        DeregisterEventSource(h);
-    }
-    else
-#endif
-    {   MSGBOXPARAMS         m;
-
-        m.cbSize             = sizeof(m);
-        m.hwndOwner          = NULL;
-        m.lpszCaption        = _T("OpenSSL: FATAL");
-        m.dwStyle            = MB_OK;
-        m.hInstance          = NULL;
-        m.lpszIcon           = IDI_ERROR;
-        m.dwContextHelpId    = 0;
-        m.lpfnMsgBoxCallback = NULL;
-        m.dwLanguageId       = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
-        m.lpszText           = buf;
-
-        MessageBoxIndirect (&m);
-    }
-}
-#else
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-
-    va_start (ap,fmta);
-    vfprintf (stderr,fmta,ap);
-    va_end (ap);
-}
-#endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-        {
-        OPENSSL_showfatal(
-                "%s(%d): OpenSSL internal error, assertion failed: %s\n",
-                file,line,assertion);
-        abort();
-        }
-
-void *OPENSSL_stderr(void)      { return stderr; }
-
-#ifdef OPENSSL_FIPS
-
-void fips_w_lock(void)          { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
-void fips_w_unlock(void)        { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
-void fips_r_lock(void)          { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-void fips_r_unlock(void)        { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
-
-static int fips_started = 0;
-static unsigned long fips_thread = 0;
-
-void fips_set_started(void)
-        {
-        fips_started = 1;
-        }
-
-int fips_is_started(void)
-        {
-        return fips_started;
-        }
-
-int fips_is_owning_thread(void)
-        {
-        int ret = 0;
-
-        if (fips_is_started())
-                {
-                CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
-                if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
-                        ret = 1;
-                CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
-                }
-        return ret;
-        }
-
-int fips_set_owning_thread(void)
-        {
-        int ret = 0;
-
-        if (fips_is_started())
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-                if (fips_thread == 0)
-                        {
-                        fips_thread = CRYPTO_thread_id();
-                        ret = 1;
-                        }
-                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-                }
-        return ret;
-        }
-
-int fips_clear_owning_thread(void)
-        {
-        int ret = 0;
-
-        if (fips_is_started())
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-                if (fips_thread == CRYPTO_thread_id())
-                        {
-                        fips_thread = 0;
-                        ret = 1;
-                        }
-                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-                }
-        return ret;
-        }
-
-unsigned char *fips_signature_witness(void)
-        {
-        extern unsigned char FIPS_signature[];
-        return FIPS_signature;
-        }
-#endif /* OPENSSL_FIPS */
-
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
deleted file mode 100644
index 6f59e08ca6..0000000000
--- a/src/lib/libcrypto/cryptlib.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* crypto/cryptlib.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CRYPTLIB_H
-#define HEADER_CRYPTLIB_H
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/buffer.h> 
-#include <openssl/bio.h> 
-#include <openssl/err.h>
-#include <openssl/opensslconf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_SYS_VMS
-#define X509_CERT_AREA          OPENSSLDIR
-#define X509_CERT_DIR           OPENSSLDIR "/certs"
-#define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
-#define X509_PRIVATE_DIR        OPENSSLDIR "/private"
-#else
-#define X509_CERT_AREA          "SSLROOT:[000000]"
-#define X509_CERT_DIR           "SSLCERTS:"
-#define X509_CERT_FILE          "SSLCERTS:cert.pem"
-#define X509_PRIVATE_DIR        "SSLPRIVATE:"
-#endif
-
-#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
-#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
-
-/* size of string representations */
-#define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type)          (sizeof(type)*2)
-
-void OPENSSL_showfatal(const char *,...);
-void *OPENSSL_stderr(void);
-extern int OPENSSL_NONPIC_relocated;
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
deleted file mode 100644
index 22fd939e65..0000000000
--- a/src/lib/libcrypto/crypto.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* crypto/crypto.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#include <stdlib.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/opensslv.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* Resolve problems on some operating systems with symbol names that clash
-   one way or another */
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Backward compatibility to SSLeay */
-/* This is more to be used to check the correct DLL is being used
- * in the MS world. */
-#define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
-#define SSLEAY_VERSION          0
-/* #define SSLEAY_OPTIONS       1 no longer supported */
-#define SSLEAY_CFLAGS           2
-#define SSLEAY_BUILT_ON         3
-#define SSLEAY_PLATFORM         4
-#define SSLEAY_DIR              5
-
-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
- * names in cryptlib.c
- */
-
-#define CRYPTO_LOCK_ERR                 1
-#define CRYPTO_LOCK_EX_DATA             2
-#define CRYPTO_LOCK_X509                3
-#define CRYPTO_LOCK_X509_INFO           4
-#define CRYPTO_LOCK_X509_PKEY           5
-#define CRYPTO_LOCK_X509_CRL            6
-#define CRYPTO_LOCK_X509_REQ            7
-#define CRYPTO_LOCK_DSA                 8
-#define CRYPTO_LOCK_RSA                 9
-#define CRYPTO_LOCK_EVP_PKEY            10
-#define CRYPTO_LOCK_X509_STORE          11
-#define CRYPTO_LOCK_SSL_CTX             12
-#define CRYPTO_LOCK_SSL_CERT            13
-#define CRYPTO_LOCK_SSL_SESSION         14
-#define CRYPTO_LOCK_SSL_SESS_CERT       15
-#define CRYPTO_LOCK_SSL                 16
-#define CRYPTO_LOCK_SSL_METHOD          17
-#define CRYPTO_LOCK_RAND                18
-#define CRYPTO_LOCK_RAND2               19
-#define CRYPTO_LOCK_MALLOC              20
-#define CRYPTO_LOCK_BIO                 21
-#define CRYPTO_LOCK_GETHOSTBYNAME       22
-#define CRYPTO_LOCK_GETSERVBYNAME       23
-#define CRYPTO_LOCK_READDIR             24
-#define CRYPTO_LOCK_RSA_BLINDING        25
-#define CRYPTO_LOCK_DH                  26
-#define CRYPTO_LOCK_MALLOC2             27
-#define CRYPTO_LOCK_DSO                 28
-#define CRYPTO_LOCK_DYNLOCK             29
-#define CRYPTO_LOCK_ENGINE              30
-#define CRYPTO_LOCK_UI                  31
-#define CRYPTO_LOCK_HWCRHK              32 /* This is a HACK which will disappear in 0.9.8 */
-#define CRYPTO_LOCK_FIPS                33
-#define CRYPTO_LOCK_FIPS2               34
-#define CRYPTO_NUM_LOCKS                35
-
-#define CRYPTO_LOCK             1
-#define CRYPTO_UNLOCK           2
-#define CRYPTO_READ             4
-#define CRYPTO_WRITE            8
-
-#ifndef OPENSSL_NO_LOCKING
-#ifndef CRYPTO_w_lock
-#define CRYPTO_w_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_w_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_r_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_r_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_add(addr,amount,type)    \
-        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-#endif
-#else
-#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
-#define CRYPTO_r_lock(a)
-#define CRYPTO_r_unlock(a)
-#define CRYPTO_add(a,b,c)       ((*(a))+=(b))
-#endif
-
-/* Some applications as well as some parts of OpenSSL need to allocate
-   and deallocate locks in a dynamic fashion.  The following typedef
-   makes this possible in a type-safe manner.  */
-/* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct
-        {
-        int references;
-        struct CRYPTO_dynlock_value *data;
-        } CRYPTO_dynlock;
-
-
-/* The following can be used to detect memory leaks in the SSLeay library.
- * It used, it turns on malloc checking */
-
-#define CRYPTO_MEM_CHECK_OFF    0x0     /* an enume */
-#define CRYPTO_MEM_CHECK_ON     0x1     /* a bit */
-#define CRYPTO_MEM_CHECK_ENABLE 0x2     /* a bit */
-#define CRYPTO_MEM_CHECK_DISABLE 0x3    /* an enume */
-
-/* The following are bit values to turn on or off options connected to the
- * malloc checking functionality */
-
-/* Adds time to the memory checking information */
-#define V_CRYPTO_MDEBUG_TIME    0x1 /* a bit */
-/* Adds thread number to the memory checking information */
-#define V_CRYPTO_MDEBUG_THREAD  0x2 /* a bit */
-
-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
-
-
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
-typedef struct crypto_ex_data_st
-        {
-        STACK *sk;
-        int dummy; /* gcc is screwing up this data structure :-( */
-        } CRYPTO_EX_DATA;
-
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                                        int idx, long argl, void *argp);
-
-/* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
-
-typedef struct crypto_ex_data_func_st
-        {
-        long argl;      /* Arbitary long */
-        void *argp;     /* Arbitary void * */
-        CRYPTO_EX_new *new_func;
-        CRYPTO_EX_free *free_func;
-        CRYPTO_EX_dup *dup_func;
-        } CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-#define CRYPTO_EX_INDEX_BIO             0
-#define CRYPTO_EX_INDEX_SSL             1
-#define CRYPTO_EX_INDEX_SSL_CTX         2
-#define CRYPTO_EX_INDEX_SSL_SESSION     3
-#define CRYPTO_EX_INDEX_X509_STORE      4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX  5
-#define CRYPTO_EX_INDEX_RSA             6
-#define CRYPTO_EX_INDEX_DSA             7
-#define CRYPTO_EX_INDEX_DH              8
-#define CRYPTO_EX_INDEX_ENGINE          9
-#define CRYPTO_EX_INDEX_X509            10
-#define CRYPTO_EX_INDEX_UI              11
-
-/* Dynamically assigned indexes start from this value (don't use directly, use
- * via CRYPTO_ex_data_new_class). */
-#define CRYPTO_EX_INDEX_USER            100
-
-
-/* This is the default callbacks, but we can have others as well:
- * this is needed in Win32 where the application malloc and the
- * library malloc may not be the same.
- */
-#define CRYPTO_malloc_init()    CRYPTO_set_mem_functions(\
-        malloc, realloc, free)
-
-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
-#  define CRYPTO_MDEBUG
-# endif
-#endif
-
-/* Set standard debugging functions (not done by default
- * unless CRYPTO_MDEBUG is defined) */
-#define CRYPTO_malloc_debug_init()      do {\
-        CRYPTO_set_mem_debug_functions(\
-                CRYPTO_dbg_malloc,\
-                CRYPTO_dbg_realloc,\
-                CRYPTO_dbg_free,\
-                CRYPTO_dbg_set_options,\
-                CRYPTO_dbg_get_options);\
-        } while(0)
-
-int CRYPTO_mem_ctrl(int mode);
-int CRYPTO_is_mem_check_on(void);
-
-/* for applications */
-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
-#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
-
-/* for library-internal use */
-#define MemCheck_on()   CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
-#define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
-#define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_realloc(addr,num) \
-        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_realloc_clean(addr,old_num,num) \
-        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-#define OPENSSL_remalloc(addr,num) \
-        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_freeFunc        CRYPTO_free
-#define OPENSSL_free(addr)      CRYPTO_free(addr)
-
-#define OPENSSL_malloc_locked(num) \
-        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-const char *SSLeay_version(int type);
-unsigned long SSLeay(void);
-
-int OPENSSL_issetugid(void);
-
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL   CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
-/* Within a given class, get/register a new index */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
- * class (invokes whatever per-class callbacks are applicable) */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
- * (relative to the class type involved) */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
-/* This function cleans up all "ex_data" state. It mustn't be called under
- * potential race-conditions. */
-void CRYPTO_cleanup_all_ex_data(void);
-
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
-void CRYPTO_lock(int mode, int type,const char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-                                              const char *file,int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-                int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-                                              const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-                                          const char *file,int line);
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-unsigned long (*CRYPTO_get_id_callback(void))(void);
-unsigned long CRYPTO_thread_id(void);
-const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
-                    int line);
-
-int CRYPTO_get_new_dynlockid(void);
-void CRYPTO_destroy_dynlockid(int i);
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
-
-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
- * call the latter last if you need different functions */
-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                void *(*r)(void *,size_t,const char *,int),
-                                void (*f)(void *));
-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                       void (*free_func)(void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
-                                   void (*r)(void *,void *,int,const char *,int,int),
-                                   void (*f)(void *,int),
-                                   void (*so)(long),
-                                   long (*go)(void));
-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                 void *(**r)(void *, size_t,const char *,int),
-                                 void (**f)(void *));
-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                        void (**f)(void *));
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
-                                    void (**r)(void *,void *,int,const char *,int,int),
-                                    void (**f)(void *,int),
-                                    void (**so)(long),
-                                    long (**go)(void));
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
-void *CRYPTO_malloc(int num, const char *file, int line);
-void CRYPTO_free(void *);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
-                           int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
-
-void OPENSSL_cleanse(void *ptr, size_t len);
-
-void CRYPTO_set_mem_debug_options(long bits);
-long CRYPTO_get_mem_debug_options(void);
-
-#define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, __FILE__, __LINE__);
-int CRYPTO_push_info_(const char *info, const char *file, int line);
-int CRYPTO_pop_info(void);
-int CRYPTO_remove_all_info(void);
-
-
-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
- *
- * 0:   called before the actual memory allocation has taken place
- * 1:   called after the actual memory allocation has taken place
- */
-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_free(void *addr,int before_p);
-/* Tell the debugging code about options.  By default, the following values
- * apply:
- *
- * 0:                           Clear all options.
- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
- */
-void CRYPTO_dbg_set_options(long bits);
-long CRYPTO_dbg_get_options(void);
-
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *);
-#endif
-void CRYPTO_mem_leaks(struct bio_st *bio);
-/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-
-#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-                alg " previous FIPS forbidden algorithm error ignored");
-
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-                #alg " Algorithm forbidden in FIPS mode");
-
-#ifdef OPENSSL_FIPS_STRICT
-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
-#else
-#define FIPS_BAD_ALGORITHM(alg) \
-        { \
-        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
-        ERR_add_error_data(2, "Algorithm=", #alg); \
-        return 0; \
-        }
-#endif
-
-/* Low level digest API blocking macro */
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ALGORITHM(alg) \
-                return private_##alg##_Init(c); \
-                } \
-        int private_##alg##_Init(alg##_CTX *c)
-
-/* For ciphers the API often varies from cipher to cipher and each needs to
- * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
- * CAST) however are very similar and can use a blocking macro.
- */
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ABORT(alg) \
-                private_##alg##_set_key(key, len, data); \
-                } \
-        void private_##alg##_set_key(alg##_KEY *key, int len, \
-                                        const unsigned char *data)
-
-#else
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) 
-
-#endif /* def OPENSSL_FIPS */
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID                103
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
-#define CRYPTO_F_DEF_ADD_INDEX                           104
-#define CRYPTO_F_DEF_GET_CLASS                           105
-#define CRYPTO_F_INT_DUP_EX_DATA                         106
-#define CRYPTO_F_INT_FREE_EX_DATA                        107
-#define CRYPTO_F_INT_NEW_EX_DATA                         108
-
-/* Reason codes. */
-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
deleted file mode 100644
index beeeb14013..0000000000
--- a/src/lib/libcrypto/cversion.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/cversion.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-
-#ifndef NO_WINDOWS_BRAINDEATH
-#include "buildinf.h"
-#endif
-
-const char *SSLeay_version(int t)
-        {
-        if (t == SSLEAY_VERSION)
-                return OPENSSL_VERSION_TEXT;
-        if (t == SSLEAY_BUILT_ON)
-                {
-#ifdef DATE
-                static char buf[sizeof(DATE)+11];
-
-                BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
-                return(buf);
-#else
-                return("built on: date not available");
-#endif
-                }
-        if (t == SSLEAY_CFLAGS)
-                {
-#ifdef CFLAGS
-                static char buf[sizeof(CFLAGS)+11];
-
-                BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
-                return(buf);
-#else
-                return("compiler: information not available");
-#endif
-                }
-        if (t == SSLEAY_PLATFORM)
-                {
-#ifdef PLATFORM
-                static char buf[sizeof(PLATFORM)+11];
-
-                BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
-                return(buf);
-#else
-                return("platform: information not available");
-#endif
-                }
-        if (t == SSLEAY_DIR)
-                {
-#ifdef OPENSSLDIR
-                return "OPENSSLDIR: \"" OPENSSLDIR "\"";
-#else
-                return "OPENSSLDIR: N/A";
-#endif
-                }
-        return("not available");
-        }
-
-unsigned long SSLeay(void)
-        {
-        return(SSLEAY_VERSION_NUMBER);
-        }
-
diff --git a/src/lib/libcrypto/des/COPYRIGHT b/src/lib/libcrypto/des/COPYRIGHT
deleted file mode 100644
index 5469e1e469..0000000000
--- a/src/lib/libcrypto/des/COPYRIGHT
+++ /dev/null
@@ -1,50 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with MIT's libdes.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of that the SSL library.  This can be in the form of a textual
-message at program startup or in documentation (online or textual) provided
-with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libcrypto/des/asm/crypt586.pl b/src/lib/libcrypto/des/asm/crypt586.pl
deleted file mode 100644
index 1d04ed6def..0000000000
--- a/src/lib/libcrypto/des/asm/crypt586.pl
+++ /dev/null
@@ -1,208 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-# I've added the stuff needed for crypt() but I've not worried about making
-# things perfect.
-#
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"crypt586.pl");
-
-$L="edi";
-$R="esi";
-
-&external_label("DES_SPtrans");
-&fcrypt_body("fcrypt_body");
-&asm_finish();
-
-sub fcrypt_body
-        {
-        local($name,$do_ip)=@_;
-
-        &function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
-
-        &comment("");
-        &comment("Load the 2 words");
-        $trans="ebp";
-
-        &xor(   $L,     $L);
-        &xor(   $R,     $R);
-
-        # PIC-ification:-)
-        &picmeup("edx","DES_SPtrans");
-        #if ($cpp)      { &picmeup("edx","DES_SPtrans");   }
-        #else           { &lea("edx",&DWP("DES_SPtrans")); }
-        &push("edx");   # becomes &swtmp(1)
-        #
-        &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
-
-        &push(&DWC(25)); # add a variable
-
-        &set_label("start");
-        for ($i=0; $i<16; $i+=2)
-                {
-                &comment("");
-                &comment("Round $i");
-                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-
-                &comment("");
-                &comment("Round ".sprintf("%d",$i+1));
-                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-         &mov("ebx",    &swtmp(0));
-        &mov("eax",     $L);
-         &dec("ebx");
-        &mov($L,        $R);
-         &mov($R,       "eax");
-        &mov(&swtmp(0), "ebx");
-         &jnz(&label("start"));
-
-        &comment("");
-        &comment("FP");
-        &mov("edx",&wparam(0));
-
-        &FP_new($R,$L,"eax",3);
-        &mov(&DWP(0,"edx","",0),"eax");
-        &mov(&DWP(4,"edx","",0),$L);
-
-        &add("esp",8);  # remove variables
-
-        &function_end($name);
-        }
-
-sub D_ENCRYPT
-        {
-        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
-
-        &mov(   $u,             &wparam(2));                    # 2
-        &mov(   $t,             $R);
-        &shr(   $t,             16);                            # 1
-        &mov(   $tmp2,          &wparam(3));                    # 2
-        &xor(   $t,             $R);                            # 1
-
-        &and(   $u,             $t);                            # 2
-        &and(   $t,             $tmp2);                         # 2
-
-        &mov(   $tmp1,          $u);
-        &shl(   $tmp1,          16);                            # 1
-        &mov(   $tmp2,          $t);
-        &shl(   $tmp2,          16);                            # 1
-        &xor(   $u,             $tmp1);                         # 2
-        &xor(   $t,             $tmp2);                         # 2
-        &mov(   $tmp1,          &DWP(&n2a($S*4),$trans,"",0));  # 2
-        &xor(   $u,             $tmp1);
-        &mov(   $tmp2,          &DWP(&n2a(($S+1)*4),$trans,"",0));      # 2
-        &xor(   $u,             $R);
-        &xor(   $t,             $R);
-        &xor(   $t,             $tmp2);
-
-        &and(   $u,             "0xfcfcfcfc"    );              # 2
-        &xor(   $tmp1,          $tmp1);                         # 1
-        &and(   $t,             "0xcfcfcfcf"    );              # 2
-        &xor(   $tmp2,          $tmp2); 
-        &movb(  &LB($tmp1),     &LB($u) );
-        &movb(  &LB($tmp2),     &HB($u) );
-        &rotr(  $t,             4               );
-        &mov(   $trans,         &swtmp(1));
-        &xor(   $L,             &DWP("     ",$trans,$tmp1,0));
-        &movb(  &LB($tmp1),     &LB($t) );
-        &xor(   $L,             &DWP("0x200",$trans,$tmp2,0));
-        &movb(  &LB($tmp2),     &HB($t) );
-        &shr(   $u,             16);
-        &xor(   $L,             &DWP("0x100",$trans,$tmp1,0));
-        &movb(  &LB($tmp1),     &HB($u) );
-        &shr(   $t,             16);
-        &xor(   $L,             &DWP("0x300",$trans,$tmp2,0));
-        &movb(  &LB($tmp2),     &HB($t) );
-        &and(   $u,             "0xff"  );
-        &and(   $t,             "0xff"  );
-        &mov(   $tmp1,          &DWP("0x600",$trans,$tmp1,0));
-        &xor(   $L,             $tmp1);
-        &mov(   $tmp1,          &DWP("0x700",$trans,$tmp2,0));
-        &xor(   $L,             $tmp1);
-        &mov(   $tmp1,          &DWP("0x400",$trans,$u,0));
-        &xor(   $L,             $tmp1);
-        &mov(   $tmp1,          &DWP("0x500",$trans,$t,0));
-        &xor(   $L,             $tmp1);
-        &mov(   $trans,         &wparam(1));
-        }
-
-sub n2a
-        {
-        sprintf("%d",$_[0]);
-        }
-
-# now has a side affect of rotating $a by $shift
-sub R_PERM_OP
-        {
-        local($a,$b,$tt,$shift,$mask,$last)=@_;
-
-        &rotl(  $a,             $shift          ) if ($shift != 0);
-        &mov(   $tt,            $a              );
-        &xor(   $a,             $b              );
-        &and(   $a,             $mask           );
-        if ($notlast eq $b)
-                {
-                &xor(   $b,             $a              );
-                &xor(   $tt,            $a              );
-                }
-        else
-                {
-                &xor(   $tt,            $a              );
-                &xor(   $b,             $a              );
-                }
-        &comment("");
-        }
-
-sub IP_new
-        {
-        local($l,$r,$tt,$lr)=@_;
-
-        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
-        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
-        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
-        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
-        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-        
-        if ($lr != 3)
-                {
-                if (($lr-3) < 0)
-                        { &rotr($tt,    3-$lr); }
-                else    { &rotl($tt,    $lr-3); }
-                }
-        if ($lr != 2)
-                {
-                if (($lr-2) < 0)
-                        { &rotr($r,     2-$lr); }
-                else    { &rotl($r,     $lr-2); }
-                }
-        }
-
-sub FP_new
-        {
-        local($l,$r,$tt,$lr)=@_;
-
-        if ($lr != 2)
-                {
-                if (($lr-2) < 0)
-                        { &rotl($r,     2-$lr); }
-                else    { &rotr($r,     $lr-2); }
-                }
-        if ($lr != 3)
-                {
-                if (($lr-3) < 0)
-                        { &rotl($l,     3-$lr); }
-                else    { &rotr($l,     $lr-3); }
-                }
-
-        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
-        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
-        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
-        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
-        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
-        &rotr($tt       , 4);
-        }
-
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl
deleted file mode 100644
index 60d577cc8d..0000000000
--- a/src/lib/libcrypto/des/asm/des-586.pl
+++ /dev/null
@@ -1,255 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-#
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-require "desboth.pl";
-
-# base code is in microsft
-# op dest, source
-# format.
-#
-
-&asm_init($ARGV[0],"des-586.pl");
-
-$L="edi";
-$R="esi";
-
-&external_label("DES_SPtrans");
-&DES_encrypt("DES_encrypt1",1);
-&DES_encrypt("DES_encrypt2",0);
-
-if (!$main'openbsd)
-        {
-        &DES_encrypt3("DES_encrypt3",1);
-        &DES_encrypt3("DES_decrypt3",0);
-        &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
-        &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
-        }
-
-&asm_finish();
-
-sub DES_encrypt
-        {
-        local($name,$do_ip)=@_;
-
-        &function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
-
-        &push("esi");
-        &push("edi");
-
-        &comment("");
-        &comment("Load the 2 words");
-        $trans="ebp";
-
-        if ($do_ip)
-                {
-                &mov($R,&wparam(0));
-                 &xor(  "ecx",          "ecx"           );
-
-                &push("ebx");
-                &push("ebp");
-
-                &mov("eax",&DWP(0,$R,"",0));
-                 &mov("ebx",&wparam(2));        # get encrypt flag
-                &mov($L,&DWP(4,$R,"",0));
-                &comment("");
-                &comment("IP");
-                &IP_new("eax",$L,$R,3);
-                }
-        else
-                {
-                &mov("eax",&wparam(0));
-                 &xor(  "ecx",          "ecx"           );
-
-                &push("ebx");
-                &push("ebp");
-
-                &mov($R,&DWP(0,"eax","",0));
-                 &mov("ebx",&wparam(2));        # get encrypt flag
-                &rotl($R,3);
-                &mov($L,&DWP(4,"eax","",0));
-                &rotl($L,3);
-                }
-
-        # PIC-ification:-)
-        &picmeup($trans,"DES_SPtrans");
-        #if ($cpp)      { &picmeup($trans,"DES_SPtrans");   }
-        #else           { &lea($trans,&DWP("DES_SPtrans")); }
-
-        &mov(   "ecx",  &wparam(1)      );
-        &cmp("ebx","0");
-        &je(&label("start_decrypt"));
-
-        for ($i=0; $i<16; $i+=2)
-                {
-                &comment("");
-                &comment("Round $i");
-                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-
-                &comment("");
-                &comment("Round ".sprintf("%d",$i+1));
-                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-        &jmp(&label("end"));
-
-        &set_label("start_decrypt");
-
-        for ($i=15; $i>0; $i-=2)
-                {
-                &comment("");
-                &comment("Round $i");
-                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-                &comment("");
-                &comment("Round ".sprintf("%d",$i-1));
-                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-
-        &set_label("end");
-
-        if ($do_ip)
-                {
-                &comment("");
-                &comment("FP");
-                &mov("edx",&wparam(0));
-                &FP_new($L,$R,"eax",3);
-
-                &mov(&DWP(0,"edx","",0),"eax");
-                &mov(&DWP(4,"edx","",0),$R);
-                }
-        else
-                {
-                &comment("");
-                &comment("Fixup");
-                &rotr($L,3);            # r
-                 &mov("eax",&wparam(0));
-                &rotr($R,3);            # l
-                 &mov(&DWP(0,"eax","",0),$L);
-                 &mov(&DWP(4,"eax","",0),$R);
-                }
-
-        &pop("ebp");
-        &pop("ebx");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-
-        &function_end_B($name);
-        }
-
-sub D_ENCRYPT
-        {
-        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
-
-         &mov(  $u,             &DWP(&n2a($S*4),$tmp2,"",0));
-        &xor(   $tmp1,          $tmp1);
-         &mov(  $t,             &DWP(&n2a(($S+1)*4),$tmp2,"",0));
-        &xor(   $u,             $R);
-        &xor(   $tmp2,          $tmp2);
-         &xor(  $t,             $R);
-        &and(   $u,             "0xfcfcfcfc"    );
-         &and(  $t,             "0xcfcfcfcf"    );
-        &movb(  &LB($tmp1),     &LB($u) );
-         &movb( &LB($tmp2),     &HB($u) );
-        &rotr(  $t,             4               );
-        &xor(   $L,             &DWP("     ",$trans,$tmp1,0));
-         &movb( &LB($tmp1),     &LB($t) );
-         &xor(  $L,             &DWP("0x200",$trans,$tmp2,0));
-         &movb( &LB($tmp2),     &HB($t) );
-        &shr(   $u,             16);
-         &xor(  $L,             &DWP("0x100",$trans,$tmp1,0));
-         &movb( &LB($tmp1),     &HB($u) );
-        &shr(   $t,             16);
-         &xor(  $L,             &DWP("0x300",$trans,$tmp2,0));
-        &movb(  &LB($tmp2),     &HB($t) );
-         &and(  $u,             "0xff"  );
-        &and(   $t,             "0xff"  );
-         &xor(  $L,             &DWP("0x600",$trans,$tmp1,0));
-         &xor(  $L,             &DWP("0x700",$trans,$tmp2,0));
-        &mov(   $tmp2,          &wparam(1)      );
-         &xor(  $L,             &DWP("0x400",$trans,$u,0));
-         &xor(  $L,             &DWP("0x500",$trans,$t,0));
-        }
-
-sub n2a
-        {
-        sprintf("%d",$_[0]);
-        }
-
-# now has a side affect of rotating $a by $shift
-sub R_PERM_OP
-        {
-        local($a,$b,$tt,$shift,$mask,$last)=@_;
-
-        &rotl(  $a,             $shift          ) if ($shift != 0);
-        &mov(   $tt,            $a              );
-        &xor(   $a,             $b              );
-        &and(   $a,             $mask           );
-        # This can never succeed, and besides it is difficult to see what the
-        # idea was - Ben 13 Feb 99
-        if (!$last eq $b)
-                {
-                &xor(   $b,             $a              );
-                &xor(   $tt,            $a              );
-                }
-        else
-                {
-                &xor(   $tt,            $a              );
-                &xor(   $b,             $a              );
-                }
-        &comment("");
-        }
-
-sub IP_new
-        {
-        local($l,$r,$tt,$lr)=@_;
-
-        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
-        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
-        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
-        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
-        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-        
-        if ($lr != 3)
-                {
-                if (($lr-3) < 0)
-                        { &rotr($tt,    3-$lr); }
-                else    { &rotl($tt,    $lr-3); }
-                }
-        if ($lr != 2)
-                {
-                if (($lr-2) < 0)
-                        { &rotr($r,     2-$lr); }
-                else    { &rotl($r,     $lr-2); }
-                }
-        }
-
-sub FP_new
-        {
-        local($l,$r,$tt,$lr)=@_;
-
-        if ($lr != 2)
-                {
-                if (($lr-2) < 0)
-                        { &rotl($r,     2-$lr); }
-                else    { &rotr($r,     $lr-2); }
-                }
-        if ($lr != 3)
-                {
-                if (($lr-3) < 0)
-                        { &rotl($l,     3-$lr); }
-                else    { &rotr($l,     $lr-3); }
-                }
-
-        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
-        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
-        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
-        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
-        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
-        &rotr($tt       , 4);
-        }
-
diff --git a/src/lib/libcrypto/des/asm/desboth.pl b/src/lib/libcrypto/des/asm/desboth.pl
deleted file mode 100644
index eec00886e4..0000000000
--- a/src/lib/libcrypto/des/asm/desboth.pl
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/local/bin/perl
-
-$L="edi";
-$R="esi";
-
-sub DES_encrypt3
-        {
-        local($name,$enc)=@_;
-
-        &function_begin_B($name,"");
-        &push("ebx");
-        &mov("ebx",&wparam(0));
-
-        &push("ebp");
-        &push("esi");
-
-        &push("edi");
-
-        &comment("");
-        &comment("Load the data words");
-        &mov($L,&DWP(0,"ebx","",0));
-        &mov($R,&DWP(4,"ebx","",0));
-        &stack_push(3);
-
-        &comment("");
-        &comment("IP");
-        &IP_new($L,$R,"edx",0);
-
-        # put them back
-        
-        if ($enc)
-                {
-                &mov(&DWP(4,"ebx","",0),$R);
-                 &mov("eax",&wparam(1));
-                &mov(&DWP(0,"ebx","",0),"edx");
-                 &mov("edi",&wparam(2));
-                 &mov("esi",&wparam(3));
-                }
-        else
-                {
-                &mov(&DWP(4,"ebx","",0),$R);
-                 &mov("esi",&wparam(1));
-                &mov(&DWP(0,"ebx","",0),"edx");
-                 &mov("edi",&wparam(2));
-                 &mov("eax",&wparam(3));
-                }
-        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
-        &mov(&swtmp(1), "eax");
-        &mov(&swtmp(0), "ebx");
-        &call("DES_encrypt2");
-        &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
-        &mov(&swtmp(1), "edi");
-        &mov(&swtmp(0), "ebx");
-        &call("DES_encrypt2");
-        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
-        &mov(&swtmp(1), "esi");
-        &mov(&swtmp(0), "ebx");
-        &call("DES_encrypt2");
-
-        &stack_pop(3);
-        &mov($L,&DWP(0,"ebx","",0));
-        &mov($R,&DWP(4,"ebx","",0));
-
-        &comment("");
-        &comment("FP");
-        &FP_new($L,$R,"eax",0);
-
-        &mov(&DWP(0,"ebx","",0),"eax");
-        &mov(&DWP(4,"ebx","",0),$R);
-
-        &pop("edi");
-        &pop("esi");
-        &pop("ebp");
-        &pop("ebx");
-        &ret();
-        &function_end_B($name);
-        }
-
-
diff --git a/src/lib/libcrypto/des/cbc_cksm.c b/src/lib/libcrypto/des/cbc_cksm.c
deleted file mode 100644
index 09a7ba56aa..0000000000
--- a/src/lib/libcrypto/des/cbc_cksm.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/des/cbc_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
-                       long length, DES_key_schedule *schedule,
-                       const_DES_cblock *ivec)
-        {
-        register DES_LONG tout0,tout1,tin0,tin1;
-        register long l=length;
-        DES_LONG tin[2];
-        unsigned char *out = &(*output)[0];
-        const unsigned char *iv = &(*ivec)[0];
-
-        c2l(iv,tout0);
-        c2l(iv,tout1);
-        for (; l>0; l-=8)
-                {
-                if (l >= 8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        }
-                else
-                        c2ln(in,tin0,tin1,l);
-                        
-                tin0^=tout0; tin[0]=tin0;
-                tin1^=tout1; tin[1]=tin1;
-                DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-                /* fix 15/10/91 eay - thanks to keithr@sco.COM */
-                tout0=tin[0];
-                tout1=tin[1];
-                }
-        if (out != NULL)
-                {
-                l2c(tout0,out);
-                l2c(tout1,out);
-                }
-        tout0=tin0=tin1=tin[0]=tin[1]=0;
-        /*
-          Transform the data in tout1 so that it will
-          match the return value that the MIT Kerberos
-          mit_des_cbc_cksum API returns.
-        */
-        tout1 = ((tout1 >> 24L) & 0x000000FF)
-              | ((tout1 >> 8L)  & 0x0000FF00)
-              | ((tout1 << 8L)  & 0x00FF0000)
-              | ((tout1 << 24L) & 0xFF000000);
-        return(tout1);
-        }
diff --git a/src/lib/libcrypto/des/cbc_enc.c b/src/lib/libcrypto/des/cbc_enc.c
deleted file mode 100644
index 677903ae4e..0000000000
--- a/src/lib/libcrypto/des/cbc_enc.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define CBC_ENC_C__DONT_UPDATE_IV
-
-#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c
deleted file mode 100644
index f3c6018528..0000000000
--- a/src/lib/libcrypto/des/cfb64ede.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* crypto/des/cfb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "e_os.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                            long length, DES_key_schedule *ks1,
-                            DES_key_schedule *ks2, DES_key_schedule *ks3,
-                            DES_cblock *ivec, int *num, int enc)
-        {
-        register DES_LONG v0,v1;
-        register long l=length;
-        register int n= *num;
-        DES_LONG ti[2];
-        unsigned char *iv,c,cc;
-
-        iv=&(*ivec)[0];
-        if (enc)
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-
-                                ti[0]=v0;
-                                ti[1]=v1;
-                                DES_encrypt3(ti,ks1,ks2,ks3);
-                                v0=ti[0];
-                                v1=ti[1];
-
-                                iv = &(*ivec)[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                iv = &(*ivec)[0];
-                                }
-                        c= *(in++)^iv[n];
-                        *(out++)=c;
-                        iv[n]=c;
-                        n=(n+1)&0x07;
-                        }
-                }
-        else
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-
-                                ti[0]=v0;
-                                ti[1]=v1;
-                                DES_encrypt3(ti,ks1,ks2,ks3);
-                                v0=ti[0];
-                                v1=ti[1];
-
-                                iv = &(*ivec)[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                iv = &(*ivec)[0];
-                                }
-                        cc= *(in++);
-                        c=iv[n];
-                        iv[n]=cc;
-                        *(out++)=c^cc;
-                        n=(n+1)&0x07;
-                        }
-                }
-        v0=v1=ti[0]=ti[1]=c=cc=0;
-        *num=n;
-        }
-
-#ifdef undef /* MACRO */
-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-             DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
-             int *num, int enc)
-        {
-        DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
-        }
-#endif
-
-/* This is compatible with the single key CFB-r for DES, even thought that's
- * not what EVP needs.
- */
-
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-                          int numbits,long length,DES_key_schedule *ks1,
-                          DES_key_schedule *ks2,DES_key_schedule *ks3,
-                          DES_cblock *ivec,int enc)
-        {
-        register DES_LONG d0,d1,v0,v1;
-        register long l=length;
-        register int num=numbits,n=(numbits+7)/8,i;
-        DES_LONG ti[2];
-        unsigned char *iv;
-        unsigned char ovec[16];
-
-        if (num > 64) return;
-        iv = &(*ivec)[0];
-        c2l(iv,v0);
-        c2l(iv,v1);
-        if (enc)
-                {
-                while (l >= n)
-                        {
-                        l-=n;
-                        ti[0]=v0;
-                        ti[1]=v1;
-                        DES_encrypt3(ti,ks1,ks2,ks3);
-                        c2ln(in,d0,d1,n);
-                        in+=n;
-                        d0^=ti[0];
-                        d1^=ti[1];
-                        l2cn(d0,d1,out,n);
-                        out+=n;
-                        /* 30-08-94 - eay - changed because l>>32 and
-                         * l<<32 are bad under gcc :-( */
-                        if (num == 32)
-                                { v0=v1; v1=d0; }
-                        else if (num == 64)
-                                { v0=d0; v1=d1; }
-                        else
-                                {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(i=0 ; i < 8 ; ++i)
-                                                {
-                                                ovec[i]<<=num%8;
-                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-                                }
-                        }
-                }
-        else
-                {
-                while (l >= n)
-                        {
-                        l-=n;
-                        ti[0]=v0;
-                        ti[1]=v1;
-                        DES_encrypt3(ti,ks1,ks2,ks3);
-                        c2ln(in,d0,d1,n);
-                        in+=n;
-                        /* 30-08-94 - eay - changed because l>>32 and
-                         * l<<32 are bad under gcc :-( */
-                        if (num == 32)
-                                { v0=v1; v1=d0; }
-                        else if (num == 64)
-                                { v0=d0; v1=d1; }
-                        else
-                                {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(i=0 ; i < 8 ; ++i)
-                                                {
-                                                ovec[i]<<=num%8;
-                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-                                }
-                        d0^=ti[0];
-                        d1^=ti[1];
-                        l2cn(d0,d1,out,n);
-                        out+=n;
-                        }
-                }
-        iv = &(*ivec)[0];
-        l2c(v0,iv);
-        l2c(v1,iv);
-        v0=v1=d0=d1=ti[0]=ti[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/des/cfb64enc.c b/src/lib/libcrypto/des/cfb64enc.c
deleted file mode 100644
index 5ec8683e40..0000000000
--- a/src/lib/libcrypto/des/cfb64enc.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/des/cfb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, DES_key_schedule *schedule,
-                       DES_cblock *ivec, int *num, int enc)
-        {
-        register DES_LONG v0,v1;
-        register long l=length;
-        register int n= *num;
-        DES_LONG ti[2];
-        unsigned char *iv,c,cc;
-
-        iv = &(*ivec)[0];
-        if (enc)
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0); ti[0]=v0;
-                                c2l(iv,v1); ti[1]=v1;
-                                DES_encrypt1(ti,schedule,DES_ENCRYPT);
-                                iv = &(*ivec)[0];
-                                v0=ti[0]; l2c(v0,iv);
-                                v0=ti[1]; l2c(v0,iv);
-                                iv = &(*ivec)[0];
-                                }
-                        c= *(in++)^iv[n];
-                        *(out++)=c;
-                        iv[n]=c;
-                        n=(n+1)&0x07;
-                        }
-                }
-        else
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0); ti[0]=v0;
-                                c2l(iv,v1); ti[1]=v1;
-                                DES_encrypt1(ti,schedule,DES_ENCRYPT);
-                                iv = &(*ivec)[0];
-                                v0=ti[0]; l2c(v0,iv);
-                                v0=ti[1]; l2c(v0,iv);
-                                iv = &(*ivec)[0];
-                                }
-                        cc= *(in++);
-                        c=iv[n];
-                        iv[n]=cc;
-                        *(out++)=c^cc;
-                        n=(n+1)&0x07;
-                        }
-                }
-        v0=v1=ti[0]=ti[1]=c=cc=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
deleted file mode 100644
index 03cabb223c..0000000000
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* crypto/des/cfb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "e_os.h"
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
- * will not be compatible with any encryption prior to that date. Ben. */
-void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
-                     int enc)
-        {
-        register DES_LONG d0,d1,v0,v1;
-        register unsigned long l=length,n=(numbits+7)/8;
-        register int num=numbits,i;
-        DES_LONG ti[2];
-        unsigned char *iv;
-        unsigned char ovec[16];
-
-        if (num > 64) return;
-        iv = &(*ivec)[0];
-        c2l(iv,v0);
-        c2l(iv,v1);
-        if (enc)
-                {
-                while (l >= n)
-                        {
-                        l-=n;
-                        ti[0]=v0;
-                        ti[1]=v1;
-                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-                        c2ln(in,d0,d1,n);
-                        in+=n;
-                        d0^=ti[0];
-                        d1^=ti[1];
-                        l2cn(d0,d1,out,n);
-                        out+=n;
-                        /* 30-08-94 - eay - changed because l>>32 and
-                         * l<<32 are bad under gcc :-( */
-                        if (num == 32)
-                                { v0=v1; v1=d0; }
-                        else if (num == 64)
-                                { v0=d0; v1=d1; }
-                        else
-                                {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(i=0 ; i < 8 ; ++i)
-                                                {
-                                                ovec[i]<<=num%8;
-                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-                                }
-                        }
-                }
-        else
-                {
-                while (l >= n)
-                        {
-                        l-=n;
-                        ti[0]=v0;
-                        ti[1]=v1;
-                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-                        c2ln(in,d0,d1,n);
-                        in+=n;
-                        /* 30-08-94 - eay - changed because l>>32 and
-                         * l<<32 are bad under gcc :-( */
-                        if (num == 32)
-                                { v0=v1; v1=d0; }
-                        else if (num == 64)
-                                { v0=d0; v1=d1; }
-                        else
-                                {
-                                iv=&ovec[0];
-                                l2c(v0,iv);
-                                l2c(v1,iv);
-                                l2c(d0,iv);
-                                l2c(d1,iv);
-                                /* shift ovec left most of the bits... */
-                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-                                /* now the remaining bits */
-                                if(num%8 != 0)
-                                        for(i=0 ; i < 8 ; ++i)
-                                                {
-                                                ovec[i]<<=num%8;
-                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                                }
-                                iv=&ovec[0];
-                                c2l(iv,v0);
-                                c2l(iv,v1);
-                                }
-                        d0^=ti[0];
-                        d1^=ti[1];
-                        l2cn(d0,d1,out,n);
-                        out+=n;
-                        }
-                }
-        iv = &(*ivec)[0];
-        l2c(v0,iv);
-        l2c(v1,iv);
-        v0=v1=d0=d1=ti[0]=ti[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
deleted file mode 100644
index 81bd874edd..0000000000
--- a/src/lib/libcrypto/des/des.h
+++ /dev/null
@@ -1,246 +0,0 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#include <openssl/opensslconf.h> /* DES_LONG */
-#include <openssl/e_os2.h>      /* OPENSSL_EXTERN */
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define des_SPtrans DES_SPtrans
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef unsigned char DES_cblock[8];
-typedef /* const */ unsigned char const_DES_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
- * and const_DES_cblock * are incompatible pointer types. */
-
-typedef struct DES_ks
-    {
-    union
-        {
-        DES_cblock cblock;
-        /* make sure things are correct size on machines with
-         * 8 byte longs */
-        DES_LONG deslong[2];
-        } ks[16];
-    } DES_key_schedule;
-
-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
-# endif
-#endif
-
-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# include <openssl/des_old.h>
-#endif
-
-#define DES_KEY_SZ      (sizeof(DES_cblock))
-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
-
-#define DES_ENCRYPT     1
-#define DES_DECRYPT     0
-
-#define DES_CBC_MODE    0
-#define DES_PCBC_MODE   1
-
-#define DES_ecb2_encrypt(i,o,k1,k2,e) \
-        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-OPENSSL_DECLARE_GLOBAL(int,DES_check_key);      /* defaults to false */
-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);        /* defaults to DES_PCBC_MODE */
-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
-
-const char *DES_options(void);
-void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output,
-                      DES_key_schedule *ks1,DES_key_schedule *ks2,
-                      DES_key_schedule *ks3, int enc);
-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
-                       long length,DES_key_schedule *schedule,
-                       const_DES_cblock *ivec);
-/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
-                     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-                     int enc);
-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
-                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-                      int enc);
-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
-                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-                      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-                     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-                     int enc);
-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
-                     DES_key_schedule *ks,int enc);
-
-/*      This is the DES encryption function that gets called by just about
-        every other DES routine in the library.  You should not use this
-        function except to implement 'modes' of DES.  I say this because the
-        functions that call this routine do the conversion from 'char *' to
-        long, and this needs to be done to make sure 'non-aligned' memory
-        access do not occur.  The characters are loaded 'little endian'.
-        Data is a pointer to 2 unsigned long's and ks is the
-        DES_key_schedule to use.  enc, is non zero specifies encryption,
-        zero if decryption. */
-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-/*      This functions is the same as DES_encrypt1() except that the DES
-        initial permutation (IP) and final permutation (FP) have been left
-        out.  As for DES_encrypt1(), you should not use this function.
-        It is used by the routines in the library that implement triple DES.
-        IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
-        as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
-                          long length,
-                          DES_key_schedule *ks1,DES_key_schedule *ks2,
-                          DES_key_schedule *ks3,DES_cblock *ivec,int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
-                           long length,
-                           DES_key_schedule *ks1,DES_key_schedule *ks2,
-                           DES_key_schedule *ks3,
-                           DES_cblock *ivec1,DES_cblock *ivec2,
-                           int enc);
-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
-                            long length,DES_key_schedule *ks1,
-                            DES_key_schedule *ks2,DES_key_schedule *ks3,
-                            DES_cblock *ivec,int *num,int enc);
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-                          int numbits,long length,DES_key_schedule *ks1,
-                          DES_key_schedule *ks2,DES_key_schedule *ks3,
-                          DES_cblock *ivec,int enc);
-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
-                            long length,DES_key_schedule *ks1,
-                            DES_key_schedule *ks2,DES_key_schedule *ks3,
-                            DES_cblock *ivec,int *num);
-
-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
-                       DES_cblock *out_white);
-
-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
-                 DES_cblock *iv);
-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
-                  DES_cblock *iv);
-char *DES_fcrypt(const char *buf,const char *salt, char *ret);
-char *DES_crypt(const char *buf,const char *salt);
-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-                     long length,DES_key_schedule *schedule,DES_cblock *ivec);
-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
-                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-                      int enc);
-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
-                        long length,int out_count,DES_cblock *seed);
-int DES_random_key(DES_cblock *ret);
-void DES_set_odd_parity(DES_cblock *key);
-int DES_check_key_parity(const_DES_cblock *key);
-int DES_is_weak_key(const_DES_cblock *key);
-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise. */
-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_string_to_key(const char *str,DES_cblock *key);
-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-                       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
-                       int enc);
-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-                       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
-        int verify);
-
-#define DES_fixup_key_parity DES_set_odd_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
deleted file mode 100644
index 6a49ec4a55..0000000000
--- a/src/lib/libcrypto/des/des_enc.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-#ifndef OPENSSL_FIPS
-#ifndef OPENBSD_DES_ASM
-
-void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
-        {
-        register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-        register int i;
-#endif
-        register DES_LONG *s;
-
-        r=data[0];
-        l=data[1];
-
-        IP(r,l);
-        /* Things have been modified so that the initial rotate is
-         * done outside the loop.  This required the
-         * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-         * One perl script later and things have a 5% speed up on a sparc2.
-         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-         * for pointing this out. */
-        /* clear the top bits on machines with 8byte longs */
-        /* shift left by 2 */
-        r=ROTATE(r,29)&0xffffffffL;
-        l=ROTATE(l,29)&0xffffffffL;
-
-        s=ks->ks->deslong;
-        /* I don't know if it is worth the effort of loop unrolling the
-         * inner loop */
-        if (enc)
-                {
-#ifdef DES_UNROLL
-                D_ENCRYPT(l,r, 0); /*  1 */
-                D_ENCRYPT(r,l, 2); /*  2 */
-                D_ENCRYPT(l,r, 4); /*  3 */
-                D_ENCRYPT(r,l, 6); /*  4 */
-                D_ENCRYPT(l,r, 8); /*  5 */
-                D_ENCRYPT(r,l,10); /*  6 */
-                D_ENCRYPT(l,r,12); /*  7 */
-                D_ENCRYPT(r,l,14); /*  8 */
-                D_ENCRYPT(l,r,16); /*  9 */
-                D_ENCRYPT(r,l,18); /*  10 */
-                D_ENCRYPT(l,r,20); /*  11 */
-                D_ENCRYPT(r,l,22); /*  12 */
-                D_ENCRYPT(l,r,24); /*  13 */
-                D_ENCRYPT(r,l,26); /*  14 */
-                D_ENCRYPT(l,r,28); /*  15 */
-                D_ENCRYPT(r,l,30); /*  16 */
-#else
-                for (i=0; i<32; i+=8)
-                        {
-                        D_ENCRYPT(l,r,i+0); /*  1 */
-                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
-                        }
-#endif
-                }
-        else
-                {
-#ifdef DES_UNROLL
-                D_ENCRYPT(l,r,30); /* 16 */
-                D_ENCRYPT(r,l,28); /* 15 */
-                D_ENCRYPT(l,r,26); /* 14 */
-                D_ENCRYPT(r,l,24); /* 13 */
-                D_ENCRYPT(l,r,22); /* 12 */
-                D_ENCRYPT(r,l,20); /* 11 */
-                D_ENCRYPT(l,r,18); /* 10 */
-                D_ENCRYPT(r,l,16); /*  9 */
-                D_ENCRYPT(l,r,14); /*  8 */
-                D_ENCRYPT(r,l,12); /*  7 */
-                D_ENCRYPT(l,r,10); /*  6 */
-                D_ENCRYPT(r,l, 8); /*  5 */
-                D_ENCRYPT(l,r, 6); /*  4 */
-                D_ENCRYPT(r,l, 4); /*  3 */
-                D_ENCRYPT(l,r, 2); /*  2 */
-                D_ENCRYPT(r,l, 0); /*  1 */
-#else
-                for (i=30; i>0; i-=8)
-                        {
-                        D_ENCRYPT(l,r,i-0); /* 16 */
-                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
-                        }
-#endif
-                }
-
-        /* rotate and clear the top bits on machines with 8byte longs */
-        l=ROTATE(l,3)&0xffffffffL;
-        r=ROTATE(r,3)&0xffffffffL;
-
-        FP(r,l);
-        data[0]=l;
-        data[1]=r;
-        l=r=t=u=0;
-        }
-
-void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
-        {
-        register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-        register int i;
-#endif
-        register DES_LONG *s;
-
-        r=data[0];
-        l=data[1];
-
-        /* Things have been modified so that the initial rotate is
-         * done outside the loop.  This required the
-         * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-         * One perl script later and things have a 5% speed up on a sparc2.
-         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-         * for pointing this out. */
-        /* clear the top bits on machines with 8byte longs */
-        r=ROTATE(r,29)&0xffffffffL;
-        l=ROTATE(l,29)&0xffffffffL;
-
-        s=ks->ks->deslong;
-        /* I don't know if it is worth the effort of loop unrolling the
-         * inner loop */
-        if (enc)
-                {
-#ifdef DES_UNROLL
-                D_ENCRYPT(l,r, 0); /*  1 */
-                D_ENCRYPT(r,l, 2); /*  2 */
-                D_ENCRYPT(l,r, 4); /*  3 */
-                D_ENCRYPT(r,l, 6); /*  4 */
-                D_ENCRYPT(l,r, 8); /*  5 */
-                D_ENCRYPT(r,l,10); /*  6 */
-                D_ENCRYPT(l,r,12); /*  7 */
-                D_ENCRYPT(r,l,14); /*  8 */
-                D_ENCRYPT(l,r,16); /*  9 */
-                D_ENCRYPT(r,l,18); /*  10 */
-                D_ENCRYPT(l,r,20); /*  11 */
-                D_ENCRYPT(r,l,22); /*  12 */
-                D_ENCRYPT(l,r,24); /*  13 */
-                D_ENCRYPT(r,l,26); /*  14 */
-                D_ENCRYPT(l,r,28); /*  15 */
-                D_ENCRYPT(r,l,30); /*  16 */
-#else
-                for (i=0; i<32; i+=8)
-                        {
-                        D_ENCRYPT(l,r,i+0); /*  1 */
-                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
-                        }
-#endif
-                }
-        else
-                {
-#ifdef DES_UNROLL
-                D_ENCRYPT(l,r,30); /* 16 */
-                D_ENCRYPT(r,l,28); /* 15 */
-                D_ENCRYPT(l,r,26); /* 14 */
-                D_ENCRYPT(r,l,24); /* 13 */
-                D_ENCRYPT(l,r,22); /* 12 */
-                D_ENCRYPT(r,l,20); /* 11 */
-                D_ENCRYPT(l,r,18); /* 10 */
-                D_ENCRYPT(r,l,16); /*  9 */
-                D_ENCRYPT(l,r,14); /*  8 */
-                D_ENCRYPT(r,l,12); /*  7 */
-                D_ENCRYPT(l,r,10); /*  6 */
-                D_ENCRYPT(r,l, 8); /*  5 */
-                D_ENCRYPT(l,r, 6); /*  4 */
-                D_ENCRYPT(r,l, 4); /*  3 */
-                D_ENCRYPT(l,r, 2); /*  2 */
-                D_ENCRYPT(r,l, 0); /*  1 */
-#else
-                for (i=30; i>0; i-=8)
-                        {
-                        D_ENCRYPT(l,r,i-0); /* 16 */
-                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
-                        }
-#endif
-                }
-        /* rotate and clear the top bits on machines with 8byte longs */
-        data[0]=ROTATE(l,3)&0xffffffffL;
-        data[1]=ROTATE(r,3)&0xffffffffL;
-        l=r=t=u=0;
-        }
-#endif
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3)
-        {
-        register DES_LONG l,r;
-
-        l=data[0];
-        r=data[1];
-        IP(l,r);
-        data[0]=l;
-        data[1]=r;
-        DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-        DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-        DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
-        l=data[0];
-        r=data[1];
-        FP(r,l);
-        data[0]=l;
-        data[1]=r;
-        }
-
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-                  DES_key_schedule *ks2, DES_key_schedule *ks3)
-        {
-        register DES_LONG l,r;
-
-        l=data[0];
-        r=data[1];
-        IP(l,r);
-        data[0]=l;
-        data[1]=r;
-        DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-        DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-        DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
-        l=data[0];
-        r=data[1];
-        FP(r,l);
-        data[0]=l;
-        data[1]=r;
-        }
-
-#endif /* ndef OPENSSL_FIPS */
-
-#ifndef DES_DEFAULT_OPTIONS
-
-#if !defined(OPENSSL_FIPS_DES_ASM)
-
-#undef CBC_ENC_C__DONT_UPDATE_IV
-#include "ncbc_enc.c" /* DES_ncbc_encrypt */
-
-void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-                          long length, DES_key_schedule *ks1,
-                          DES_key_schedule *ks2, DES_key_schedule *ks3,
-                          DES_cblock *ivec, int enc)
-        {
-        register DES_LONG tin0,tin1;
-        register DES_LONG tout0,tout1,xor0,xor1;
-        register const unsigned char *in;
-        unsigned char *out;
-        register long l=length;
-        DES_LONG tin[2];
-        unsigned char *iv;
-
-        in=input;
-        out=output;
-        iv = &(*ivec)[0];
-
-        if (enc)
-                {
-                c2l(iv,tout0);
-                c2l(iv,tout1);
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        tin0^=tout0;
-                        tin1^=tout1;
-
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-                        tout0=tin[0];
-                        tout1=tin[1];
-
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        c2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0;
-                        tin1^=tout1;
-
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-                        tout0=tin[0];
-                        tout1=tin[1];
-
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        }
-                iv = &(*ivec)[0];
-                l2c(tout0,iv);
-                l2c(tout1,iv);
-                }
-        else
-                {
-                register DES_LONG t0,t1;
-
-                c2l(iv,xor0);
-                c2l(iv,xor1);
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-
-                        t0=tin0;
-                        t1=tin1;
-
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-                        tout0=tin[0];
-                        tout1=tin[1];
-
-                        tout0^=xor0;
-                        tout1^=xor1;
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        xor0=t0;
-                        xor1=t1;
-                        }
-                if (l != -8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        
-                        t0=tin0;
-                        t1=tin1;
-
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                
-                        tout0^=xor0;
-                        tout1^=xor1;
-                        l2cn(tout0,tout1,out,l+8);
-                        xor0=t0;
-                        xor1=t1;
-                        }
-
-                iv = &(*ivec)[0];
-                l2c(xor0,iv);
-                l2c(xor1,iv);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
-
-#endif /* !defined(OPENSSL_FIPS_DES_ASM) */
-
-#endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
deleted file mode 100644
index 8f04b18c50..0000000000
--- a/src/lib/libcrypto/des/des_locl.h
+++ /dev/null
@@ -1,428 +0,0 @@
-/* crypto/des/des_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-#include <math.h>
-#endif
-#endif
-#include <openssl/des.h>
-
-#ifdef OPENSSL_SYS_MSDOS                /* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#endif
-
-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
-#include <string.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE        (1024*16)
-#define BSIZE           (MAXWRITE+4)
-
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
-                        case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
-                        case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-                        case 5: l2|=((DES_LONG)(*(--(c))));     \
-                        case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
-                        case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
-                        case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-                        case 1: l1|=((DES_LONG)(*(--(c))));     \
-                                } \
-                        }
-
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++))))
-
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-                                } \
-                        }
-
-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
-#define ROTATE(a,n)     (_lrotr(a,n))
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#  define ROTATE(a,n)   ({ register unsigned int ret;   \
-                                asm ("rorl %1,%0"       \
-                                        : "=r"(ret)     \
-                                        : "I"(n),"0"(a) \
-                                        : "cc");        \
-                           ret;                         \
-                        })
-# endif
-#endif
-#ifndef ROTATE
-#define ROTATE(a,n)     (((a)>>(n))+((a)<<(32-(n))))
-#endif
-
-/* Don't worry about the LOAD_DATA() stuff, that is used by
- * fcrypt() to add it's little bit to the front */
-
-#ifdef DES_FCRYPT
-
-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
-        { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-        t=R^(R>>16L); \
-        u=t&E0; t&=E1; \
-        tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
-        tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-#else
-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-        u=R^s[S  ]; \
-        t=R^s[S+1]
-#endif
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the architecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- * It does not seem to work on the Alpha, even when DES_LONG is 4
- * bytes, probably an issue of accessing non-word aligned objects :-( */
-#ifdef DES_PTR
-
-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
- * is no reason to not xor all the sub items together.  This potentially
- * saves a register since things can be xored directly into L */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) { \
-        unsigned int u1,u2,u3; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0xfc; \
-        u2&=0xfc; \
-        t=ROTATE(t,4); \
-        u>>=16L; \
-        LL^= *(const DES_LONG *)(des_SP      +u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-        u3=(int)(u>>8L); \
-        u1=(int)u&0xfc; \
-        u3&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
-        u2=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u2&=0xfc; \
-        t>>=16L; \
-        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-        u3=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u3&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) { \
-        unsigned int u1,u2,s1,s2; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0xfc; \
-        u2&=0xfc; \
-        t=ROTATE(t,4); \
-        LL^= *(const DES_LONG *)(des_SP      +u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-        s1=(int)(u>>16L); \
-        s2=(int)(u>>24L); \
-        s1&=0xfc; \
-        s2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
-        LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
-        u2=(int)t>>8L; \
-        u1=(int)t&0xfc; \
-        u2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-        s1=(int)(t>>16L); \
-        s2=(int)(t>>24L); \
-        s1&=0xfc; \
-        s2&=0xfc; \
-        LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
-        LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
-#endif
-#else
-#define D_ENCRYPT(LL,R,S) { \
-        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-        t=ROTATE(t,4); \
-        LL^= \
-        *(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
-        *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
-#endif
-
-#else /* original version */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) {\
-        unsigned int u1,u2,u3; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u>>=2L; \
-        t=ROTATE(t,6); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u2&=0x3f; \
-        u>>=16L; \
-        LL^=DES_SPtrans[0][u1]; \
-        LL^=DES_SPtrans[2][u2]; \
-        u3=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u3&=0x3f; \
-        LL^=DES_SPtrans[4][u1]; \
-        LL^=DES_SPtrans[6][u3]; \
-        u2=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u2&=0x3f; \
-        t>>=16L; \
-        LL^=DES_SPtrans[1][u1]; \
-        LL^=DES_SPtrans[3][u2]; \
-        u3=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u3&=0x3f; \
-        LL^=DES_SPtrans[5][u1]; \
-        LL^=DES_SPtrans[7][u3]; }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) {\
-        unsigned int u1,u2,s1,s2; \
-        LOAD_DATA(R,S,u,t,E0,E1,u1); \
-        u>>=2L; \
-        t=ROTATE(t,6); \
-        u2=(int)u>>8L; \
-        u1=(int)u&0x3f; \
-        u2&=0x3f; \
-        LL^=DES_SPtrans[0][u1]; \
-        LL^=DES_SPtrans[2][u2]; \
-        s1=(int)u>>16L; \
-        s2=(int)u>>24L; \
-        s1&=0x3f; \
-        s2&=0x3f; \
-        LL^=DES_SPtrans[4][s1]; \
-        LL^=DES_SPtrans[6][s2]; \
-        u2=(int)t>>8L; \
-        u1=(int)t&0x3f; \
-        u2&=0x3f; \
-        LL^=DES_SPtrans[1][u1]; \
-        LL^=DES_SPtrans[3][u2]; \
-        s1=(int)t>>16; \
-        s2=(int)t>>24L; \
-        s1&=0x3f; \
-        s2&=0x3f; \
-        LL^=DES_SPtrans[5][s1]; \
-        LL^=DES_SPtrans[7][s2]; }
-#endif
-
-#else
-
-#define D_ENCRYPT(LL,R,S) {\
-        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-        t=ROTATE(t,4); \
-        LL^=\
-                DES_SPtrans[0][(u>> 2L)&0x3f]^ \
-                DES_SPtrans[2][(u>>10L)&0x3f]^ \
-                DES_SPtrans[4][(u>>18L)&0x3f]^ \
-                DES_SPtrans[6][(u>>26L)&0x3f]^ \
-                DES_SPtrans[1][(t>> 2L)&0x3f]^ \
-                DES_SPtrans[3][(t>>10L)&0x3f]^ \
-                DES_SPtrans[5][(t>>18L)&0x3f]^ \
-                DES_SPtrans[7][(t>>26L)&0x3f]; }
-#endif
-#endif
-
-        /* IP and FP
-         * The problem is more of a geometric problem that random bit fiddling.
-         0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-         8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-        16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-        24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-        32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-        40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-        48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-        56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-        The output has been subject to swaps of the form
-        0 1 -> 3 1 but the odd and even bits have been put into
-        2 3    2 0
-        different words.  The main trick is to remember that
-        t=((l>>size)^r)&(mask);
-        r^=t;
-        l^=(t<<size);
-        can be used to swap and move bits between words.
-
-        So l =  0  1  2  3  r = 16 17 18 19
-                4  5  6  7      20 21 22 23
-                8  9 10 11      24 25 26 27
-               12 13 14 15      28 29 30 31
-        becomes (for size == 2 and mask == 0x3333)
-           t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-                 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-                10^24 11^25 -- --        8  9 24 25      10 11 24 25
-                14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-        Thanks for hints from Richard Outerbridge - he told me IP&FP
-        could be done in 15 xor, 10 shifts and 5 ands.
-        When I finally started to think of the problem in 2D
-        I first got ~42 operations without xors.  When I remembered
-        how to use xors :-) I got it to its final state.
-        */
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-        (b)^=(t),\
-        (a)^=((t)<<(n)))
-
-#define IP(l,r) \
-        { \
-        register DES_LONG tt; \
-        PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-        PERM_OP(l,r,tt,16,0x0000ffffL); \
-        PERM_OP(r,l,tt, 2,0x33333333L); \
-        PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-        PERM_OP(r,l,tt, 1,0x55555555L); \
-        }
-
-#define FP(l,r) \
-        { \
-        register DES_LONG tt; \
-        PERM_OP(l,r,tt, 1,0x55555555L); \
-        PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-        PERM_OP(l,r,tt, 2,0x33333333L); \
-        PERM_OP(r,l,tt,16,0x0000ffffL); \
-        PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-        }
-
-extern const DES_LONG DES_SPtrans[8][64];
-
-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
-                 DES_LONG Eswap0, DES_LONG Eswap1);
-#endif
diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c
deleted file mode 100644
index fa0c9c4d4f..0000000000
--- a/src/lib/libcrypto/des/ecb3_enc.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/des/ecb3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out,
-                      DES_key_schedule *ks1, DES_key_schedule *ks2,
-                      DES_key_schedule *ks3,
-             int enc)
-        {
-        register DES_LONG l0,l1;
-        DES_LONG ll[2];
-
-        c2l(in,l0);
-        c2l(in,l1);
-        ll[0]=l0;
-        ll[1]=l1;
-        if (enc)
-                DES_encrypt3(ll,ks1,ks2,ks3);
-        else
-                DES_decrypt3(ll,ks1,ks2,ks3);
-        l0=ll[0];
-        l1=ll[1];
-        l2c(l0,out);
-        l2c(l1,out);
-        }
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
deleted file mode 100644
index 784aa5ba23..0000000000
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "des_ver.h"
-#include "spr.h"
-#include <openssl/opensslv.h>
-#include <openssl/bio.h>
-
-OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
-
-const char *DES_options(void)
-        {
-        static int init=1;
-        static char buf[32];
-
-        if (init)
-                {
-                const char *ptr,*unroll,*risc,*size;
-
-#ifdef DES_PTR
-                ptr="ptr";
-#else
-                ptr="idx";
-#endif
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-                risc="risc1";
-#endif
-#ifdef DES_RISC2
-                risc="risc2";
-#endif
-#else
-                risc="cisc";
-#endif
-#ifdef DES_UNROLL
-                unroll="16";
-#else
-                unroll="4";
-#endif
-                if (sizeof(DES_LONG) != sizeof(long))
-                        size="int";
-                else
-                        size="long";
-                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
-                             size);
-                init=0;
-                }
-        return(buf);
-        }
-                
-
-void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-                     DES_key_schedule *ks, int enc)
-        {
-        register DES_LONG l;
-        DES_LONG ll[2];
-        const unsigned char *in = &(*input)[0];
-        unsigned char *out = &(*output)[0];
-
-        c2l(in,l); ll[0]=l;
-        c2l(in,l); ll[1]=l;
-        DES_encrypt1(ll,ks,enc);
-        l=ll[0]; l2c(l,out);
-        l=ll[1]; l2c(l,out);
-        l=ll[0]=ll[1]=0;
-        }
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c
deleted file mode 100644
index fa45aa272b..0000000000
--- a/src/lib/libcrypto/des/ede_cbcm_enc.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* ede_cbcm_enc.c */
-/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
- * project 13 Feb 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-
-This is an implementation of Triple DES Cipher Block Chaining with Output
-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
-
-Note that there is a known attack on this by Biham and Knudsen but it takes
-a lot of work:
-
-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
-
-*/
-
-#ifndef OPENSSL_NO_DESCBCM
-#include "des_locl.h"
-
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-             long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-             DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
-             int enc)
-    {
-    register DES_LONG tin0,tin1;
-    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
-    register long l=length;
-    DES_LONG tin[2];
-    unsigned char *iv1,*iv2;
-
-    iv1 = &(*ivec1)[0];
-    iv2 = &(*ivec2)[0];
-
-    if (enc)
-        {
-        c2l(iv1,m0);
-        c2l(iv1,m1);
-        c2l(iv2,tout0);
-        c2l(iv2,tout1);
-        for (l-=8; l>=-7; l-=8)
-            {
-            tin[0]=m0;
-            tin[1]=m1;
-            DES_encrypt1(tin,ks3,1);
-            m0=tin[0];
-            m1=tin[1];
-
-            if(l < 0)
-                {
-                c2ln(in,tin0,tin1,l+8);
-                }
-            else
-                {
-                c2l(in,tin0);
-                c2l(in,tin1);
-                }
-            tin0^=tout0;
-            tin1^=tout1;
-
-            tin[0]=tin0;
-            tin[1]=tin1;
-            DES_encrypt1(tin,ks1,1);
-            tin[0]^=m0;
-            tin[1]^=m1;
-            DES_encrypt1(tin,ks2,0);
-            tin[0]^=m0;
-            tin[1]^=m1;
-            DES_encrypt1(tin,ks1,1);
-            tout0=tin[0];
-            tout1=tin[1];
-
-            l2c(tout0,out);
-            l2c(tout1,out);
-            }
-        iv1=&(*ivec1)[0];
-        l2c(m0,iv1);
-        l2c(m1,iv1);
-
-        iv2=&(*ivec2)[0];
-        l2c(tout0,iv2);
-        l2c(tout1,iv2);
-        }
-    else
-        {
-        register DES_LONG t0,t1;
-
-        c2l(iv1,m0);
-        c2l(iv1,m1);
-        c2l(iv2,xor0);
-        c2l(iv2,xor1);
-        for (l-=8; l>=-7; l-=8)
-            {
-            tin[0]=m0;
-            tin[1]=m1;
-            DES_encrypt1(tin,ks3,1);
-            m0=tin[0];
-            m1=tin[1];
-
-            c2l(in,tin0);
-            c2l(in,tin1);
-
-            t0=tin0;
-            t1=tin1;
-
-            tin[0]=tin0;
-            tin[1]=tin1;
-            DES_encrypt1(tin,ks1,0);
-            tin[0]^=m0;
-            tin[1]^=m1;
-            DES_encrypt1(tin,ks2,1);
-            tin[0]^=m0;
-            tin[1]^=m1;
-            DES_encrypt1(tin,ks1,0);
-            tout0=tin[0];
-            tout1=tin[1];
-
-            tout0^=xor0;
-            tout1^=xor1;
-            if(l < 0)
-                {
-                l2cn(tout0,tout1,out,l+8);
-                }
-            else
-                {
-                l2c(tout0,out);
-                l2c(tout1,out);
-                }
-            xor0=t0;
-            xor1=t1;
-            }
-
-        iv1=&(*ivec1)[0];
-        l2c(m0,iv1);
-        l2c(m1,iv1);
-
-        iv2=&(*ivec2)[0];
-        l2c(xor0,iv2);
-        l2c(xor1,iv2);
-        }
-    tin0=tin1=tout0=tout1=xor0=xor1=0;
-    tin[0]=tin[1]=0;
-    }
-#endif
diff --git a/src/lib/libcrypto/des/enc_read.c b/src/lib/libcrypto/des/enc_read.c
deleted file mode 100644
index c70fb686b8..0000000000
--- a/src/lib/libcrypto/des/enc_read.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/* crypto/des/enc_read.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-
-/* This has some uglies in it but it works - even over sockets. */
-/*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
-
-
-/*
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- *
- *  -  This function uses an internal state and thus cannot be
- *     used on multiple files.
- */
-
-
-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-                 DES_cblock *iv)
-        {
-        /* data to be unencrypted */
-        int net_num=0;
-        static unsigned char *net=NULL;
-        /* extra unencrypted data 
-         * for when a block of 100 comes in but is des_read one byte at
-         * a time. */
-        static unsigned char *unnet=NULL;
-        static int unnet_start=0;
-        static int unnet_left=0;
-        static unsigned char *tmpbuf=NULL;
-        int i;
-        long num=0,rnum;
-        unsigned char *p;
-
-        if (tmpbuf == NULL)
-                {
-                tmpbuf=OPENSSL_malloc(BSIZE);
-                if (tmpbuf == NULL) return(-1);
-                }
-        if (net == NULL)
-                {
-                net=OPENSSL_malloc(BSIZE);
-                if (net == NULL) return(-1);
-                }
-        if (unnet == NULL)
-                {
-                unnet=OPENSSL_malloc(BSIZE);
-                if (unnet == NULL) return(-1);
-                }
-        /* left over data from last decrypt */
-        if (unnet_left != 0)
-                {
-                if (unnet_left < len)
-                        {
-                        /* we still still need more data but will return
-                         * with the number of bytes we have - should always
-                         * check the return value */
-                        memcpy(buf,&(unnet[unnet_start]),
-                               unnet_left);
-                        /* eay 26/08/92 I had the next 2 lines
-                         * reversed :-( */
-                        i=unnet_left;
-                        unnet_start=unnet_left=0;
-                        }
-                else
-                        {
-                        memcpy(buf,&(unnet[unnet_start]),len);
-                        unnet_start+=len;
-                        unnet_left-=len;
-                        i=len;
-                        }
-                return(i);
-                }
-
-        /* We need to get more data. */
-        if (len > MAXWRITE) len=MAXWRITE;
-
-        /* first - get the length */
-        while (net_num < HDRSIZE) 
-                {
-                i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
-#ifdef EINTR
-                if ((i == -1) && (errno == EINTR)) continue;
-#endif
-                if (i <= 0) return(0);
-                net_num+=i;
-                }
-
-        /* we now have at net_num bytes in net */
-        p=net;
-        /* num=0;  */
-        n2l(p,num);
-        /* num should be rounded up to the next group of eight
-         * we make sure that we have read a multiple of 8 bytes from the net.
-         */
-        if ((num > MAXWRITE) || (num < 0)) /* error */
-                return(-1);
-        rnum=(num < 8)?8:((num+7)/8*8);
-
-        net_num=0;
-        while (net_num < rnum)
-                {
-                i=read(fd,(void *)&(net[net_num]),rnum-net_num);
-#ifdef EINTR
-                if ((i == -1) && (errno == EINTR)) continue;
-#endif
-                if (i <= 0) return(0);
-                net_num+=i;
-                }
-
-        /* Check if there will be data left over. */
-        if (len < num)
-                {
-                if (DES_rw_mode & DES_PCBC_MODE)
-                        DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-                else
-                        DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-                memcpy(buf,unnet,len);
-                unnet_start=len;
-                unnet_left=num-len;
-
-                /* The following line is done because we return num
-                 * as the number of bytes read. */
-                num=len;
-                }
-        else
-                {
-                /* >output is a multiple of 8 byes, if len < rnum
-                 * >we must be careful.  The user must be aware that this
-                 * >routine will write more bytes than he asked for.
-                 * >The length of the buffer must be correct.
-                 * FIXED - Should be ok now 18-9-90 - eay */
-                if (len < rnum)
-                        {
-
-                        if (DES_rw_mode & DES_PCBC_MODE)
-                                DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
-                                                 DES_DECRYPT);
-                        else
-                                DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
-                                                DES_DECRYPT);
-
-                        /* eay 26/08/92 fix a bug that returned more
-                         * bytes than you asked for (returned len bytes :-( */
-                        memcpy(buf,tmpbuf,num);
-                        }
-                else
-                        {
-                        if (DES_rw_mode & DES_PCBC_MODE)
-                                DES_pcbc_encrypt(net,buf,num,sched,iv,
-                                                 DES_DECRYPT);
-                        else
-                                DES_cbc_encrypt(net,buf,num,sched,iv,
-                                                DES_DECRYPT);
-                        }
-                }
-        return num;
-        }
-
diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c
deleted file mode 100644
index af5b8c2349..0000000000
--- a/src/lib/libcrypto/des/enc_writ.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-#include <openssl/rand.h>
-
-/*
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- */
-
-int DES_enc_write(int fd, const void *_buf, int len,
-                  DES_key_schedule *sched, DES_cblock *iv)
-        {
-#ifdef _LIBC
-        extern unsigned long time();
-        extern int write();
-#endif
-        const unsigned char *buf=_buf;
-        long rnum;
-        int i,j,k,outnum;
-        static unsigned char *outbuf=NULL;
-        unsigned char shortbuf[8];
-        unsigned char *p;
-        const unsigned char *cp;
-        static int start=1;
-
-        if (outbuf == NULL)
-                {
-                outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
-                if (outbuf == NULL) return(-1);
-                }
-        /* If we are sending less than 8 bytes, the same char will look
-         * the same if we don't pad it out with random bytes */
-        if (start)
-                {
-                start=0;
-                }
-
-        /* lets recurse if we want to send the data in small chunks */
-        if (len > MAXWRITE)
-                {
-                j=0;
-                for (i=0; i<len; i+=k)
-                        {
-                        k=DES_enc_write(fd,&(buf[i]),
-                                ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
-                        if (k < 0)
-                                return(k);
-                        else
-                                j+=k;
-                        }
-                return(j);
-                }
-
-        /* write length first */
-        p=outbuf;
-        l2n(len,p);
-
-        /* pad short strings */
-        if (len < 8)
-                {
-                cp=shortbuf;
-                memcpy(shortbuf,buf,len);
-                RAND_pseudo_bytes(shortbuf+len, 8-len);
-                rnum=8;
-                }
-        else
-                {
-                cp=buf;
-                rnum=((len+7)/8*8); /* round up to nearest eight */
-                }
-
-        if (DES_rw_mode & DES_PCBC_MODE)
-                DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-                                 DES_ENCRYPT); 
-        else
-                DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-                                DES_ENCRYPT); 
-
-        /* output */
-        outnum=rnum+HDRSIZE;
-
-        for (j=0; j<outnum; j+=i)
-                {
-                /* eay 26/08/92 I was not doing writing from where we
-                 * got up to. */
-                i=write(fd,(void *)&(outbuf[j]),outnum-j);
-                if (i == -1)
-                        {
-#ifdef EINTR
-                        if (errno == EINTR)
-                                i=0;
-                        else
-#endif
-                                /* This is really a bad error - very bad
-                                 * It will stuff-up both ends. */
-                                return(-1);
-                        }
-                }
-
-        return(len);
-        }
diff --git a/src/lib/libcrypto/des/fcrypt.c b/src/lib/libcrypto/des/fcrypt.c
deleted file mode 100644
index 2758c32656..0000000000
--- a/src/lib/libcrypto/des/fcrypt.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* NOCW */
-#include <stdio.h>
-#ifdef _OSD_POSIX
-#ifndef CHARSET_EBCDIC
-#define CHARSET_EBCDIC 1
-#endif
-#endif
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * Eric Young (eay@cryptsoft.com)
- */
-
-/* Modification by Jens Kupferschmidt (Cu)
- * I have included directive PARA for shared memory computers.
- * I have included a directive LONGCRYPT to using this routine to cipher
- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of length of password and can changed. I have
- * defined 24.
- */
-
-#include "des_locl.h"
-
-/* Added more values to handle illegal salt values the way normal
- * crypt() implementations do.  The patch was sent by 
- * Bjorn Gronvall <bg@sics.se>
- */
-static unsigned const char con_salt[128]={
-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
-};
-
-static unsigned const char cov_2char[64]={
-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
-                 DES_LONG Eswap0, DES_LONG Eswap1);
-
-char *DES_crypt(const char *buf, const char *salt)
-        {
-        static char buff[14];
-
-#ifndef CHARSET_EBCDIC
-        return(DES_fcrypt(buf,salt,buff));
-#else
-        char e_salt[2+1];
-        char e_buf[32+1];       /* replace 32 by 8 ? */
-        char *ret;
-
-        /* Copy at most 2 chars of salt */
-        if ((e_salt[0] = salt[0]) != '\0')
-            e_salt[1] = salt[1];
-
-        /* Copy at most 32 chars of password */
-        strncpy (e_buf, buf, sizeof(e_buf));
-
-        /* Make sure we have a delimiter */
-        e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
-
-        /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
-        ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
-        /* Convert the cleartext password to ASCII */
-        ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
-
-        /* Encrypt it (from/to ASCII) */
-        ret = DES_fcrypt(e_buf,e_salt,buff);
-
-        /* Convert the result back to EBCDIC */
-        ascii2ebcdic(ret, ret, strlen(ret));
-        
-        return ret;
-#endif
-        }
-
-
-char *DES_fcrypt(const char *buf, const char *salt, char *ret)
-        {
-        unsigned int i,j,x,y;
-        DES_LONG Eswap0,Eswap1;
-        DES_LONG out[2],ll;
-        DES_cblock key;
-        DES_key_schedule ks;
-        unsigned char bb[9];
-        unsigned char *b=bb;
-        unsigned char c,u;
-
-        /* eay 25/08/92
-         * If you call crypt("pwd","*") as often happens when you
-         * have * as the pwd field in /etc/passwd, the function
-         * returns *\0XXXXXXXXX
-         * The \0 makes the string look like * so the pwd "*" would
-         * crypt to "*".  This was found when replacing the crypt in
-         * our shared libraries.  People found that the disabled
-         * accounts effectively had no passwd :-(. */
-#ifndef CHARSET_EBCDIC
-        x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
-        Eswap0=con_salt[x]<<2;
-        x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
-        Eswap1=con_salt[x]<<6;
-#else
-        x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
-        Eswap0=con_salt[x]<<2;
-        x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
-        Eswap1=con_salt[x]<<6;
-#endif
-
-/* EAY
-r=strlen(buf);
-r=(r+7)/8;
-*/
-        for (i=0; i<8; i++)
-                {
-                c= *(buf++);
-                if (!c) break;
-                key[i]=(c<<1);
-                }
-        for (; i<8; i++)
-                key[i]=0;
-
-        DES_set_key_unchecked(&key,&ks);
-        fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
-
-        ll=out[0]; l2c(ll,b);
-        ll=out[1]; l2c(ll,b);
-        y=0;
-        u=0x80;
-        bb[8]=0;
-        for (i=2; i<13; i++)
-                {
-                c=0;
-                for (j=0; j<6; j++)
-                        {
-                        c<<=1;
-                        if (bb[y] & u) c|=1;
-                        u>>=1;
-                        if (!u)
-                                {
-                                y++;
-                                u=0x80;
-                                }
-                        }
-                ret[i]=cov_2char[c];
-                }
-        ret[13]='\0';
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c
deleted file mode 100644
index 1390138787..0000000000
--- a/src/lib/libcrypto/des/fcrypt_b.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* crypto/des/fcrypt_b.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
- * Eric Young (eay@cryptsoft.com)
- */
-
-#define DES_FCRYPT
-#include "des_locl.h"
-#undef DES_FCRYPT
-
-#undef PERM_OP
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-        (b)^=(t),\
-        (a)^=((t)<<(n)))
-
-#undef HPERM_OP
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-        (a)=(a)^(t)^(t>>(16-(n))))\
-
-void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
-                 DES_LONG Eswap1)
-        {
-        register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-        register DES_LONG *s;
-        register int j;
-        register DES_LONG E0,E1;
-
-        l=0;
-        r=0;
-
-        s=(DES_LONG *)ks;
-        E0=Eswap0;
-        E1=Eswap1;
-
-        for (j=0; j<25; j++)
-                {
-#ifndef DES_UNROLL
-                register int i;
-
-                for (i=0; i<32; i+=8)
-                        {
-                        D_ENCRYPT(l,r,i+0); /*  1 */
-                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  1 */
-                        D_ENCRYPT(r,l,i+6); /*  2 */
-                        }
-#else
-                D_ENCRYPT(l,r, 0); /*  1 */
-                D_ENCRYPT(r,l, 2); /*  2 */
-                D_ENCRYPT(l,r, 4); /*  3 */
-                D_ENCRYPT(r,l, 6); /*  4 */
-                D_ENCRYPT(l,r, 8); /*  5 */
-                D_ENCRYPT(r,l,10); /*  6 */
-                D_ENCRYPT(l,r,12); /*  7 */
-                D_ENCRYPT(r,l,14); /*  8 */
-                D_ENCRYPT(l,r,16); /*  9 */
-                D_ENCRYPT(r,l,18); /*  10 */
-                D_ENCRYPT(l,r,20); /*  11 */
-                D_ENCRYPT(r,l,22); /*  12 */
-                D_ENCRYPT(l,r,24); /*  13 */
-                D_ENCRYPT(r,l,26); /*  14 */
-                D_ENCRYPT(l,r,28); /*  15 */
-                D_ENCRYPT(r,l,30); /*  16 */
-#endif
-
-                t=l;
-                l=r;
-                r=t;
-                }
-        l=ROTATE(l,3)&0xffffffffL;
-        r=ROTATE(r,3)&0xffffffffL;
-
-        PERM_OP(l,r,t, 1,0x55555555L);
-        PERM_OP(r,l,t, 8,0x00ff00ffL);
-        PERM_OP(l,r,t, 2,0x33333333L);
-        PERM_OP(r,l,t,16,0x0000ffffL);
-        PERM_OP(l,r,t, 4,0x0f0f0f0fL);
-
-        out[0]=r;
-        out[1]=l;
-        }
-
diff --git a/src/lib/libcrypto/des/ncbc_enc.c b/src/lib/libcrypto/des/ncbc_enc.c
deleted file mode 100644
index fda23d522f..0000000000
--- a/src/lib/libcrypto/des/ncbc_enc.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* crypto/des/ncbc_enc.c */
-/*
- * #included by:
- *    cbc_enc.c  (DES_cbc_encrypt)
- *    des_enc.c  (DES_ncbc_encrypt)
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-#ifdef CBC_ENC_C__DONT_UPDATE_IV
-void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#else
-void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#endif
-        {
-        register DES_LONG tin0,tin1;
-        register DES_LONG tout0,tout1,xor0,xor1;
-        register long l=length;
-        DES_LONG tin[2];
-        unsigned char *iv;
-
-        iv = &(*ivec)[0];
-
-        if (enc)
-                {
-                c2l(iv,tout0);
-                c2l(iv,tout1);
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        tin0^=tout0; tin[0]=tin0;
-                        tin1^=tout1; tin[1]=tin1;
-                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
-                        tout0=tin[0]; l2c(tout0,out);
-                        tout1=tin[1]; l2c(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        c2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0; tin[0]=tin0;
-                        tin1^=tout1; tin[1]=tin1;
-                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
-                        tout0=tin[0]; l2c(tout0,out);
-                        tout1=tin[1]; l2c(tout1,out);
-                        }
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
-                iv = &(*ivec)[0];
-                l2c(tout0,iv);
-                l2c(tout1,iv);
-#endif
-                }
-        else
-                {
-                c2l(iv,xor0);
-                c2l(iv,xor1);
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0;
-                        c2l(in,tin1); tin[1]=tin1;
-                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0;
-                        c2l(in,tin1); tin[1]=tin1;
-                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2cn(tout0,tout1,out,l+8);
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
-                        xor0=tin0;
-                        xor1=tin1;
-#endif
-                        }
-#ifndef CBC_ENC_C__DONT_UPDATE_IV 
-                iv = &(*ivec)[0];
-                l2c(xor0,iv);
-                l2c(xor1,iv);
-#endif
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
diff --git a/src/lib/libcrypto/des/ofb64ede.c b/src/lib/libcrypto/des/ofb64ede.c
deleted file mode 100644
index 26bbf9a6a7..0000000000
--- a/src/lib/libcrypto/des/ofb64ede.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/des/ofb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ede3_ofb64_encrypt(register const unsigned char *in,
-                            register unsigned char *out, long length,
-                            DES_key_schedule *k1, DES_key_schedule *k2,
-                            DES_key_schedule *k3, DES_cblock *ivec,
-                            int *num)
-        {
-        register DES_LONG v0,v1;
-        register int n= *num;
-        register long l=length;
-        DES_cblock d;
-        register char *dp;
-        DES_LONG ti[2];
-        unsigned char *iv;
-        int save=0;
-
-        iv = &(*ivec)[0];
-        c2l(iv,v0);
-        c2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        dp=(char *)d;
-        l2c(v0,dp);
-        l2c(v1,dp);
-        while (l--)
-                {
-                if (n == 0)
-                        {
-                        /* ti[0]=v0; */
-                        /* ti[1]=v1; */
-                        DES_encrypt3(ti,k1,k2,k3);
-                        v0=ti[0];
-                        v1=ti[1];
-
-                        dp=(char *)d;
-                        l2c(v0,dp);
-                        l2c(v1,dp);
-                        save++;
-                        }
-                *(out++)= *(in++)^d[n];
-                n=(n+1)&0x07;
-                }
-        if (save)
-                {
-/*              v0=ti[0];
-                v1=ti[1];*/
-                iv = &(*ivec)[0];
-                l2c(v0,iv);
-                l2c(v1,iv);
-                }
-        v0=v1=ti[0]=ti[1]=0;
-        *num=n;
-        }
-
-#ifdef undef /* MACRO */
-void DES_ede2_ofb64_encrypt(register unsigned char *in,
-             register unsigned char *out, long length, DES_key_schedule k1,
-             DES_key_schedule k2, DES_cblock (*ivec), int *num)
-        {
-        DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
-        }
-#endif
diff --git a/src/lib/libcrypto/des/ofb64enc.c b/src/lib/libcrypto/des/ofb64enc.c
deleted file mode 100644
index 8ca3d49dea..0000000000
--- a/src/lib/libcrypto/des/ofb64enc.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/des/ofb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ofb64_encrypt(register const unsigned char *in,
-                       register unsigned char *out, long length,
-                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
-        {
-        register DES_LONG v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        DES_cblock d;
-        register unsigned char *dp;
-        DES_LONG ti[2];
-        unsigned char *iv;
-        int save=0;
-
-        iv = &(*ivec)[0];
-        c2l(iv,v0);
-        c2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        dp=d;
-        l2c(v0,dp);
-        l2c(v1,dp);
-        while (l--)
-                {
-                if (n == 0)
-                        {
-                        DES_encrypt1(ti,schedule,DES_ENCRYPT);
-                        dp=d;
-                        t=ti[0]; l2c(t,dp);
-                        t=ti[1]; l2c(t,dp);
-                        save++;
-                        }
-                *(out++)= *(in++)^d[n];
-                n=(n+1)&0x07;
-                }
-        if (save)
-                {
-                v0=ti[0];
-                v1=ti[1];
-                iv = &(*ivec)[0];
-                l2c(v0,iv);
-                l2c(v1,iv);
-                }
-        t=v0=v1=ti[0]=ti[1]=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/des/ofb_enc.c b/src/lib/libcrypto/des/ofb_enc.c
deleted file mode 100644
index e887a3c6f4..0000000000
--- a/src/lib/libcrypto/des/ofb_enc.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* crypto/des/ofb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                     long length, DES_key_schedule *schedule,
-                     DES_cblock *ivec)
-        {
-        register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
-        register DES_LONG mask0,mask1;
-        register long l=length;
-        register int num=numbits;
-        DES_LONG ti[2];
-        unsigned char *iv;
-
-        if (num > 64) return;
-        if (num > 32)
-                {
-                mask0=0xffffffffL;
-                if (num >= 64)
-                        mask1=mask0;
-                else
-                        mask1=(1L<<(num-32))-1;
-                }
-        else
-                {
-                if (num == 32)
-                        mask0=0xffffffffL;
-                else
-                        mask0=(1L<<num)-1;
-                mask1=0x00000000L;
-                }
-
-        iv = &(*ivec)[0];
-        c2l(iv,v0);
-        c2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        while (l-- > 0)
-                {
-                ti[0]=v0;
-                ti[1]=v1;
-                DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-                vv0=ti[0];
-                vv1=ti[1];
-                c2ln(in,d0,d1,n);
-                in+=n;
-                d0=(d0^vv0)&mask0;
-                d1=(d1^vv1)&mask1;
-                l2cn(d0,d1,out,n);
-                out+=n;
-
-                if (num == 32)
-                        { v0=v1; v1=vv0; }
-                else if (num == 64)
-                                { v0=vv0; v1=vv1; }
-                else if (num > 32) /* && num != 64 */
-                        {
-                        v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
-                        v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
-                        }
-                else /* num < 32 */
-                        {
-                        v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-                        v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
-                        }
-                }
-        iv = &(*ivec)[0];
-        l2c(v0,iv);
-        l2c(v1,iv);
-        v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
-        }
-
diff --git a/src/lib/libcrypto/des/pcbc_enc.c b/src/lib/libcrypto/des/pcbc_enc.c
deleted file mode 100644
index 17a40f9520..0000000000
--- a/src/lib/libcrypto/des/pcbc_enc.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/des/pcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-                      long length, DES_key_schedule *schedule,
-                      DES_cblock *ivec, int enc)
-        {
-        register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
-        DES_LONG tin[2];
-        const unsigned char *in;
-        unsigned char *out,*iv;
-
-        in=input;
-        out=output;
-        iv = &(*ivec)[0];
-
-        if (enc)
-                {
-                c2l(iv,xor0);
-                c2l(iv,xor1);
-                for (; length>0; length-=8)
-                        {
-                        if (length >= 8)
-                                {
-                                c2l(in,sin0);
-                                c2l(in,sin1);
-                                }
-                        else
-                                c2ln(in,sin0,sin1,length);
-                        tin[0]=sin0^xor0;
-                        tin[1]=sin1^xor1;
-                        DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-                        tout0=tin[0];
-                        tout1=tin[1];
-                        xor0=sin0^tout0;
-                        xor1=sin1^tout1;
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        }
-                }
-        else
-                {
-                c2l(iv,xor0); c2l(iv,xor1);
-                for (; length>0; length-=8)
-                        {
-                        c2l(in,sin0);
-                        c2l(in,sin1);
-                        tin[0]=sin0;
-                        tin[1]=sin1;
-                        DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        if (length >= 8)
-                                {
-                                l2c(tout0,out);
-                                l2c(tout1,out);
-                                }
-                        else
-                                l2cn(tout0,tout1,out,length);
-                        xor0=tout0^sin0;
-                        xor1=tout1^sin1;
-                        }
-                }
-        tin[0]=tin[1]=0;
-        sin0=sin1=xor0=xor1=tout0=tout1=0;
-        }
diff --git a/src/lib/libcrypto/des/qud_cksm.c b/src/lib/libcrypto/des/qud_cksm.c
deleted file mode 100644
index dac201227e..0000000000
--- a/src/lib/libcrypto/des/qud_cksm.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/des/qud_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
- * This module in only based on the code in this paper and is
- * almost definitely not the same as the MIT implementation.
- */
-#include "des_locl.h"
-
-/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
-#define Q_B0(a) (((DES_LONG)(a)))
-#define Q_B1(a) (((DES_LONG)(a))<<8)
-#define Q_B2(a) (((DES_LONG)(a))<<16)
-#define Q_B3(a) (((DES_LONG)(a))<<24)
-
-/* used to scramble things a bit */
-/* Got the value MIT uses via brute force :-) 2/10/90 eay */
-#define NOISE   ((DES_LONG)83653421L)
-
-DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-             long length, int out_count, DES_cblock *seed)
-        {
-        DES_LONG z0,z1,t0,t1;
-        int i;
-        long l;
-        const unsigned char *cp;
-#ifdef _CRAY
-        struct lp_st { int a:32; int b:32; } *lp;
-#else
-        DES_LONG *lp;
-#endif
-
-        if (out_count < 1) out_count=1;
-#ifdef _CRAY
-        lp = (struct lp_st *) &(output[0])[0];
-#else
-        lp = (DES_LONG *) &(output[0])[0];
-#endif
-
-        z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
-        z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
-
-        for (i=0; ((i<4)&&(i<out_count)); i++)
-                {
-                cp=input;
-                l=length;
-                while (l > 0)
-                        {
-                        if (l > 1)
-                                {
-                                t0= (DES_LONG)(*(cp++));
-                                t0|=(DES_LONG)Q_B1(*(cp++));
-                                l--;
-                                }
-                        else
-                                t0= (DES_LONG)(*(cp++));
-                        l--;
-                        /* add */
-                        t0+=z0;
-                        t0&=0xffffffffL;
-                        t1=z1;
-                        /* square, well sort of square */
-                        z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
-                                &0xffffffffL)%0x7fffffffL; 
-                        z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
-                        }
-                if (lp != NULL)
-                        {
-                        /* The MIT library assumes that the checksum is
-                         * composed of 2*out_count 32 bit ints */
-#ifdef _CRAY
-                        (*lp).a = z0;
-                        (*lp).b = z1;
-                        lp++;
-#else
-                        *lp++ = z0;
-                        *lp++ = z1;
-#endif
-                        }
-                }
-        return(z0);
-        }
-
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c
deleted file mode 100644
index 2398165568..0000000000
--- a/src/lib/libcrypto/des/rand_key.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* crypto/des/rand_key.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-int DES_random_key(DES_cblock *ret)
-        {
-        do
-                {
-                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-                        return (0);
-                } while (DES_is_weak_key(ret));
-        DES_set_odd_parity(ret);
-        return (1);
-        }
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
deleted file mode 100644
index 8881d46a7a..0000000000
--- a/src/lib/libcrypto/des/set_key.c
+++ /dev/null
@@ -1,411 +0,0 @@
-/* crypto/des/set_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* set_key.c v 1.4 eay 24/9/91
- * 1.4 Speed up by 400% :-)
- * 1.3 added register declarations.
- * 1.2 unrolled make_key_sched a bit more
- * 1.1 added norm_expand_bits
- * 1.0 First working version
- */
-#include "des_locl.h"
-
-#ifndef OPENSSL_FIPS
-
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);    /* defaults to false */
-
-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
-
-void DES_set_odd_parity(DES_cblock *key)
-        {
-        int i;
-
-        for (i=0; i<DES_KEY_SZ; i++)
-                (*key)[i]=odd_parity[(*key)[i]];
-        }
-
-int DES_check_key_parity(const_DES_cblock *key)
-        {
-        int i;
-
-        for (i=0; i<DES_KEY_SZ; i++)
-                {
-                if ((*key)[i] != odd_parity[(*key)[i]])
-                        return(0);
-                }
-        return(1);
-        }
-
-/* Weak and semi week keys as take from
- * %A D.W. Davies
- * %A W.L. Price
- * %T Security for Computer Networks
- * %I John Wiley & Sons
- * %D 1984
- * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
- */
-#define NUM_WEAK_KEY    16
-static DES_cblock weak_keys[NUM_WEAK_KEY]={
-        /* weak keys */
-        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-        {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
-        {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
-        /* semi-weak keys */
-        {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
-        {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
-        {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
-        {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
-        {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
-        {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
-        {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
-        {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
-        {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
-        {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
-        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-        {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
-
-int DES_is_weak_key(const_DES_cblock *key)
-        {
-        int i;
-
-        for (i=0; i<NUM_WEAK_KEY; i++)
-                /* Added == 0 to comparison, I obviously don't run
-                 * this section very often :-(, thanks to
-                 * engineering@MorningStar.Com for the fix
-                 * eay 93/06/29
-                 * Another problem, I was comparing only the first 4
-                 * bytes, 97/03/18 */
-                if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
-        return(0);
-        }
-
-/* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
- * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- *      (b)^=(t),\
- *      (a)=((a)^((t)<<(n))))
- */
-
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-        (a)=(a)^(t)^(t>>(16-(n))))
-
-static const DES_LONG des_skb[8][64]={
-        {
-        /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-        0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-        0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-        0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-        0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-        0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-        0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-        0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-        0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-        0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-        0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-        0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-        0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-        0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-        0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-        0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-        0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-        },{
-        /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-        0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-        0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-        0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-        0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-        0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-        0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-        0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-        0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-        0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-        0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-        0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-        0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-        0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-        0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-        0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-        0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-        },{
-        /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-        0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-        0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-        0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-        0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-        0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-        0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-        0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-        0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-        0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-        0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-        0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-        0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-        0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-        0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-        0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-        0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-        },{
-        /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-        0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-        0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-        0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-        0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-        0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-        0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-        0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-        0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-        0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-        0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-        0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-        0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-        0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-        0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-        0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-        0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-        },{
-        /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-        0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-        0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-        0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-        0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-        0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-        0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-        0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-        0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-        0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-        0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-        0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-        0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-        0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-        0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-        0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-        0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-        },{
-        /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-        0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-        0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-        0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-        0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-        0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-        0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-        0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-        0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-        0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-        0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-        0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-        0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-        0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-        0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-        0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-        0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-        },{
-        /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-        0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-        0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-        0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-        0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-        0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-        0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-        0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-        0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-        0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-        0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-        0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-        0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-        0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-        0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-        0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-        0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-        },{
-        /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-        0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-        0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-        0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-        0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-        0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-        0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-        0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-        0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-        0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-        0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-        0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-        0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-        0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-        0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-        0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-        0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-        }};
-
-int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
-        {
-        if (DES_check_key)
-                {
-                return DES_set_key_checked(key, schedule);
-                }
-        else
-                {
-                DES_set_key_unchecked(key, schedule);
-                return 0;
-                }
-        }
-
-/* return 0 if key parity is odd (correct),
- * return -1 if key parity error,
- * return -2 if illegal weak key.
- */
-int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
-        {
-        if (!DES_check_key_parity(key))
-                return(-1);
-        if (DES_is_weak_key(key))
-                return(-2);
-        DES_set_key_unchecked(key, schedule);
-        return 0;
-        }
-
-void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-        {
-        static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
-        register DES_LONG c,d,t,s,t2;
-        register const unsigned char *in;
-        register DES_LONG *k;
-        register int i;
-
-#ifdef OPENBSD_DEV_CRYPTO
-        memcpy(schedule->key,key,sizeof schedule->key);
-        schedule->session=NULL;
-#endif
-        k = &schedule->ks->deslong[0];
-        in = &(*key)[0];
-
-        c2l(in,c);
-        c2l(in,d);
-
-        /* do PC1 in 47 simple operations :-)
-         * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-         * for the inspiration. :-) */
-        PERM_OP (d,c,t,4,0x0f0f0f0fL);
-        HPERM_OP(c,t,-2,0xcccc0000L);
-        HPERM_OP(d,t,-2,0xcccc0000L);
-        PERM_OP (d,c,t,1,0x55555555L);
-        PERM_OP (c,d,t,8,0x00ff00ffL);
-        PERM_OP (d,c,t,1,0x55555555L);
-        d=      (((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
-                 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
-        c&=0x0fffffffL;
-
-        for (i=0; i<ITERATIONS; i++)
-                {
-                if (shifts2[i])
-                        { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
-                else
-                        { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
-                c&=0x0fffffffL;
-                d&=0x0fffffffL;
-                /* could be a few less shifts but I am to lazy at this
-                 * point in time to investigate */
-                s=      des_skb[0][ (c    )&0x3f                ]|
-                        des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
-                        des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
-                        des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
-                                                  ((c>>22L)&0x38)];
-                t=      des_skb[4][ (d    )&0x3f                ]|
-                        des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
-                        des_skb[6][ (d>>15L)&0x3f                ]|
-                        des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
-
-                /* table contained 0213 4657 */
-                t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
-                *(k++)=ROTATE(t2,30)&0xffffffffL;
-
-                t2=((s>>16L)|(t&0xffff0000L));
-                *(k++)=ROTATE(t2,26)&0xffffffffL;
-                }
-        }
-
-int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
-        {
-        return(DES_set_key(key,schedule));
-        }
-/*
-#undef des_fixup_key_parity
-void des_fixup_key_parity(des_cblock *key)
-        {
-        des_set_odd_parity(key);
-        }
-*/
-
-#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/des/spr.h b/src/lib/libcrypto/des/spr.h
deleted file mode 100644
index b91936a5a5..0000000000
--- a/src/lib/libcrypto/des/spr.h
+++ /dev/null
@@ -1,204 +0,0 @@
-/* crypto/des/spr.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
-{
-/* nibble 0 */
-0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
-0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
-0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
-0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
-0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
-0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
-0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
-0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
-0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
-0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
-0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
-0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
-0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
-0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
-0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
-0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
-},{
-/* nibble 1 */
-0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
-0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
-0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
-0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
-0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
-0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
-0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
-0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
-0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
-0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
-0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
-0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
-0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
-0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
-0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
-0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
-},{
-/* nibble 2 */
-0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
-0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
-0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
-0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
-0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
-0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
-0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
-0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
-0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
-0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
-0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
-0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
-0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
-0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
-},{
-/* nibble 3 */
-0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
-0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
-0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
-0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
-0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
-0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
-0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
-0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
-0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
-0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
-0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
-0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
-0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
-0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
-0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
-0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
-},{
-/* nibble 4 */
-0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
-0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
-0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
-0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
-0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
-0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
-0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
-0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
-0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
-0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
-0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
-0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
-0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
-0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
-},{
-/* nibble 5 */
-0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
-0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
-0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
-0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
-0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
-0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
-0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
-0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
-0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
-0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
-0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
-0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
-0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
-0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
-0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
-0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
-},{
-/* nibble 6 */
-0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
-0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
-0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
-0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
-0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
-0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
-0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
-0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
-0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
-0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
-0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
-0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
-0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
-0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
-0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
-0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
-},{
-/* nibble 7 */
-0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
-0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
-0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
-0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
-0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
-0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
-0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
-0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
-0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
-0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
-0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
-0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
-0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
-0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
-}};
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
deleted file mode 100644
index 0373db469c..0000000000
--- a/src/lib/libcrypto/des/str2key.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* crypto/des/str2key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_string_to_key(const char *str, DES_cblock *key)
-        {
-        DES_key_schedule ks;
-        int i,length;
-        register unsigned char j;
-
-        memset(key,0,8);
-        length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-        for (i=0; i<length; i++)
-                (*key)[i%8]^=(str[i]<<1);
-#else /* MIT COMPATIBLE */
-        for (i=0; i<length; i++)
-                {
-                j=str[i];
-                if ((i%16) < 8)
-                        (*key)[i%8]^=(j<<1);
-                else
-                        {
-                        /* Reverse the bit order 05/05/92 eay */
-                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
-                        j=((j<<2)&0xcc)|((j>>2)&0x33);
-                        j=((j<<1)&0xaa)|((j>>1)&0x55);
-                        (*key)[7-(i%8)]^=j;
-                        }
-                }
-#endif
-        DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-        if(DES_is_weak_key(key))
-            (*key)[7] ^= 0xF0;
-        DES_set_key(key,&ks);
-#else
-        DES_set_key_unchecked(key,&ks);
-#endif
-        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-        OPENSSL_cleanse(&ks,sizeof(ks));
-        DES_set_odd_parity(key);
-        }
-
-void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
-        {
-        DES_key_schedule ks;
-        int i,length;
-        register unsigned char j;
-
-        memset(key1,0,8);
-        memset(key2,0,8);
-        length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-        if (length <= 8)
-                {
-                for (i=0; i<length; i++)
-                        {
-                        (*key2)[i]=(*key1)[i]=(str[i]<<1);
-                        }
-                }
-        else
-                {
-                for (i=0; i<length; i++)
-                        {
-                        if ((i/8)&1)
-                                (*key2)[i%8]^=(str[i]<<1);
-                        else
-                                (*key1)[i%8]^=(str[i]<<1);
-                        }
-                }
-#else /* MIT COMPATIBLE */
-        for (i=0; i<length; i++)
-                {
-                j=str[i];
-                if ((i%32) < 16)
-                        {
-                        if ((i%16) < 8)
-                                (*key1)[i%8]^=(j<<1);
-                        else
-                                (*key2)[i%8]^=(j<<1);
-                        }
-                else
-                        {
-                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
-                        j=((j<<2)&0xcc)|((j>>2)&0x33);
-                        j=((j<<1)&0xaa)|((j>>1)&0x55);
-                        if ((i%16) < 8)
-                                (*key1)[7-(i%8)]^=j;
-                        else
-                                (*key2)[7-(i%8)]^=j;
-                        }
-                }
-        if (length <= 8) memcpy(key2,key1,8);
-#endif
-        DES_set_odd_parity(key1);
-        DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-        if(DES_is_weak_key(key1))
-            (*key1)[7] ^= 0xF0;
-        DES_set_key(key1,&ks);
-#else
-        DES_set_key_unchecked(key1,&ks);
-#endif
-        DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-        if(DES_is_weak_key(key2))
-            (*key2)[7] ^= 0xF0;
-        DES_set_key(key2,&ks);
-#else
-        DES_set_key_unchecked(key2,&ks);
-#endif
-        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-        OPENSSL_cleanse(&ks,sizeof(ks));
-        DES_set_odd_parity(key1);
-        DES_set_odd_parity(key2);
-        }
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c
deleted file mode 100644
index 47246eb466..0000000000
--- a/src/lib/libcrypto/des/xcbc_enc.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/* crypto/des/xcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* RSA's DESX */
-
-static unsigned char desx_white_in2out[256]={
-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
-        };
-
-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
-             DES_cblock *out_white)
-        {
-        int out0,out1;
-        int i;
-        const unsigned char *key = &(*des_key)[0];
-        const unsigned char *in = &(*in_white)[0];
-        unsigned char *out = &(*out_white)[0];
-
-        out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
-        out0=out1=0;
-        for (i=0; i<8; i++)
-                {
-                out[i]=key[i]^desx_white_in2out[out0^out1];
-                out0=out1;
-                out1=(int)out[i&0x07];
-                }
-
-        out0=out[0];
-        out1=out[i];
-        for (i=0; i<8; i++)
-                {
-                out[i]=in[i]^desx_white_in2out[out0^out1];
-                out0=out1;
-                out1=(int)out[i&0x07];
-                }
-        }
-
-void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, DES_key_schedule *schedule,
-                      DES_cblock *ivec, const_DES_cblock *inw,
-                      const_DES_cblock *outw, int enc)
-        {
-        register DES_LONG tin0,tin1;
-        register DES_LONG tout0,tout1,xor0,xor1;
-        register DES_LONG inW0,inW1,outW0,outW1;
-        register const unsigned char *in2;
-        register long l=length;
-        DES_LONG tin[2];
-        unsigned char *iv;
-
-        in2 = &(*inw)[0];
-        c2l(in2,inW0);
-        c2l(in2,inW1);
-        in2 = &(*outw)[0];
-        c2l(in2,outW0);
-        c2l(in2,outW1);
-
-        iv = &(*ivec)[0];
-
-        if (enc)
-                {
-                c2l(iv,tout0);
-                c2l(iv,tout1);
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        tin0^=tout0^inW0; tin[0]=tin0;
-                        tin1^=tout1^inW1; tin[1]=tin1;
-                        DES_encrypt1(tin,schedule,DES_ENCRYPT);
-                        tout0=tin[0]^outW0; l2c(tout0,out);
-                        tout1=tin[1]^outW1; l2c(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        c2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0^inW0; tin[0]=tin0;
-                        tin1^=tout1^inW1; tin[1]=tin1;
-                        DES_encrypt1(tin,schedule,DES_ENCRYPT);
-                        tout0=tin[0]^outW0; l2c(tout0,out);
-                        tout1=tin[1]^outW1; l2c(tout1,out);
-                        }
-                iv = &(*ivec)[0];
-                l2c(tout0,iv);
-                l2c(tout1,iv);
-                }
-        else
-                {
-                c2l(iv,xor0);
-                c2l(iv,xor1);
-                for (l-=8; l>0; l-=8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0^outW0;
-                        c2l(in,tin1); tin[1]=tin1^outW1;
-                        DES_encrypt1(tin,schedule,DES_DECRYPT);
-                        tout0=tin[0]^xor0^inW0;
-                        tout1=tin[1]^xor1^inW1;
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0^outW0;
-                        c2l(in,tin1); tin[1]=tin1^outW1;
-                        DES_encrypt1(tin,schedule,DES_DECRYPT);
-                        tout0=tin[0]^xor0^inW0;
-                        tout1=tin[1]^xor1^inW1;
-                        l2cn(tout0,tout1,out,l+8);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-
-                iv = &(*ivec)[0];
-                l2c(xor0,iv);
-                l2c(xor1,iv);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        inW0=inW1=outW0=outW1=0;
-        tin[0]=tin[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
deleted file mode 100644
index 582b34329f..0000000000
--- a/src/lib/libcrypto/dh/dh.h
+++ /dev/null
@@ -1,223 +0,0 @@
-/* crypto/dh/dh.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DH_H
-#define HEADER_DH_H
-
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-        
-#define OPENSSL_DH_MAX_MODULUS_BITS     10000
-
-#define DH_FLAG_CACHE_MONT_P     0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
-                                       * implementation now uses constant time
-                                       * modular exponentiation for secret exponents
-                                       * by default. This flag causes the
-                                       * faster variable sliding window method to
-                                       * be used for all exponents.
-                                       */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct dh_st DH;
-
-typedef struct dh_method {
-        const char *name;
-        /* Methods here */
-        int (*generate_key)(DH *dh);
-        int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-        int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
-                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx); /* Can be null */
-
-        int (*init)(DH *dh);
-        int (*finish)(DH *dh);
-        int flags;
-        char *app_data;
-} DH_METHOD;
-
-struct dh_st
-        {
-        /* This first argument is used to pick up errors when
-         * a DH is passed instead of a EVP_PKEY */
-        int pad;
-        int version;
-        BIGNUM *p;
-        BIGNUM *g;
-        int length; /* optional */
-        BIGNUM *pub_key;        /* g^x */
-        BIGNUM *priv_key;       /* x */
-
-        int flags;
-        char *method_mont_p;
-        /* Place holders if we want to do X9.42 DH */
-        BIGNUM *q;
-        BIGNUM *j;
-        unsigned char *seed;
-        int seedlen;
-        BIGNUM *counter;
-
-        int references;
-        CRYPTO_EX_DATA ex_data;
-        const DH_METHOD *meth;
-        ENGINE *engine;
-        };
-
-#define DH_GENERATOR_2          2
-/* #define DH_GENERATOR_3       3 */
-#define DH_GENERATOR_5          5
-
-/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME            0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME       0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR    0x04
-#define DH_NOT_SUITABLE_GENERATOR       0x08
-
-/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL       0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE       0x02
-
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
-   this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
-
-#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
-                (char *(*)())d2i_DHparams,(char *)(x))
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
-                (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
-                (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
-#ifdef  __cplusplus
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
-                (unsigned char *)(x))
-#else
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
-                (unsigned char *)(x))
-#endif
-
-const DH_METHOD *DH_OpenSSL(void);
-
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
-
-DH *    DH_new(void);
-void    DH_free(DH *dh);
-int     DH_up_ref(DH *dh);
-int     DH_size(const DH *dh);
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
-DH *    DH_generate_parameters(int prime_len,int generator,
-                void (*callback)(int,int,void *),void *cb_arg);
-int     DH_check(const DH *dh,int *codes);
-int     DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int     DH_generate_key(DH *dh);
-int     DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH *    d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int     i2d_DHparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_FP_API
-int     DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int     DHparams_print(BIO *bp, const DH *x);
-#else
-int     DHparams_print(char *bp, const DH *x);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DH_strings(void);
-
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_DHPARAMS_PRINT                              100
-#define DH_F_DHPARAMS_PRINT_FP                           101
-#define DH_F_DH_COMPUTE_KEY                              102
-#define DH_F_DH_GENERATE_KEY                             103
-#define DH_F_DH_GENERATE_PARAMETERS                      104
-#define DH_F_DH_NEW_METHOD                               105
-
-/* Reason codes. */
-#define DH_R_BAD_GENERATOR                               101
-#define DH_R_NO_PRIVATE_VALUE                            100
-#define DH_R_INVALID_PUBKEY                              102
-#define DH_R_MODULUS_TOO_LARGE                           103
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
deleted file mode 100644
index 769b5b68c5..0000000000
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-
-/* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_NEW_PRE) {
-                *pval = (ASN1_VALUE *)DH_new();
-                if(*pval) return 2;
-                return 0;
-        } else if(operation == ASN1_OP_FREE_PRE) {
-                DH_free((DH *)*pval);
-                *pval = NULL;
-                return 2;
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
-        ASN1_SIMPLE(DH, p, BIGNUM),
-        ASN1_SIMPLE(DH, g, BIGNUM),
-        ASN1_OPT(DH, length, ZLONG),
-} ASN1_SEQUENCE_END_cb(DH, DHparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
deleted file mode 100644
index 17debff62d..0000000000
--- a/src/lib/libcrypto/dh/dh_check.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-/* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that is is a suitable generator
- * where
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5
- * for 5, p mod 10 == 3 or 7
- * should hold.
- */
-
-#ifndef OPENSSL_FIPS
-
-int DH_check(const DH *dh, int *ret)
-        {
-        int ok=0;
-        BN_CTX *ctx=NULL;
-        BN_ULONG l;
-        BIGNUM *q=NULL;
-
-        *ret=0;
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        q=BN_new();
-        if (q == NULL) goto err;
-
-        if (BN_is_word(dh->g,DH_GENERATOR_2))
-                {
-                l=BN_mod_word(dh->p,24);
-                if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }
-#if 0
-        else if (BN_is_word(dh->g,DH_GENERATOR_3))
-                {
-                l=BN_mod_word(dh->p,12);
-                if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }
-#endif
-        else if (BN_is_word(dh->g,DH_GENERATOR_5))
-                {
-                l=BN_mod_word(dh->p,10);
-                if ((l != 3) && (l != 7))
-                        *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }
-        else
-                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-
-        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
-                *ret|=DH_CHECK_P_NOT_PRIME;
-        else
-                {
-                if (!BN_rshift1(q,dh->p)) goto err;
-                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
-                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
-                }
-        ok=1;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (q != NULL) BN_free(q);
-        return(ok);
-        }
-
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
-        {
-        int ok=0;
-        BIGNUM *q=NULL;
-
-        *ret=0;
-        q=BN_new();
-        if (q == NULL) goto err;
-        BN_set_word(q,1);
-        if (BN_cmp(pub_key,q) <= 0)
-                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
-        BN_copy(q,dh->p);
-        BN_sub_word(q,1);
-        if (BN_cmp(pub_key,q) >= 0)
-                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
-
-        ok = 1;
-err:
-        if (q != NULL) BN_free(q);
-        return(ok);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
deleted file mode 100644
index 611067ef4a..0000000000
--- a/src/lib/libcrypto/dh/dh_err.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/dh/dh_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-
-static ERR_STRING_DATA DH_str_functs[]=
-        {
-{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA DH_str_reasons[]=
-        {
-{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
-{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_DH_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,DH_str_functs);
-                ERR_load_strings(0,DH_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
deleted file mode 100644
index 23777f5a16..0000000000
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-/* We generate DH parameters as follows
- * find a prime q which is prime_len/2 bits long.
- * p=(2*q)+1 or (p-1)/2 = q
- * For this case, g is a generator if
- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
- * Since the factors of p-1 are q and 2, we just need to check
- * g^2 mod p != 1 and g^q mod p != 1.
- *
- * Having said all that,
- * there is another special case method for the generators 2, 3 and 5.
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
- * for 5, p mod 10 == 3 or 7
- *
- * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
- * special generators and for answering some of my questions.
- *
- * I've implemented the second simple method :-).
- * Since DH should be using a safe prime (both p and q are prime),
- * this generator function can take a very very long time to run.
- */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
-
-#ifndef OPENSSL_FIPS
-
-DH *DH_generate_parameters(int prime_len, int generator,
-             void (*callback)(int,int,void *), void *cb_arg)
-        {
-        BIGNUM *p=NULL,*t1,*t2;
-        DH *ret=NULL;
-        int g,ok= -1;
-        BN_CTX *ctx=NULL;
-
-        ret=DH_new();
-        if (ret == NULL) goto err;
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        BN_CTX_start(ctx);
-        t1 = BN_CTX_get(ctx);
-        t2 = BN_CTX_get(ctx);
-        if (t1 == NULL || t2 == NULL) goto err;
-        
-        if (generator <= 1)
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
-                goto err;
-                }
-        if (generator == DH_GENERATOR_2)
-                {
-                if (!BN_set_word(t1,24)) goto err;
-                if (!BN_set_word(t2,11)) goto err;
-                g=2;
-                }
-#if 0 /* does not work for safe primes */
-        else if (generator == DH_GENERATOR_3)
-                {
-                if (!BN_set_word(t1,12)) goto err;
-                if (!BN_set_word(t2,5)) goto err;
-                g=3;
-                }
-#endif
-        else if (generator == DH_GENERATOR_5)
-                {
-                if (!BN_set_word(t1,10)) goto err;
-                if (!BN_set_word(t2,3)) goto err;
-                /* BN_set_word(t3,7); just have to miss
-                 * out on these ones :-( */
-                g=5;
-                }
-        else
-                {
-                /* in the general case, don't worry if 'generator' is a
-                 * generator or not: since we are using safe primes,
-                 * it will generate either an order-q or an order-2q group,
-                 * which both is OK */
-                if (!BN_set_word(t1,2)) goto err;
-                if (!BN_set_word(t2,1)) goto err;
-                g=generator;
-                }
-        
-        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
-        if (p == NULL) goto err;
-        if (callback != NULL) callback(3,0,cb_arg);
-        ret->p=p;
-        ret->g=BN_new();
-        if (ret->g == NULL) goto err;
-        if (!BN_set_word(ret->g,g)) goto err;
-        ok=1;
-err:
-        if (ok == -1)
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
-                ok=0;
-                }
-
-        if (ctx != NULL)
-                {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-                }
-        if (!ok && (ret != NULL))
-                {
-                DH_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
deleted file mode 100644
index 74de589204..0000000000
--- a/src/lib/libcrypto/dh/dh_key.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/dh.h>
-
-#ifndef OPENSSL_FIPS
-
-static int generate_key(DH *dh);
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-                        const BIGNUM *a, const BIGNUM *p,
-                        const BIGNUM *m, BN_CTX *ctx,
-                        BN_MONT_CTX *m_ctx);
-static int dh_init(DH *dh);
-static int dh_finish(DH *dh);
-
-int DH_generate_key(DH *dh)
-        {
-        return dh->meth->generate_key(dh);
-        }
-
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-        {
-        return dh->meth->compute_key(key, pub_key, dh);
-        }
-
-static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL
-};
-
-const DH_METHOD *DH_OpenSSL(void)
-{
-        return &dh_ossl;
-}
-
-static int generate_key(DH *dh)
-        {
-        int ok=0;
-        int generate_new_key=0;
-        unsigned l;
-        BN_CTX *ctx;
-        BN_MONT_CTX *mont=NULL;
-        BIGNUM *pub_key=NULL,*priv_key=NULL;
-
-        ctx = BN_CTX_new();
-        if (ctx == NULL) goto err;
-
-        if (dh->priv_key == NULL)
-                {
-                priv_key=BN_new();
-                if (priv_key == NULL) goto err;
-                generate_new_key=1;
-                }
-        else
-                priv_key=dh->priv_key;
-
-        if (dh->pub_key == NULL)
-                {
-                pub_key=BN_new();
-                if (pub_key == NULL) goto err;
-                }
-        else
-                pub_key=dh->pub_key;
-
-
-        if (dh->flags & DH_FLAG_CACHE_MONT_P)
-                {
-                mont = BN_MONT_CTX_set_locked(
-                                (BN_MONT_CTX **)&dh->method_mont_p,
-                                CRYPTO_LOCK_DH, dh->p, ctx);
-                if (!mont)
-                        goto err;
-                }
-
-        if (generate_new_key)
-                {
-                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-                if (!BN_rand(priv_key, l, 0, 0)) goto err;
-                }
-
-        {
-                BIGNUM local_prk;
-                BIGNUM *prk;
-
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        BN_init(&local_prk);
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        prk = priv_key;
-
-                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
-        }
-                
-        dh->pub_key=pub_key;
-        dh->priv_key=priv_key;
-        ok=1;
-err:
-        if (ok != 1)
-                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
-
-        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
-        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-        BN_CTX_free(ctx);
-        return(ok);
-        }
-
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-        {
-        BN_CTX *ctx;
-        BN_MONT_CTX *mont=NULL;
-        BIGNUM *tmp;
-        int ret= -1;
-        int check_result;
-
-        if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
-                return -1;
-                }
-
-        ctx = BN_CTX_new();
-        if (ctx == NULL) goto err;
-        BN_CTX_start(ctx);
-        tmp = BN_CTX_get(ctx);
-        
-        if (dh->priv_key == NULL)
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
-                goto err;
-                }
-
-        if (dh->flags & DH_FLAG_CACHE_MONT_P)
-                {
-                mont = BN_MONT_CTX_set_locked(
-                                (BN_MONT_CTX **)&dh->method_mont_p,
-                                CRYPTO_LOCK_DH, dh->p, ctx);
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        /* XXX */
-                        BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                if (!mont)
-                        goto err;
-                }
-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
-                goto err;
-                }
-        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
-                goto err;
-                }
-
-        ret=BN_bn2bin(tmp,key);
-err:
-        if (ctx != NULL)
-                {
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-                }
-        return(ret);
-        }
-
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-                        const BIGNUM *a, const BIGNUM *p,
-                        const BIGNUM *m, BN_CTX *ctx,
-                        BN_MONT_CTX *m_ctx)
-        {
-        /* If a is only one word long and constant time is false, use the faster
-         * exponenentiation function.
-         */
-        if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
-                {
-                BN_ULONG A = a->d[0];
-                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
-                }
-        else
-                return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
-        }
-
-
-static int dh_init(DH *dh)
-        {
-        dh->flags |= DH_FLAG_CACHE_MONT_P;
-        return(1);
-        }
-
-static int dh_finish(DH *dh)
-        {
-        if(dh->method_mont_p)
-                BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
-        return(1);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
deleted file mode 100644
index 09965ee2ea..0000000000
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/* crypto/dh/dh_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-
-static const DH_METHOD *default_DH_method = NULL;
-
-void DH_set_default_method(const DH_METHOD *meth)
-        {
-        default_DH_method = meth;
-        }
-
-const DH_METHOD *DH_get_default_method(void)
-        {
-        if(!default_DH_method)
-                default_DH_method = DH_OpenSSL();
-        return default_DH_method;
-        }
-
-int DH_set_method(DH *dh, const DH_METHOD *meth)
-        {
-        /* NB: The caller is specifically setting a method, so it's not up to us
-         * to deal with which ENGINE it comes from. */
-        const DH_METHOD *mtmp;
-        mtmp = dh->meth;
-        if (mtmp->finish) mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
-        if (dh->engine)
-                {
-                ENGINE_finish(dh->engine);
-                dh->engine = NULL;
-                }
-#endif
-        dh->meth = meth;
-        if (meth->init) meth->init(dh);
-        return 1;
-        }
-
-DH *DH_new(void)
-        {
-        return DH_new_method(NULL);
-        }
-
-DH *DH_new_method(ENGINE *engine)
-        {
-        DH *ret;
-
-        ret=(DH *)OPENSSL_malloc(sizeof(DH));
-        if (ret == NULL)
-                {
-                DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-
-        ret->meth = DH_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-        if (engine)
-                {
-                if (!ENGINE_init(engine))
-                        {
-                        DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                ret->engine = engine;
-                }
-        else
-                ret->engine = ENGINE_get_default_DH();
-        if(ret->engine)
-                {
-                ret->meth = ENGINE_get_DH(ret->engine);
-                if(!ret->meth)
-                        {
-                        DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
-                        ENGINE_finish(ret->engine);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                }
-#endif
-
-        ret->pad=0;
-        ret->version=0;
-        ret->p=NULL;
-        ret->g=NULL;
-        ret->length=0;
-        ret->pub_key=NULL;
-        ret->priv_key=NULL;
-        ret->q=NULL;
-        ret->j=NULL;
-        ret->seed = NULL;
-        ret->seedlen = 0;
-        ret->counter = NULL;
-        ret->method_mont_p=NULL;
-        ret->references = 1;
-        ret->flags=ret->meth->flags;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-                {
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-void DH_free(DH *r)
-        {
-        int i;
-        if(r == NULL) return;
-        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-        REF_PRINT("DH",r);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"DH_free, bad reference count\n");
-                abort();
-        }
-#endif
-
-        if (r->meth->finish)
-                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        if (r->engine)
-                ENGINE_finish(r->engine);
-#endif
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
-
-        if (r->p != NULL) BN_clear_free(r->p);
-        if (r->g != NULL) BN_clear_free(r->g);
-        if (r->q != NULL) BN_clear_free(r->q);
-        if (r->j != NULL) BN_clear_free(r->j);
-        if (r->seed) OPENSSL_free(r->seed);
-        if (r->counter != NULL) BN_clear_free(r->counter);
-        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-        OPENSSL_free(r);
-        }
-
-int DH_up_ref(DH *r)
-        {
-        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-        REF_PRINT("DH",r);
-#endif
-#ifdef REF_CHECK
-        if (i < 2)
-                {
-                fprintf(stderr, "DH_up, bad reference count\n");
-                abort();
-                }
-#endif
-        return ((i > 1) ? 1 : 0);
-        }
-
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int DH_set_ex_data(DH *d, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-        }
-
-void *DH_get_ex_data(DH *d, int idx)
-        {
-        return(CRYPTO_get_ex_data(&d->ex_data,idx));
-        }
-
-int DH_size(const DH *dh)
-        {
-        return(BN_num_bytes(dh->p));
-        }
diff --git a/src/lib/libcrypto/doc/DH_generate_key.pod b/src/lib/libcrypto/doc/DH_generate_key.pod
deleted file mode 100644
index 81f09fdf45..0000000000
--- a/src/lib/libcrypto/doc/DH_generate_key.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_generate_key(DH *dh);
-
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
-=head1 DESCRIPTION
-
-DH_generate_key() performs the first step of a Diffie-Hellman key
-exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
-
-DH_generate_key() expects B<dh> to contain the shared parameters
-B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
-unless B<dh-E<gt>priv_key> is already set, and computes the
-corresponding public value B<dh-E<gt>pub_key>, which can then be
-published.
-
-DH_compute_key() computes the shared secret from the private DH value
-in B<dh> and the other party's public value in B<pub_key> and stores
-it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
-
-=head1 RETURN VALUES
-
-DH_generate_key() returns 1 on success, 0 otherwise.
-
-DH_compute_key() returns the size of the shared secret on success, -1
-on error.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
-
-=head1 HISTORY
-
-DH_generate_key() and DH_compute_key() are available in all versions
-of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
deleted file mode 100644
index 9081e9ea7c..0000000000
--- a/src/lib/libcrypto/doc/DH_generate_parameters.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH *DH_generate_parameters(int prime_len, int generator,
-     void (*callback)(int, int, void *), void *cb_arg);
-
- int DH_check(DH *dh, int *codes);
-
-=head1 DESCRIPTION
-
-DH_generate_parameters() generates Diffie-Hellman parameters that can
-be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
-
-B<prime_len> is the length in bits of the safe prime to be generated.
-B<generator> is a small number E<gt> 1, typically 2 or 5. 
-
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
-number is generated, and when a prime has been found, B<callback(3,
-0, cb_arg)> is called.
-
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
-
-=head1 RETURN VALUES
-
-DH_generate_parameters() returns a pointer to the DH structure, or
-NULL if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-DH_check() returns 1 if the check could be performed, 0 otherwise.
-
-=head1 NOTES
-
-DH_generate_parameters() may run for several hours before finding a
-suitable prime.
-
-The parameters generated by DH_generate_parameters() are not to be
-used in signature schemes.
-
-=head1 BUGS
-
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DH_free(3)|DH_free(3)>
-
-=head1 HISTORY
-
-DH_check() is available in all versions of SSLeay and OpenSSL.
-The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
-
-In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
-instead of DH_CHECK_P_NOT_SAFE_PRIME.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
deleted file mode 100644
index fa5eab2650..0000000000
--- a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
-
- int DH_set_ex_data(DH *d, int idx, void *arg);
-
- char *DH_get_ex_data(DH *d, int idx);
-
-=head1 DESCRIPTION
-
-These functions handle application specific data in DH
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
-
-=head1 HISTORY
-
-DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
-available since OpenSSL 0.9.5.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DH_new.pod b/src/lib/libcrypto/doc/DH_new.pod
deleted file mode 100644
index 60c930093e..0000000000
--- a/src/lib/libcrypto/doc/DH_new.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_new, DH_free - allocate and free DH objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH* DH_new(void);
-
- void DH_free(DH *dh);
-
-=head1 DESCRIPTION
-
-DH_new() allocates and initializes a B<DH> structure.
-
-DH_free() frees the B<DH> structure and its components. The values are
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DH_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-
-DH_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_generate_key(3)|DH_generate_key(3)>
-
-=head1 HISTORY
-
-DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
deleted file mode 100644
index 73261fc467..0000000000
--- a/src/lib/libcrypto/doc/DH_set_method.pod
+++ /dev/null
@@ -1,129 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_set_default_method, DH_get_default_method,
-DH_set_method, DH_new_method, DH_OpenSSL - select DH method
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
- #include <openssl/engine.h>
-
- void DH_set_default_method(const DH_METHOD *meth);
-
- const DH_METHOD *DH_get_default_method(void);
-
- int DH_set_method(DH *dh, const DH_METHOD *meth);
-
- DH *DH_new_method(ENGINE *engine);
-
- const DH_METHOD *DH_OpenSSL(void);
-
-=head1 DESCRIPTION
-
-A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these DH API functions are affected by the use
-of B<ENGINE> API calls.
-
-Initially, the default DH_METHOD is the OpenSSL internal implementation, as
-returned by DH_OpenSSL().
-
-DH_set_default_method() makes B<meth> the default method for all DH
-structures created later. B<NB>: This is true only whilst no ENGINE has been set
-as a default for DH, so this function is no longer recommended.
-
-DH_get_default_method() returns a pointer to the current default DH_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
-This will replace the DH_METHOD used by the DH key and if the previous method
-was supplied by an ENGINE, the handle to that ENGINE will be released during the
-change. It is possible to have DH keys that only work with certain DH_METHOD
-implementations (eg. from an ENGINE module that supports embedded
-hardware-protected keys), and in such cases attempting to change the DH_METHOD
-for the key can have unexpected results.
-
-DH_new_method() allocates and initializes a DH structure so that B<engine> will
-be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
-operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
-DH_set_default_method() is used.
-
-=head1 THE DH_METHOD STRUCTURE
-
- typedef struct dh_meth_st
- {
-     /* name of the implementation */
-        const char *name;
-
-     /* generate private and public DH values for key agreement */
-        int (*generate_key)(DH *dh);
-
-     /* compute shared secret */
-        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-
-     /* called at DH_new */
-        int (*init)(DH *dh);
-
-     /* called at DH_free */
-        int (*finish)(DH *dh);
-
-        int flags;
-
-        char *app_data; /* ?? */
-
- } DH_METHOD;
-
-=head1 RETURN VALUES
-
-DH_OpenSSL() and DH_get_default_method() return pointers to the respective
-B<DH_METHOD>s.
-
-DH_set_default_method() returns no value.
-
-DH_set_method() returns non-zero if the provided B<meth> was successfully set as
-the method for B<dh> (including unloading the ENGINE handle if the previous
-method was supplied by an ENGINE).
-
-DH_new_method() returns NULL and sets an error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, DH_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for DH functionality using an ENGINE API function,
-that will override any DH defaults set using the DH API (ie.
-DH_set_default_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in DH and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
-
-=head1 HISTORY
-
-DH_set_default_method(), DH_get_default_method(), DH_set_method(),
-DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
-
-DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
-DH_set_default_method() and DH_get_default_method() respectively, and
-DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
-B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the ENGINE API was restructured so that this
-change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the ENGINE API now
-transparently overrides the behaviour of defaults in the DH API without
-requiring changing these function prototypes.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DH_size.pod b/src/lib/libcrypto/doc/DH_size.pod
deleted file mode 100644
index 97f26fda78..0000000000
--- a/src/lib/libcrypto/doc/DH_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_size - get Diffie-Hellman prime size
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_size(DH *dh);
-
-=head1 DESCRIPTION
-
-This function returns the Diffie-Hellman size in bytes. It can be used
-to determine how much memory must be allocated for the shared secret
-computed by DH_compute_key().
-
-B<dh-E<gt>p> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
-
-=head1 HISTORY
-
-DH_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_SIG_new.pod b/src/lib/libcrypto/doc/DSA_SIG_new.pod
deleted file mode 100644
index 3ac6140038..0000000000
--- a/src/lib/libcrypto/doc/DSA_SIG_new.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA_SIG *DSA_SIG_new(void);
-
- void   DSA_SIG_free(DSA_SIG *a);
-
-=head1 DESCRIPTION
-
-DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
-
-DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
-values are erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
-error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-
-DSA_SIG_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DSA_do_sign(3)|DSA_do_sign(3)>
-
-=head1 HISTORY
-
-DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_do_sign.pod b/src/lib/libcrypto/doc/DSA_do_sign.pod
deleted file mode 100644
index 5dfc733b20..0000000000
--- a/src/lib/libcrypto/doc/DSA_do_sign.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_do_sign, DSA_do_verify - raw DSA signature operations
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-             DSA_SIG *sig, DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_do_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and returns it in a
-newly allocated B<DSA_SIG> structure.
-
-L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
-of the signing operation in case signature generation is
-time-critical.
-
-DSA_do_verify() verifies that the signature B<sig> matches a given
-message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
-key.
-
-=head1 RETURN VALUES
-
-DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
-returns 1 for a valid signature, 0 for an incorrect signature and -1
-on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
-L<DSA_sign(3)|DSA_sign(3)>
-
-=head1 HISTORY
-
-DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod
deleted file mode 100644
index 7f6f0d1115..0000000000
--- a/src/lib/libcrypto/doc/DSA_dup_DH.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_dup_DH - create a DH structure out of DSA structure
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DH * DSA_dup_DH(const DSA *r);
-
-=head1 DESCRIPTION
-
-DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
-is lost during that conversion, but the resulting DH parameters
-contain its length.
-
-=head1 RETURN VALUE
-
-DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTE
-
-Be careful to avoid small subgroup attacks when using this.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-DSA_dup_DH() was added in OpenSSL 0.9.4.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
deleted file mode 100644
index af83ccfaa1..0000000000
--- a/src/lib/libcrypto/doc/DSA_generate_key.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_generate_key - generate DSA key pair
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_generate_key(DSA *a);
-
-=head1 DESCRIPTION
-
-DSA_generate_key() expects B<a> to contain DSA parameters. It generates
-a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
-
-The PRNG must be seeded prior to calling DSA_generate_key().
-
-=head1 RETURN VALUE
-
-DSA_generate_key() returns 1 on success, 0 otherwise.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
-
-=head1 HISTORY
-
-DSA_generate_key() is available since SSLeay 0.8.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_parameters.pod b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
deleted file mode 100644
index be7c924ff8..0000000000
--- a/src/lib/libcrypto/doc/DSA_generate_parameters.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_generate_parameters - generate DSA parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA *DSA_generate_parameters(int bits, unsigned char *seed,
-                int seed_len, int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *), void *cb_arg);
-
-=head1 DESCRIPTION
-
-DSA_generate_parameters() generates primes p and q and a generator g
-for use in the DSA.
-
-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
-
-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
-
-DSA_generate_parameters() places the iteration count in
-*B<counter_ret> and a counter used for finding a generator in
-*B<h_ret>, unless these are B<NULL>.
-
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as follows:
-
-=over 4
-
-=item *
-
-When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
-(m is 0 for the first candidate).
-
-=item *
-
-When a candidate for q has passed a test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While a candidate for q is tested by Miller-Rabin primality tests,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime);
-i is the loop counter (starting at 0).
-
-=item *
-
-When a prime q has been found, B<callback(2, 0, cb_arg)> and
-B<callback(3, 0, cb_arg)> are called.
-
-=item *
-
-Before a candidate for p (other than the first) is generated and tested,
-B<callback(0, counter, cb_arg)> is called.
-
-=item *
-
-When a candidate for p has passed the test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While it is tested by the Miller-Rabin primality test,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime).
-i is the loop counter (starting at 0).
-
-=item *
-
-When p has been found, B<callback(2, 1, cb_arg)> is called.
-
-=item *
-
-When the generator has been found, B<callback(3, 1, cb_arg)> is called.
-
-=back
-
-=head1 RETURN VALUE
-
-DSA_generate_parameters() returns a pointer to the DSA structure, or
-B<NULL> if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-Seed lengths E<gt> 20 are not supported.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_free(3)|DSA_free(3)>
-
-=head1 HISTORY
-
-DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
-argument was added in SSLeay 0.9.0.
-In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
-in the inner loop of the Miller-Rabin test whenever it reached the
-squaring step (the parameters to B<callback> did not reveal how many
-witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
-is called as in BN_is_prime(3), i.e. once for each witness.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
deleted file mode 100644
index 4612e708ec..0000000000
--- a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
-
-=head1 SYNOPSIS
-
- #include <openssl/DSA.h>
-
- int DSA_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
-
- int DSA_set_ex_data(DSA *d, int idx, void *arg);
-
- char *DSA_get_ex_data(DSA *d, int idx);
-
-=head1 DESCRIPTION
-
-These functions handle application specific data in DSA
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
-
-=head1 HISTORY
-
-DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
-available since OpenSSL 0.9.5.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod
deleted file mode 100644
index 48e9b82a09..0000000000
--- a/src/lib/libcrypto/doc/DSA_new.pod
+++ /dev/null
@@ -1,42 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_new, DSA_free - allocate and free DSA objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA* DSA_new(void);
-
- void DSA_free(DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
-calling DSA_new_method(NULL).
-
-DSA_free() frees the B<DSA> structure and its components. The values are
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DSA_new() returns B<NULL> and sets an error
-code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-
-DSA_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>
-
-=head1 HISTORY
-
-DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
deleted file mode 100644
index bc3cfb1f0a..0000000000
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ /dev/null
@@ -1,143 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_set_default_method, DSA_get_default_method,
-DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/engine.h>
-
- void DSA_set_default_method(const DSA_METHOD *meth);
-
- const DSA_METHOD *DSA_get_default_method(void);
-
- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
-
- DSA *DSA_new_method(ENGINE *engine);
-
- DSA_METHOD *DSA_OpenSSL(void);
-
-=head1 DESCRIPTION
-
-A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these DSA API functions are affected by the use
-of B<ENGINE> API calls.
-
-Initially, the default DSA_METHOD is the OpenSSL internal implementation,
-as returned by DSA_OpenSSL().
-
-DSA_set_default_method() makes B<meth> the default method for all DSA
-structures created later. B<NB>: This is true only whilst no ENGINE has
-been set as a default for DSA, so this function is no longer recommended.
-
-DSA_get_default_method() returns a pointer to the current default
-DSA_METHOD. However, the meaningfulness of this result is dependant on
-whether the ENGINE API is being used, so this function is no longer 
-recommended.
-
-DSA_set_method() selects B<meth> to perform all operations using the key
-B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
-previous method was supplied by an ENGINE, the handle to that ENGINE will
-be released during the change. It is possible to have DSA keys that only
-work with certain DSA_METHOD implementations (eg. from an ENGINE module
-that supports embedded hardware-protected keys), and in such cases
-attempting to change the DSA_METHOD for the key can have unexpected
-results.
-
-DSA_new_method() allocates and initializes a DSA structure so that B<engine>
-will be used for the DSA operations. If B<engine> is NULL, the default engine
-for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
-controlled by DSA_set_default_method() is used.
-
-=head1 THE DSA_METHOD STRUCTURE
-
-struct
- {
-     /* name of the implementation */
-        const char *name;
-
-     /* sign */
-        DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
-                                 DSA *dsa);
-
-     /* pre-compute k^-1 and r */
-        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                                 BIGNUM **rp);
-
-     /* verify */
-        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-                                 DSA_SIG *sig, DSA *dsa);
-
-     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
-                                          implementations) */
-        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                                 const BIGNUM *p, const BIGNUM *m,
-                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-     /* called at DSA_new */
-        int (*init)(DSA *DSA);
-
-     /* called at DSA_free */
-        int (*finish)(DSA *DSA);
-
-        int flags;
-
-        char *app_data; /* ?? */
-
- } DSA_METHOD;
-
-=head1 RETURN VALUES
-
-DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
-B<DSA_METHOD>s.
-
-DSA_set_default_method() returns no value.
-
-DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
-the method for B<dsa> (including unloading the ENGINE handle if the previous
-method was supplied by an ENGINE).
-
-DSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, DSA_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for DSA functionality using an ENGINE API function,
-that will override any DSA defaults set using the DSA API (ie.
-DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in DSA and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
-
-=head1 HISTORY
-
-DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
-DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
-
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
-DSA_set_default_method() and DSA_get_default_method() respectively, and
-DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
-B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the ENGINE API was restructured so that this
-change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the ENGINE API now
-transparently overrides the behaviour of defaults in the DSA API without
-requiring changing these function prototypes.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
deleted file mode 100644
index 97389e8ec8..0000000000
--- a/src/lib/libcrypto/doc/DSA_sign.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int    DSA_sign(int type, const unsigned char *dgst, int len,
-                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-
- int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-                BIGNUM **rp);
-
- int    DSA_verify(int type, const unsigned char *dgst, int len,
-                unsigned char *sigbuf, int siglen, DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
-encoding at B<sigret>. The length of the signature is places in
-*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
-
-DSA_sign_setup() may be used to precompute part of the signing
-operation in case signature generation is time-critical. It expects
-B<dsa> to contain DSA parameters. It places the precomputed values
-in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
-the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
-be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
-B<ctx> is a pre-allocated B<BN_CTX> or NULL.
-
-DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<dgst> of size B<len>.
-B<dsa> is the signer's public key.
-
-The B<type> parameter is ignored.
-
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-
-=head1 RETURN VALUES
-
-DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
-DSA_verify() returns 1 for a valid signature, 0 for an incorrect
-signature and -1 on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 CONFORMING TO
-
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_do_sign(3)|DSA_do_sign(3)>
-
-=head1 HISTORY
-
-DSA_sign() and DSA_verify() are available in all versions of SSLeay.
-DSA_sign_setup() was added in SSLeay 0.8.
-
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod
deleted file mode 100644
index ba4f650361..0000000000
--- a/src/lib/libcrypto/doc/DSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_size - get DSA signature size
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_size(const DSA *dsa);
-
-=head1 DESCRIPTION
-
-This function returns the size of an ASN.1 encoded DSA signature in
-bytes. It can be used to determine how much memory must be allocated
-for a DSA signature.
-
-B<dsa-E<gt>q> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
-
-=head1 HISTORY
-
-DSA_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_GET_LIB.pod b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
deleted file mode 100644
index 2a129da036..0000000000
--- a/src/lib/libcrypto/doc/ERR_GET_LIB.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
-reason code
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- int ERR_GET_LIB(unsigned long e);
-
- int ERR_GET_FUNC(unsigned long e);
-
- int ERR_GET_REASON(unsigned long e);
-
-=head1 DESCRIPTION
-
-The error code returned by ERR_get_error() consists of a library
-number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
-and ERR_GET_REASON() can be used to extract these.
-
-The library number and function code describe where the error
-occurred, the reason code is the information about what went wrong.
-
-Each sub-library of OpenSSL has a unique library number; function and
-reason codes are unique within each sub-library.  Note that different
-libraries may use the same value to signal different functions and
-reasons.
-
-B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
-unique. However, when checking for sub-library specific reason codes,
-be sure to also compare the library number.
-
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
-
-=head1 RETURN VALUES
-
-The library number, function code and reason code respectively.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
-all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_clear_error.pod b/src/lib/libcrypto/doc/ERR_clear_error.pod
deleted file mode 100644
index 566e1f4e31..0000000000
--- a/src/lib/libcrypto/doc/ERR_clear_error.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_clear_error - clear the error queue
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_clear_error(void);
-
-=head1 DESCRIPTION
-
-ERR_clear_error() empties the current thread's error queue.
-
-=head1 RETURN VALUES
-
-ERR_clear_error() has no return value.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod
deleted file mode 100644
index cdfa7fe1fe..0000000000
--- a/src/lib/libcrypto/doc/ERR_error_string.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
-ERR_func_error_string, ERR_reason_error_string - obtain human-readable
-error message
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- char *ERR_error_string(unsigned long e, char *buf);
- void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-
- const char *ERR_lib_error_string(unsigned long e);
- const char *ERR_func_error_string(unsigned long e);
- const char *ERR_reason_error_string(unsigned long e);
-
-=head1 DESCRIPTION
-
-ERR_error_string() generates a human-readable string representing the
-error code I<e>, and places it at I<buf>. I<buf> must be at least 120
-bytes long. If I<buf> is B<NULL>, the error string is placed in a
-static buffer.
-ERR_error_string_n() is a variant of ERR_error_string() that writes
-at most I<len> characters (including the terminating 0)
-and truncates the string if necessary.
-For ERR_error_string_n(), I<buf> may not be B<NULL>.
-
-The string will have the following format:
-
- error:[error code]:[library name]:[function name]:[reason string]
-
-I<error code> is an 8 digit hexadecimal number, I<library name>,
-I<function name> and I<reason string> are ASCII text.
-
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the library name, function
-name and reason string respectively.
-
-The OpenSSL error strings should be loaded by calling
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
-applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-first.
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-
-L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
-all error codes currently in the queue.
-
-=head1 RETURN VALUES
-
-ERR_error_string() returns a pointer to a static buffer containing the
-string if I<buf> B<== NULL>, I<buf> otherwise.
-
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the strings, and B<NULL> if
-none is registered for the error code.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-L<ERR_print_errors(3)|ERR_print_errors(3)>
-
-=head1 HISTORY
-
-ERR_error_string() is available in all versions of SSLeay and OpenSSL.
-ERR_error_string_n() was added in OpenSSL 0.9.6.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
deleted file mode 100644
index 34443045fc..0000000000
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_get_error, ERR_peek_error, ERR_peek_last_error,
-ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
-ERR_get_error_line_data, ERR_peek_error_line_data,
-ERR_peek_last_error_line_data - obtain error code and data
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- unsigned long ERR_get_error(void);
- unsigned long ERR_peek_error(void);
- unsigned long ERR_peek_last_error(void);
-
- unsigned long ERR_get_error_line(const char **file, int *line);
- unsigned long ERR_peek_error_line(const char **file, int *line);
- unsigned long ERR_peek_last_error_line(const char **file, int *line);
-
- unsigned long ERR_get_error_line_data(const char **file, int *line,
-         const char **data, int *flags);
- unsigned long ERR_peek_error_line_data(const char **file, int *line,
-         const char **data, int *flags);
- unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
-         const char **data, int *flags);
-
-=head1 DESCRIPTION
-
-ERR_get_error() returns the earliest error code from the thread's error
-queue and removes the entry. This function can be called repeatedly
-until there are no more error codes to return.
-
-ERR_peek_error() returns the earliest error code from the thread's
-error queue without modifying it.
-
-ERR_peek_last_error() returns the latest error code from the thread's
-error queue without modifying it.
-
-See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
-location and reason of the error, and
-L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
-messages.
-
-ERR_get_error_line(), ERR_peek_error_line() and
-ERR_peek_last_error_line() are the same as the above, but they
-additionally store the file name and line number where
-the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
-
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_get_last_error_line_data() store additional data and flags
-associated with the error code in *B<data>
-and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
-
-=head1 RETURN VALUES
-
-The error code, or 0 if there is no error in the queue.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
-
-=head1 HISTORY
-
-ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
-ERR_peek_error_line() are available in all versions of SSLeay and
-OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
-were added in SSLeay 0.9.0.
-ERR_peek_last_error(), ERR_peek_last_error_line() and
-ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
deleted file mode 100644
index 9bdec75a46..0000000000
--- a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
-load and free error strings
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
-
- #include <openssl/ssl.h>
-
- void SSL_load_error_strings(void);
-
-=head1 DESCRIPTION
-
-ERR_load_crypto_strings() registers the error strings for all
-B<libcrypto> functions. SSL_load_error_strings() does the same,
-but also registers the B<libssl> error strings.
-
-One of these functions should be called before generating
-textual error messages. However, this is not required when memory
-usage is an issue.
-
-ERR_free_strings() frees all previously loaded error strings.
-
-=head1 RETURN VALUES
-
-ERR_load_crypto_strings(), SSL_load_error_strings() and
-ERR_free_strings() return no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
-
-=head1 HISTORY
-
-ERR_load_error_strings(), SSL_load_error_strings() and
-ERR_free_strings() are available in all versions of SSLeay and
-OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_strings.pod b/src/lib/libcrypto/doc/ERR_load_strings.pod
deleted file mode 100644
index 5acdd0edbc..0000000000
--- a/src/lib/libcrypto/doc/ERR_load_strings.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
-arbitrary error strings
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
-
- int ERR_get_next_error_library(void);
-
- unsigned long ERR_PACK(int lib, int func, int reason);
-
-=head1 DESCRIPTION
-
-ERR_load_strings() registers error strings for library number B<lib>.
-
-B<str> is an array of error string data:
-
- typedef struct ERR_string_data_st
- {
-        unsigned long error;
-        char *string;
- } ERR_STRING_DATA;
-
-The error code is generated from the library number and a function and
-reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
-ERR_PACK() is a macro.
-
-The last entry in the array is {0,0}.
-
-ERR_get_next_error_library() can be used to assign library numbers
-to user libraries at runtime.
-
-=head1 RETURN VALUE
-
-ERR_load_strings() returns no value. ERR_PACK() return the error code.
-ERR_get_next_error_library() returns a new library number.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-
-=head1 HISTORY
-
-ERR_load_error_strings() and ERR_PACK() are available in all versions
-of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
-SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_print_errors.pod b/src/lib/libcrypto/doc/ERR_print_errors.pod
deleted file mode 100644
index b100a5fa2b..0000000000
--- a/src/lib/libcrypto/doc/ERR_print_errors.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_print_errors, ERR_print_errors_fp - print error messages
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_print_errors(BIO *bp);
- void ERR_print_errors_fp(FILE *fp);
-
-=head1 DESCRIPTION
-
-ERR_print_errors() is a convenience function that prints the error
-strings for all errors that OpenSSL has recorded to B<bp>, thus
-emptying the error queue.
-
-ERR_print_errors_fp() is the same, except that the output goes to a
-B<FILE>.
-
-
-The error strings will have the following format:
-
- [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
-
-I<error code> is an 8 digit hexadecimal number. I<library name>,
-I<function name> and I<reason string> are ASCII text, as is I<optional
-text message> if one was set for the respective error code.
-
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-
-=head1 RETURN VALUES
-
-ERR_print_errors() and ERR_print_errors_fp() return no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-
-=head1 HISTORY
-
-ERR_print_errors() and ERR_print_errors_fp()
-are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_put_error.pod b/src/lib/libcrypto/doc/ERR_put_error.pod
deleted file mode 100644
index acd241fbe4..0000000000
--- a/src/lib/libcrypto/doc/ERR_put_error.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_put_error, ERR_add_error_data - record an error
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_put_error(int lib, int func, int reason, const char *file,
-         int line);
-
- void ERR_add_error_data(int num, ...);
-
-=head1 DESCRIPTION
-
-ERR_put_error() adds an error code to the thread's error queue. It
-signals that the error of reason code B<reason> occurred in function
-B<func> of library B<lib>, in line number B<line> of B<file>.
-This function is usually called by a macro.
-
-ERR_add_error_data() associates the concatenation of its B<num> string
-arguments with the error code added last.
-
-L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
-error strings so that the application can a generate human-readable
-error messages for the error code.
-
-=head1 RETURN VALUES
-
-ERR_put_error() and ERR_add_error_data() return
-no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-
-=head1 HISTORY
-
-ERR_put_error() is available in all versions of SSLeay and OpenSSL.
-ERR_add_error_data() was added in SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod
deleted file mode 100644
index 72925fb9f4..0000000000
--- a/src/lib/libcrypto/doc/ERR_remove_state.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_remove_state - free a thread's error queue
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_remove_state(unsigned long pid);
-
-=head1 DESCRIPTION
-
-ERR_remove_state() frees the error queue associated with thread B<pid>.
-If B<pid> == 0, the current thread will have its error queue removed.
-
-Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in order to
-avoid memory leaks.
-
-=head1 RETURN VALUE
-
-ERR_remove_state() returns no value.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>
-
-=head1 HISTORY
-
-ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
deleted file mode 100644
index 016381f3e9..0000000000
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_BytesToKey - password based encryption routine
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
-                       const unsigned char *salt,
-                       const unsigned char *data, int datal, int count,
-                       unsigned char *key,unsigned char *iv);
-
-=head1 DESCRIPTION
-
-EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
-the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
-an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
-B<datal> bytes which is used to derive the keying data. B<count> is the
-iteration count to use. The derived key and IV will be written to B<key>
-and B<iv> respectively.
-
-=head1 NOTES
-
-A typical application of this function is to derive keying material for an
-encryption algorithm from a password in the B<data> parameter.
-
-Increasing the B<count> parameter slows down the algorithm which makes it
-harder for an attacker to peform a brute force attack using a large number
-of candidate passwords.
-
-If the total key and IV length is less than the digest length and
-B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
-otherwise a non standard extension is used to derive the extra data.
-
-Newer applications should use more standard algorithms such as PKCS#5
-v2.0 for key derivation.
-
-=head1 KEY DERIVATION ALGORITHM
-
-The key and IV is derived by concatenating D_1, D_2, etc until
-enough data is available for the key and IV. D_i is defined as:
-
-        D_i = HASH^count(D_(i-1) || data || salt)
-
-where || denotes concatentaion, D_0 is empty, HASH is the digest
-algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
-is HASH(HASH(data)) and so on.
-
-The initial bytes are used for the key and the subsequent bytes for
-the IV.
-
-=head1 RETURN VALUES
-
-EVP_BytesToKey() returns the size of the derived key in bytes.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-
-=head1 HISTORY
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
deleted file mode 100644
index faa992286b..0000000000
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ /dev/null
@@ -1,256 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
-EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
-EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
-EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
-EVP digest routines
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
- EVP_MD_CTX *EVP_MD_CTX_create(void);
-
- int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
-        unsigned int *s);
-
- int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
- void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-
- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-
- int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
-        unsigned int *s);
-
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
-
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
-
-
- #define EVP_MD_type(e)                 ((e)->type)
- #define EVP_MD_pkey_type(e)            ((e)->pkey_type)
- #define EVP_MD_size(e)                 ((e)->md_size)
- #define EVP_MD_block_size(e)           ((e)->block_size)
-
- #define EVP_MD_CTX_md(e)               (e)->digest)
- #define EVP_MD_CTX_size(e)             EVP_MD_size((e)->digest)
- #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)->digest)
- #define EVP_MD_CTX_type(e)             EVP_MD_type((e)->digest)
-
- const EVP_MD *EVP_md_null(void);
- const EVP_MD *EVP_md2(void);
- const EVP_MD *EVP_md5(void);
- const EVP_MD *EVP_sha(void);
- const EVP_MD *EVP_sha1(void);
- const EVP_MD *EVP_dss(void);
- const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
- const EVP_MD *EVP_ripemd160(void);
-
- const EVP_MD *EVP_get_digestbyname(const char *name);
- #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
- #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-
-=head1 DESCRIPTION
-
-The EVP digest routines are a high level interface to message digests.
-
-EVP_MD_CTX_init() initializes digest contet B<ctx>.
-
-EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
-
-EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
-If B<impl> is NULL then the default implementation of digest B<type> is used.
-
-EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-digest context B<ctx>. This function can be called several times on the
-same B<ctx> to hash additional data.
-
-EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
-it in B<md>. If the B<s> parameter is not NULL then the number of
-bytes of data written (i.e. the length of the digest) will be written
-to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
-After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
-can be made, but EVP_DigestInit_ex() can be called to initialize a new
-digest operation.
-
-EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
-after a digest context is no longer needed.
-
-EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
-space allocated to it, it should be called only on a context created
-using EVP_MD_CTX_create().
-
-EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
-B<in> to B<out>. This is useful if large amounts of data are to be
-hashed which only differ in the last few bytes. B<out> must be initialized
-before calling this function.
-
-EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
-the passed context B<ctx> does not have to be initialized, and it always
-uses the default digest implementation.
-
-EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
-contet B<ctx> is automatically cleaned up.
-
-EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
-B<out> does not have to be initialized.
-
-EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
-when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
-hash.
-
-EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
-message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
-
-EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
-representing the given message digest when passed an B<EVP_MD> structure.
-For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
-normally used when setting ASN1 OIDs.
-
-EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
-B<EVP_MD_CTX>.
-
-EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
-with this digest. For example EVP_sha1() is associated with RSA so this will
-return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
-
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
-
-EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm.
-
-EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
-returns is of zero length.
-
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return an B<EVP_MD> structure when passed a digest name, a digest NID or
-an ASN1_OBJECT structure respectively. The digest table must be initialized
-using, for example, OpenSSL_add_all_digests() for these functions to work.
-
-=head1 RETURN VALUES
-
-EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
-success and 0 for failure.
-
-EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
-
-EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
-corresponding OBJECT IDENTIFIER or NID_undef if none exists.
-
-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
-size in bytes.
-
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
-corresponding EVP_MD structures.
-
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return either an B<EVP_MD> structure or NULL if an error occurs.
-
-=head1 NOTES
-
-The B<EVP> interface to message digests should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the digest used and much more flexible.
-
-SHA1 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
-
-For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
-set to NULL to use the default digest implementation.
-
-The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
-obsolete but are retained to maintain compatibility with existing code. New
-applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
-EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
-instead of initializing and cleaning it up on each call and allow non default
-implementations of digests to be specified.
-
-In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
-memory leaks will occur. 
-
-=head1 EXAMPLE
-
-This example digests the data "Test Message\n" and "Hello World\n", using the
-digest name passed on the command line.
-
- #include <stdio.h>
- #include <openssl/evp.h>
-
- main(int argc, char *argv[])
- {
- EVP_MD_CTX mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
-
- OpenSSL_add_all_digests();
-
- if(!argv[1]) {
-        printf("Usage: mdtest digestname\n");
-        exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
-
- if(!md) {
-        printf("Unknown message digest %s\n", argv[1]);
-        exit(1);
- }
-
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit_ex(&mdctx, md, NULL);
- EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
- EVP_MD_CTX_cleanup(&mdctx);
-
- printf("Digest is: ");
- for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
- printf("\n");
- }
-
-=head1 BUGS
-
-The link between digests and signing algorithms results in a situation where
-EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
-even though they are identical digests.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<SHA1(3)|SHA1(3)>
-
-=head1 HISTORY
-
-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
-EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
-and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
-
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
-changed to return truely const EVP_MD * in OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
deleted file mode 100644
index 8271d3dfc4..0000000000
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ /dev/null
@@ -1,511 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
-EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
-EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
-EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
-EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
-EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
-EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
-EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
-EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
-EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
-EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
-EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
-EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
-EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
-EVP_CIPHER_CTX_set_padding - EVP cipher routines
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-
- int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-
- int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
-
- int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
-
- int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv);
- int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-
- int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv);
- int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
-
- int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
-
- int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
- int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
- int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-
- const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
- #define EVP_CIPHER_nid(e)              ((e)->nid)
- #define EVP_CIPHER_block_size(e)       ((e)->block_size)
- #define EVP_CIPHER_key_length(e)       ((e)->key_len)
- #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
- #define EVP_CIPHER_flags(e)            ((e)->flags)
- #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
- int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
- #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
- #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
- #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
- #define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
- #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
- #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
- #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
- #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
- #define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
- #define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
-
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-=head1 DESCRIPTION
-
-The EVP cipher routines are a high level interface to certain
-symmetric ciphers.
-
-EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
-
-EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
-with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
-before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
-default implementation is used. B<key> is the symmetric key to use
-and B<iv> is the IV to use (if necessary), the actual number of bytes
-used for the key and IV depends on the cipher. It is possible to set
-all parameters to NULL except B<type> in an initial call and supply
-the remaining parameters in subsequent calls, all of which have B<type>
-set to NULL. This is done when the default cipher parameters are not
-appropriate.
-
-EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
-writes the encrypted version to B<out>. This function can be called
-multiple times to encrypt successive blocks of data. The amount
-of data written depends on the block alignment of the encrypted data:
-as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
-room. The actual number of bytes written is placed in B<outl>.
-
-If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
-the "final" data, that is any data that remains in a partial block.
-It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
-final data is written to B<out> which should have sufficient space for
-one cipher block. The number of bytes written is placed in B<outl>. After
-this function is called the encryption operation is finished and no further
-calls to EVP_EncryptUpdate() should be made.
-
-If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
-data and it will return an error if any data remains in a partial block:
-that is if the total data length is not a multiple of the block size. 
-
-EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
-corresponding decryption operations. EVP_DecryptFinal() will return an
-error code if padding is enabled and the final block is not correctly
-formatted. The parameters and restrictions are identical to the encryption
-operations except that if padding is enabled the decrypted data buffer B<out>
-passed to EVP_DecryptUpdate() should have sufficient room for
-(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
-which case B<inl> bytes is sufficient.
-
-EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
-functions that can be used for decryption or encryption. The operation
-performed depends on the value of the B<enc> parameter. It should be set
-to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
-(the actual value of 'enc' being supplied in a previous call).
-
-EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
-and free up any allocated memory associate with it. It should be called
-after all operations using a cipher are complete so sensitive information
-does not remain in memory.
-
-EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
-similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
-initialized and they always use the default cipher implementation.
-
-EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
-similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
-EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
-after the call.
-
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an EVP_CIPHER structure when passed a cipher name, a NID or an
-ASN1_OBJECT structure.
-
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
-passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
-value is an internal value which may not have a corresponding OBJECT
-IDENTIFIER.
-
-EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
-encryption operations are padded using standard block padding and the
-padding is checked and removed when decrypting. If the B<pad> parameter
-is zero then no padding is performed, the total amount of data encrypted
-or decrypted must then be a multiple of the block size or an error will
-occur.
-
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
-for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
-given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
-for variable key length ciphers.
-
-EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
-If the cipher is a fixed length cipher then attempting to set the key
-length to any value other than the fixed value is an error.
-
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
-It will return zero if the cipher does not use an IV.  The constant
-B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
-
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
-length for all ciphers.
-
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-cipher or context. This "type" is the actual NID of the cipher OBJECT
-IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
-128 bit RC2 have the same NID. If the cipher does not have an object
-identifier or does not have ASN1 support this function will return
-B<NID_undef>.
-
-EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
-an B<EVP_CIPHER_CTX> structure.
-
-EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
-EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
-EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
-EVP_CIPH_STREAM_CIPHER is returned.
-
-EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
-on the passed cipher. This will typically include any parameters and an
-IV. The cipher IV (if any) must be set when this call is made. This call
-should be made before the cipher is actually "used" (before any
-EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
-may fail if the cipher does not have any ASN1 support.
-
-EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
-AlgorithmIdentifier "parameter". The precise effect depends on the cipher
-In the case of RC2, for example, it will set the IV and effective key length.
-This function should be called after the base cipher type is set but before
-the key is set. For example EVP_CipherInit() will be called with the IV and
-key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
-EVP_CipherInit() again with all parameters except the key set to NULL. It is
-possible for this function to fail if the cipher does not have any ASN1 support
-or the parameters cannot be set (for example the RC2 effective key length
-is not supported.
-
-EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
-and set. Currently only the RC2 effective key length and the number of rounds of
-RC5 can be set.
-
-=head1 RETURN VALUES
-
-EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
-return 1 for success and 0 for failure.
-
-EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
-EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
-
-EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
-
-EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
-
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an B<EVP_CIPHER> structure or NULL on error.
-
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
-
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size.
-
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length.
-
-EVP_CIPHER_CTX_set_padding() always returns 1.
-
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length or zero if the cipher does not use an IV.
-
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
-OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
-
-EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
-
-EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
-success or zero for failure.
-
-=head1 CIPHER LISTING
-
-All algorithms have a fixed key length unless otherwise stated.
-
-=over 4
-
-=item EVP_enc_null()
-
-Null cipher: does nothing.
-
-=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
-
-DES in CBC, ECB, CFB and OFB modes respectively. 
-
-=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
-
-Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),  EVP_des_ede3_cfb(void)
-
-Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_desx_cbc(void)
-
-DESX algorithm in CBC mode.
-
-=item EVP_rc4(void)
-
-RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
-
-=item EVP_rc4_40(void)
-
-RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
-and the EVP_CIPHER_CTX_set_key_length() function.
-
-=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
-
-IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
-
-RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher with an additional parameter called "effective key bits" or "effective key length".
-By default both are set to 128 bits.
-
-=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
-
-RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
-These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
-EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
-
-=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
-
-Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher.
-
-=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
-
-CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher.
-
-=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
-
-RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
-cipher with an additional "number of rounds" parameter. By default the key length is set to 128
-bits and 12 rounds.
-
-=back
-
-=head1 NOTES
-
-Where possible the B<EVP> interface to symmetric ciphers should be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the cipher used and much more flexible.
-
-PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
-length of the encrypted data a multiple of the block size. Padding is always
-added so if the data is already a multiple of the block size B<n> will equal
-the block size. For example if the block size is 8 and 11 bytes are to be
-encrypted then 5 padding bytes of value 5 will be added.
-
-When decrypting the final block is checked to see if it has the correct form.
-
-Although the decryption operation can produce an error if padding is enabled,
-it is not a strong test that the input data or key is correct. A random block
-has better than 1 in 256 chance of being of the correct format and problems with
-the input data earlier on will not produce a final decrypt error.
-
-If padding is disabled then the decryption operation will always succeed if
-the total amount of data decrypted is a multiple of the block size.
-
-The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
-EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
-compatibility with existing code. New code should use EVP_EncryptInit_ex(),
-EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
-EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
-existing context without allocating and freeing it up on each call.
-
-=head1 BUGS
-
-For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
-a limitation of the current RC5 code rather than the EVP interface.
-
-EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
-default key lengths. If custom ciphers exceed these values the results are
-unpredictable. This is because it has become standard practice to define a 
-generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
-
-The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
-for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
-
-=head1 EXAMPLES
-
-Get the number of rounds used in RC5:
-
- int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
-
-Get the RC2 effective key length:
-
- int key_bits;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
-
-Set the number of rounds used in RC5:
-
- int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
-
-Set the effective key length used in RC2:
-
- int key_bits;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-
-Encrypt a string using blowfish:
-
- int do_crypt(char *outfile)
-        {
-        unsigned char outbuf[1024];
-        int outlen, tmplen;
-        /* Bogus key and IV: we'd normally set these from
-         * another source.
-         */
-        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-        unsigned char iv[] = {1,2,3,4,5,6,7,8};
-        char intext[] = "Some Crypto Text";
-        EVP_CIPHER_CTX ctx;
-        FILE *out;
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
-
-        if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
-                {
-                /* Error */
-                return 0;
-                }
-        /* Buffer passed to EVP_EncryptFinal() must be after data just
-         * encrypted to avoid overwriting it.
-         */
-        if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
-                {
-                /* Error */
-                return 0;
-                }
-        outlen += tmplen;
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        /* Need binary mode for fopen because encrypted data is
-         * binary data. Also cannot use strlen() on it because
-         * it wont be null terminated and may contain embedded
-         * nulls.
-         */
-        out = fopen(outfile, "wb");
-        fwrite(outbuf, 1, outlen, out);
-        fclose(out);
-        return 1;
-        }
-
-The ciphertext from the above example can be decrypted using the B<openssl>
-utility with the command line:
- 
- S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
-
-General encryption, decryption function example using FILE I/O and RC2 with an
-80 bit key:
-
- int do_crypt(FILE *in, FILE *out, int do_encrypt)
-        {
-        /* Allow enough space in output buffer for additional block */
-        inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-        int inlen, outlen;
-        /* Bogus key and IV: we'd normally set these from
-         * another source.
-         */
-        unsigned char key[] = "0123456789";
-        unsigned char iv[] = "12345678";
-        /* Don't set key or IV because we will modify the parameters */
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
-        EVP_CIPHER_CTX_set_key_length(&ctx, 10);
-        /* We finished modifying parameters so now we can set key and IV */
-        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
-
-        for(;;) 
-                {
-                inlen = fread(inbuf, 1, 1024, in);
-                if(inlen <= 0) break;
-                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
-                        {
-                        /* Error */
-                        EVP_CIPHER_CTX_cleanup(&ctx);
-                        return 0;
-                        }
-                fwrite(outbuf, 1, outlen, out);
-                }
-        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
-                {
-                /* Error */
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                return 0;
-                }
-        fwrite(outbuf, 1, outlen, out);
-
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return 1;
-        }
-
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>
-
-=head1 HISTORY
-
-EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
-EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
-EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
-OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
deleted file mode 100644
index 2e710da945..0000000000
--- a/src/lib/libcrypto/doc/EVP_OpenInit.pod
+++ /dev/null
@@ -1,63 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-                int ekl,unsigned char *iv,EVP_PKEY *priv);
- int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-
-=head1 DESCRIPTION
-
-The EVP envelope routines are a high level interface to envelope
-decryption. They decrypt a public key encrypted symmetric key and
-then decrypt data using it.
-
-EVP_OpenInit() initializes a cipher context B<ctx> for decryption
-with cipher B<type>. It decrypts the encrypted symmetric key of length
-B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
-The IV is supplied in the B<iv> parameter.
-
-EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
-as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page.
-
-=head1 NOTES
-
-It is possible to call EVP_OpenInit() twice in the same way as
-EVP_DecryptInit(). The first call should have B<priv> set to NULL
-and (after setting any cipher parameters) it should be called again
-with B<type> set to NULL.
-
-If the cipher passed in the B<type> parameter is a variable length
-cipher then the key length will be set to the value of the recovered
-key length. If the cipher is a fixed length cipher then the recovered
-key length must match the fixed cipher length.
-
-=head1 RETURN VALUES
-
-EVP_OpenInit() returns 0 on error or a non zero integer (actually the
-recovered secret key size) if successful.
-
-EVP_OpenUpdate() returns 1 for success or 0 for failure.
-
-EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
deleted file mode 100644
index 10687e458d..0000000000
--- a/src/lib/libcrypto/doc/EVP_PKEY_new.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- EVP_PKEY *EVP_PKEY_new(void);
- void EVP_PKEY_free(EVP_PKEY *key);
-
-
-=head1 DESCRIPTION
-
-The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
-structure which is used by OpenSSL to store private keys.
-
-EVP_PKEY_free() frees up the private key B<key>.
-
-=head1 NOTES
-
-The B<EVP_PKEY> structure is used by various OpenSSL functions
-which require a general private key without reference to any
-particular algorithm.
-
-The structure returned by EVP_PKEY_new() is empty. To add a
-private key to this empty structure the functions described in
-L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
-
-=head1 RETURN VALUES
-
-EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
-structure of B<NULL> if an error occurred.
-
-EVP_PKEY_free() does not return a value.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
deleted file mode 100644
index 2db692e271..0000000000
--- a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
+++ /dev/null
@@ -1,80 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
-EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
-EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
-EVP_PKEY_type - EVP_PKEY assignment functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
- int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
- int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
- int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-
- RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
- DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
- DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
- EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-
- int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
- int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
- int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
- int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-
- int EVP_PKEY_type(int type);
-
-=head1 DESCRIPTION
-
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
-EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
-
-EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
-B<NULL> if the key is not of the correct type.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
-however these use the supplied B<key> internally and so B<key>
-will be freed when the parent B<pkey> is freed.
-
-EVP_PKEY_type() returns the type of key corresponding to the value
-B<type>. The type of a key can be obtained with
-EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
-EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
-key types or NID_undef if the key type is unassigned.
-
-=head1 NOTES
-
-In accordance with the OpenSSL naming convention the key obtained
-from or assigned to the B<pkey> using the B<1> functions must be
-freed as well as B<pkey>.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-EVP_PKEY_assign_EC_KEY() are implemented as macros.
-
-=head1 RETURN VALUES
-
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
-EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
-
-EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
-an error occurred.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
deleted file mode 100644
index 48a0e29954..0000000000
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
-                unsigned char **ek, int *ekl, unsigned char *iv,
-                EVP_PKEY **pubk, int npubk);
- int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-
-=head1 DESCRIPTION
-
-The EVP envelope routines are a high level interface to envelope
-encryption. They generate a random key and IV (if required) then
-"envelope" it by using public key encryption. Data can then be
-encrypted using this key.
-
-EVP_SealInit() initializes a cipher context B<ctx> for encryption
-with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
-using one or more public keys, this allows the same encrypted data to be
-decrypted using any of the corresponding private keys. B<ek> is an array of
-buffers where the public key encrypted secret key will be written, each buffer
-must contain enough room for the corresponding encrypted key: that is
-B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
-size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
-an array of B<npubk> public keys.
-
-The B<iv> parameter is a buffer where the generated IV is written to. It must
-contain enough room for the corresponding cipher's IV, as determined by (for
-example) EVP_CIPHER_iv_length(type).
-
-If the cipher does not require an IV then the B<iv> parameter is ignored
-and can be B<NULL>.
-
-EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
-as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
-
-=head1 RETURN VALUES
-
-EVP_SealInit() returns 0 on error or B<npubk> if successful.
-
-EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
-failure.
-
-=head1 NOTES
-
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-
-The public key must be RSA because it is the only OpenSSL public key
-algorithm that supports key transport.
-
-Envelope encryption is the usual method of using public key encryption
-on large amounts of data, this is because public key encryption is slow
-but symmetric encryption is fast. So symmetric encryption is used for
-bulk encryption and the small random symmetric key used is transferred
-using public key encryption.
-
-It is possible to call EVP_SealInit() twice in the same way as
-EVP_EncryptInit(). The first call should have B<npubk> set to 0
-and (after setting any cipher parameters) it should be called again
-with B<type> set to NULL.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>
-
-=head1 HISTORY
-
-EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
deleted file mode 100644
index 0bace24938..0000000000
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ /dev/null
@@ -1,95 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
-
- void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
- int EVP_PKEY_size(EVP_PKEY *pkey);
-
-=head1 DESCRIPTION
-
-The EVP signature routines are a high level interface to digital
-signatures.
-
-EVP_SignInit_ex() sets up signing context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized with
-EVP_MD_CTX_init() before calling this function.
-
-EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
-
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. The number of bytes of data written (i.e. the
-length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written. 
-
-EVP_SignInit() initializes a signing context B<ctx> to use the default
-implementation of digest B<type>.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-
-=head1 RETURN VALUES
-
-EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
-for success and 0 for failure.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-
-The call to EVP_SignFinal() internally finalizes a copy of the digest context.
-This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
-later to digest and sign additional data.
-
-Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
-will occur.
-
-=head1 BUGS
-
-Older versions of this documentation wrongly stated that calls to 
-EVP_SignUpdate() could not be made after calling EVP_SignFinal().
-
-=head1 SEE ALSO
-
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
-
-=head1 HISTORY
-
-EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_SignInit_ex() was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
deleted file mode 100644
index b6afaedee5..0000000000
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ /dev/null
@@ -1,86 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
-
- int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
-=head1 DESCRIPTION
-
-The EVP signature verification routines are a high level interface to digital
-signatures.
-
-EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
-EVP_MD_CTX_init() before calling this function.
-
-EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
-verification context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
-
-EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
-and against the B<siglen> bytes at B<sigbuf>.
-
-EVP_VerifyInit() initializes verification context B<ctx> to use the default
-implementation of digest B<type>.
-
-=head1 RETURN VALUES
-
-EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
-failure.
-
-EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
-other error occurred.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-
-The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
-This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
-later to digest and verify additional data.
-
-Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
-will occur.
-
-=head1 BUGS
-
-Older versions of this documentation wrongly stated that calls to 
-EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>,
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
-
-=head1 HISTORY
-
-EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
-
-=cut
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
deleted file mode 100644
index 7dcc07923f..0000000000
--- a/src/lib/libcrypto/doc/OBJ_nid2obj.pod
+++ /dev/null
@@ -1,149 +0,0 @@
-=pod
-
-=head1 NAME
-
-OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
-OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
-functions
-
-=head1 SYNOPSIS
-
- ASN1_OBJECT * OBJ_nid2obj(int n);
- const char *  OBJ_nid2ln(int n);
- const char *  OBJ_nid2sn(int n);
-
- int OBJ_obj2nid(const ASN1_OBJECT *o);
- int OBJ_ln2nid(const char *ln);
- int OBJ_sn2nid(const char *sn);
-
- int OBJ_txt2nid(const char *s);
-
- ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
- int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-
- int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
- ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
-
- int OBJ_create(const char *oid,const char *sn,const char *ln);
- void OBJ_cleanup(void);
-
-=head1 DESCRIPTION
-
-The ASN1 object utility functions process ASN1_OBJECT structures which are
-a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-
-OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
-an ASN1_OBJECT structure, its long name and its short name respectively,
-or B<NULL> is an error occurred.
-
-OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
-for the object B<o>, the long name <ln> or the short name <sn> respectively
-or NID_undef if an error occurred.
-
-OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
-a long name, a short name or the numerical respresentation of an object.
-
-OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
-If B<no_name> is 0 then long names and short names will be interpreted
-as well as numerical forms. If B<no_name> is 1 only the numerical form
-is acceptable.
-
-OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
-The representation is written as a null terminated string to B<buf>
-at most B<buf_len> bytes are written, truncating the result if necessary.
-The total amount of space required is returned. If B<no_name> is 0 then
-if the object has a long or short name then that will be used, otherwise
-the numerical form will be used. If B<no_name> is 1 then the numerical
-form will always be used.
-
-OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
-
-OBJ_dup() returns a copy of B<o>.
-
-OBJ_create() adds a new object to the internal table. B<oid> is the 
-numerical form of the object, B<sn> the short name and B<ln> the
-long name. A new NID is returned for the created object.
-
-OBJ_cleanup() cleans up OpenSSLs internal object table: this should
-be called before an application exits if any new objects were added
-using OBJ_create().
-
-=head1 NOTES
-
-Objects in OpenSSL can have a short name, a long name and a numerical
-identifier (NID) associated with them. A standard set of objects is
-represented in an internal table. The appropriate values are defined
-in the header file B<objects.h>.
-
-For example the OID for commonName has the following definitions:
-
- #define SN_commonName                   "CN"
- #define LN_commonName                   "commonName"
- #define NID_commonName                  13
-
-New objects can be added by calling OBJ_create().
-
-Table objects have certain advantages over other objects: for example
-their NIDs can be used in a C language switch statement. They are
-also static constant structures which are shared: that is there
-is only a single constant structure for each table object.
-
-Objects which are not in the table have the NID value NID_undef.
-
-Objects do not need to be in the internal tables to be processed,
-the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
-form of an OID.
-
-=head1 EXAMPLES
-
-Create an object for B<commonName>:
-
- ASN1_OBJECT *o;
- o = OBJ_nid2obj(NID_commonName);
-
-Check if an object is B<commonName>
-
- if (OBJ_obj2nid(obj) == NID_commonName)
-        /* Do something */
-
-Create a new NID and initialize an object from it:
-
- int new_nid;
- ASN1_OBJECT *obj;
- new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
-
- obj = OBJ_nid2obj(new_nid);
- 
-Create a new object directly:
-
- obj = OBJ_txt2obj("1.2.3.4", 1);
-
-=head1 BUGS
-
-OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
-convention of other OpenSSL functions where the buffer can be set
-to B<NULL> to determine the amount of data that should be written.
-Instead B<buf> must point to a valid buffer and B<buf_len> should
-be set to a positive value. A buffer length of 80 should be more
-than enough to handle any OID encountered in practice.
-
-=head1 RETURN VALUES
-
-OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
-error occurred.
-
-OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
-on error.
-
-OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
-a NID or B<NID_undef> on error.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
deleted file mode 100644
index c39ac35e78..0000000000
--- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
-
-=head1 SYNOPSIS
-
- #include <openssl/opensslv.h>
- #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
-
- #include <openssl/crypto.h>
- long SSLeay(void);
- const char *SSLeay_version(int t);
-
-=head1 DESCRIPTION
-
-OPENSSL_VERSION_NUMBER is a numeric release version identifier:
-
- MMNNFFPPS: major minor fix patch status
-
-The status nibble has one of the values 0 for development, 1 to e for betas
-1 to 14, and f for release.
-
-for example
-
- 0x000906000 == 0.9.6 dev
- 0x000906023 == 0.9.6b beta 3
- 0x00090605f == 0.9.6e release
-
-Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
-Versions between 0.9.3 and 0.9.5 had a version identifier with this
-interpretation:
-
- MMNNFFRBB major minor fix final beta/patch
-
-for example
-
- 0x000904100 == 0.9.4 release
- 0x000905000 == 0.9.5 dev
-
-Version 0.9.5a had an interim interpretation that is like the current one,
-except the patch level got the highest bit set, to keep continuity.  The
-number was therefore 0x0090581f.
-
-
-For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
-
-SSLeay() returns this number. The return value can be compared to the
-macro to make sure that the correct version of the library has been
-loaded, especially when using DLLs on Windows systems.
-
-SSLeay_version() returns different strings depending on B<t>:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The text variant of the version number and the release date.  For example,
-"OpenSSL 0.9.5a 1 Apr 2000".
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-For an unknown B<t>, the text "not available" is returned.
-
-=head1 RETURN VALUE
-
-The version number.
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
-OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod
deleted file mode 100644
index e7bba2aaca..0000000000
--- a/src/lib/libcrypto/doc/OPENSSL_config.pod
+++ /dev/null
@@ -1,82 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- void OPENSSL_config(const char *config_name);
- void OPENSSL_no_config(void);
-
-=head1 DESCRIPTION
-
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
-configuration file name using B<config_name>. If B<config_name> is NULL then
-the default name B<openssl_conf> will be used. Any errors are ignored. Further
-calls to OPENSSL_config() will have no effect. The configuration file format
-is documented in the L<conf(5)|conf(5)> manual page.
-
-OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
-no configuration takes place.
-
-=head1 NOTES
-
-It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
-or the more sophisticated functions such as CONF_modules_load() during
-initialization (that is before starting any threads). By doing this
-an application does not need to keep track of all configuration options
-and some new functionality can be supported automatically.
-
-It is also possible to automatically call OPENSSL_config() when an application
-calls OPENSSL_add_all_algorithms() by compiling an application with the
-preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
-can be added without source changes.
-
-The environment variable B<OPENSSL_CONF> can be set to specify the location
-of the configuration file.
- 
-Currently ASN1 OBJECTs and ENGINE configuration can be performed future
-versions of OpenSSL will add new configuration options.
-
-There are several reasons why calling the OpenSSL configuration routines is
-advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
-In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
-used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
-However very few applications currently support the control interface and so
-very few can load and use dynamic ENGINEs. Equally in future more sophisticated
-ENGINEs will require certain control operations to customize them. If an
-application calls OPENSSL_config() it doesn't need to know or care about
-ENGINE control operations because they can be performed by editing a
-configuration file.
-
-Applications should free up configuration at application closedown by calling
-CONF_modules_free().
-
-=head1 RESTRICTIONS
-
-The OPENSSL_config() function is designed to be a very simple "call it and
-forget it" function. As a result its behaviour is somewhat limited. It ignores
-all errors silently and it can only load from the standard configuration file
-location for example.
-
-It is however B<much> better than nothing. Applications which need finer
-control over their configuration functionality should use the configuration
-functions such as CONF_load_modules() directly.
-
-=head1 RETURN VALUES
-
-Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
-
-=head1 SEE ALSO
-
-L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
-L<CONF_modules_free(3),CONF_modules_free(3)>
-
-=head1 HISTORY
-
-OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
-
-=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
deleted file mode 100644
index f14dfaf005..0000000000
--- a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_load_builtin_modules - add standard configuration modules
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- void OPENSSL_load_builtin_modules(void);
- void ASN1_add_oid_module(void);
- ENGINE_add_conf_module();
-
-=head1 DESCRIPTION
-
-The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
-configuration modules to the internal list. They can then be used by the
-OpenSSL configuration code.
-
-ASN1_add_oid_module() adds just the ASN1 OBJECT module.
-
-ENGINE_add_conf_module() adds just the ENGINE configuration module.
-
-=head1 NOTES
-
-If the simple configuration function OPENSSL_config() is called then 
-OPENSSL_load_builtin_modules() is called automatically.
-
-Applications which use the configuration functions directly will need to
-call OPENSSL_load_builtin_modules() themselves I<before> any other 
-configuration code.
-
-Applications should call OPENSSL_load_builtin_modules() to load all
-configuration modules instead of adding modules selectively: otherwise 
-functionality may be missing from the application if an when new
-modules are added.
-
-=head1 RETURN VALUE
-
-None of the functions return a value.
-
-=head1 SEE ALSO
-
-L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
-
-=head1 HISTORY
-
-These functions first appeared in OpenSSL 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
deleted file mode 100644
index e63411b5bb..0000000000
--- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
-add algorithms to internal table
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void OpenSSL_add_all_algorithms(void);
- void OpenSSL_add_all_ciphers(void);
- void OpenSSL_add_all_digests(void);
-
- void EVP_cleanup(void);
-
-=head1 DESCRIPTION
-
-OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
-this table to lookup ciphers via functions such as EVP_get_cipher_byname().
-
-OpenSSL_add_all_digests() adds all digest algorithms to the table.
-
-OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
-ciphers).
-
-OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
-password based encryption algorithms.
-
-EVP_cleanup() removes all ciphers and digests from the table.
-
-=head1 RETURN VALUES
-
-None of the functions return a value.
-
-=head1 NOTES
-
-A typical application will call OpenSSL_add_all_algorithms() initially and
-EVP_cleanup() before exiting.
-
-An application does not need to add algorithms to use them explicitly, for example
-by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
-needs to lookup algorithms.
-
-The cipher and digest lookup functions are used in many parts of the library. If
-the table is not initialized several functions will misbehave and complain they
-cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
-This is a common query in the OpenSSL mailing lists.
-
-Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
-statically linked executable can be quite large. If this is important it is possible
-to just add the required ciphers and digests.
-
-=head1 BUGS
-
-Although the functions do not return error codes it is possible for them to fail.
-This will only happen as a result of a memory allocation failure so this is not
-too much of a problem in practice.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_create.pod b/src/lib/libcrypto/doc/PKCS12_create.pod
deleted file mode 100644
index 48f3bb8cb8..0000000000
--- a/src/lib/libcrypto/doc/PKCS12_create.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS12_create - create a PKCS#12 structure
-
-=head1 SYNOPSIS
-
- #include <openssl/pkcs12.h>
-
- PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
-                                int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
-
-=head1 DESCRIPTION
-
-PKCS12_create() creates a PKCS#12 structure.
-
-B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
-the supplied certifictate and key. B<pkey> is the private key to include in
-the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
-is an optional set of certificates to also include in the structure.
-
-B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
-for the key and certificate respectively. B<iter> is the encryption algorithm
-iteration count to use and B<mac_iter> is the MAC iteration count to use.
-B<keytype> is the type of key.
-
-=head1 NOTES
-
-The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
-can all be set to zero and sensible defaults will be used.
-
-These defaults are: 40 bit RC2 encryption for certificates, triple DES
-encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
-(currently 2048) and a MAC iteration count of 1.
-
-The default MAC iteration count is 1 in order to retain compatibility with
-old software which did not interpret MAC iteration counts. If such compatibility
-is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
-
-B<keytype> adds a flag to the store private key. This is a non standard extension
-that is only currently interpreted by MSIE. If set to zero the flag is omitted,
-if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
-it can be used for signing and encryption. This option was useful for old
-export grade software which could use signing only keys of arbitrary size but
-had restrictions on the permissible sizes of keys which could be used for
-encryption.
-
-=head1 SEE ALSO
-
-L<d2i_PKCS12(3)|d2i_PKCS12(3)>
-
-=head1 HISTORY
-
-PKCS12_create was added in OpenSSL 0.9.3
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_parse.pod b/src/lib/libcrypto/doc/PKCS12_parse.pod
deleted file mode 100644
index 51344f883a..0000000000
--- a/src/lib/libcrypto/doc/PKCS12_parse.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS12_parse - parse a PKCS#12 structure
-
-=head1 SYNOPSIS
-
- #include <openssl/pkcs12.h>
-
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-
-=head1 DESCRIPTION
-
-PKCS12_parse() parses a PKCS12 structure.
-
-B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
-If successful the private key will be written to B<*pkey>, the corresponding
-certificate to B<*cert> and any additional certificates to B<*ca>.
-
-=head1 NOTES
-
-The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
-in which case additional certificates will be discarded. B<*ca> can also
-be a valid STACK in which case additional certificates are appended to
-B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
-
-The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
-will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
-
-=head1 BUGS
-
-Only a single private key and corresponding certificate is returned by this function.
-More complex PKCS#12 files with multiple private keys will only return the first
-match.
-
-Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
-Other attributes are discarded.
-
-Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
-
-=head1 SEE ALSO
-
-L<d2i_PKCS12(3)|d2i_PKCS12(3)>
-
-=head1 HISTORY
-
-PKCS12_parse was added in OpenSSL 0.9.3
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_decrypt.pod b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
deleted file mode 100644
index b0ca067b89..0000000000
--- a/src/lib/libcrypto/doc/PKCS7_decrypt.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
-
-=head1 SYNOPSIS
-
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
-structure. B<pkey> is the private key of the recipient, B<cert> is the
-recipients certificate, B<data> is a BIO to write the content to and
-B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
-function or errors about unknown algorithms will occur.
-
-Although the recipients certificate is not needed to decrypt the data it is needed
-to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
-
-The following flags can be passed in the B<flags> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
-from the content. If the content is not of type B<text/plain> then an error is
-returned.
-
-=head1 RETURN VALUES
-
-PKCS7_decrypt() returns either 1 for success or 0 for failure.
-The error can be obtained from ERR_get_error(3)
-
-=head1 BUGS
-
-PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
-be better if it could look up the correct key and certificate from a database.
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-
-=head1 HISTORY
-
-PKCS7_decrypt() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
deleted file mode 100644
index 1a507b22a2..0000000000
--- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_encrypt - create a PKCS#7 envelopedData structure
-
-=head1 SYNOPSIS
-
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
-is a list of recipient certificates. B<in> is the content to be encrypted.
-B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
-supplied to this function must all contain RSA public keys, though they do not have to
-be signed using the RSA algorithm.
-
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
-most clients will support it.
-
-Some old "export grade" clients may only support weak encryption using 40 or 64 bit
-RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
-
-The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
-parameters. 
-
-Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
-envelopedData containing an S/MIME signed message. This can be readily produced
-by storing the S/MIME signed message in a memory BIO and passing it to
-PKCS7_encrypt().
-
-The following flags can be passed in the B<flags> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
-to the data.
-
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
-
-=head1 RETURN VALUES
-
-PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
-
-=head1 BUGS
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-PKCS7_decrypt() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
deleted file mode 100644
index fc7e649b34..0000000000
--- a/src/lib/libcrypto/doc/PKCS7_sign.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_sign - create a PKCS#7 signedData structure
-
-=head1 SYNOPSIS
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
-is the certificate to sign with, B<pkey> is the corresponsding private key.
-B<certs> is an optional additional set of certificates to include in the
-PKCS#7 structure (for example any intermediate CAs in the chain). 
-
-The data to be signed is read from BIO B<data>.
-
-B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-Any of the following flags (ored together) can be passed in the B<flags> parameter.
-
-Many S/MIME clients expect the signed content to include valid MIME headers. If
-the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
-to the data.
-
-If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
-parameter though. This can reduce the size of the signature if the signers certificate
-can be obtained by other means: for example a previously signed message.
-
-The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
-is set in which case it is omitted. This is used for PKCS7 detached signatures
-which are used in S/MIME plaintext signed messages for example.
-
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it.
-
-The signedData structure includes several PKCS#7 autenticatedAttributes including
-the signing time, the PKCS#7 content type and the supported list of ciphers in
-an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
-will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
-omitted.
-
-If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
-of these algorithms is disabled then it will not be included.
-
-=head1 BUGS
-
-PKCS7_sign() is somewhat limited. It does not support multiple signers, some
-advanced attributes such as counter signatures are not supported.
-
-The SHA1 digest algorithm is currently always used.
-
-When the signed data is not detached it will be stored in memory within the
-B<PKCS7> structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL ASN1 code.
-
-Clear text signing does not store the content in memory but the way PKCS7_sign()
-operates means that two passes of the data must typically be made: one to compute
-the signatures and a second to output the data along with the signature. There
-should be a way to process the data with only a single pass.
-
-=head1 RETURN VALUES
-
-PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
-
-=head1 HISTORY
-
-PKCS7_sign() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
deleted file mode 100644
index 3490b5dc82..0000000000
--- a/src/lib/libcrypto/doc/PKCS7_verify.pod
+++ /dev/null
@@ -1,116 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_verify - verify a PKCS#7 signedData structure
-
-=head1 SYNOPSIS
-
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
-structure to verify. B<certs> is a set of certificates in which to search for
-the signer's certificate. B<store> is a trusted certficate store (used for
-chain verification). B<indata> is the signed data if the content is not
-present in B<p7> (that is it is detached). The content is written to B<out>
-if it is not NULL.
-
-B<flags> is an optional set of flags, which can be used to modify the verify
-operation.
-
-PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
-B<not> check their validity or whether any signatures are valid. The B<certs>
-and B<flags> parameters have the same meanings as in PKCS7_verify().
-
-=head1 VERIFY PROCESS
-
-Normally the verify process proceeds as follows.
-
-Initially some sanity checks are performed on B<p7>. The type of B<p7> must
-be signedData. There must be at least one signature on the data and if
-the content is detached B<indata> cannot be B<NULL>.
-
-An attempt is made to locate all the signer's certificates, first looking in
-the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
-contained in the B<p7> structure itself. If any signer's certificates cannot be
-located the operation fails.
-
-Each signer's certificate is chain verified using the B<smimesign> purpose and
-the supplied trusted certificate store. Any internal certificates in the message
-are used as untrusted CAs. If any chain verify fails an error code is returned.
-
-Finally the signed content is read (and written to B<out> is it is not NULL) and
-the signature's checked.
-
-If all signature's verify correctly then the function is successful.
-
-Any of the following flags (ored together) can be passed in the B<flags> parameter
-to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
-meaningful to PKCS7_get0_signers().
-
-If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
-searched when locating the signer's certificate. This means that all the signers
-certificates must be in the B<certs> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
-from the content. If the content is not of type B<text/plain> then an error is
-returned.
-
-If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
-
-If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
-not used as untrusted CAs. This means that the whole verify chain (apart from
-the signer's certificate) must be contained in the trusted store.
-
-If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
-
-=head1 NOTES
-
-One application of B<PKCS7_NOINTERN> is to only accept messages signed by
-a small number of certificates. The acceptable certificates would be passed
-in the B<certs> parameter. In this case if the signer is not one of the
-certificates supplied in B<certs> then the verify will fail because the
-signer cannot be found.
-
-Care should be taken when modifying the default verify behaviour, for example
-setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
-and any signed message will be considered valid. This combination is however
-useful if one merely wishes to write the content to B<out> and its validity
-is not considered important.
-
-Chain verification should arguably be performed  using the signing time rather
-than the current time. However since the signing time is supplied by the
-signer it cannot be trusted without additional evidence (such as a trusted
-timestamp).
-
-=head1 RETURN VALUES
-
-PKCS7_verify() returns 1 for a successful verification and zero or a negative
-value if an error occurs.
-
-PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
-
-The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 BUGS
-
-The trusted certificate store is not searched for the signers certificate,
-this is primarily due to the inadequacies of the current B<X509_STORE>
-functionality.
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
-
-=head1 HISTORY
-
-PKCS7_verify() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
deleted file mode 100644
index 67c66f3e0c..0000000000
--- a/src/lib/libcrypto/doc/RAND_add.pod
+++ /dev/null
@@ -1,77 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
-entropy to the PRNG
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_seed(const void *buf, int num);
-
- void RAND_add(const void *buf, int num, double entropy);
-
- int  RAND_status(void);
-
- int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
- void RAND_screen(void);
-
-=head1 DESCRIPTION
-
-RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
-if the data at B<buf> are unpredictable to an adversary, this
-increases the uncertainty about the state and makes the PRNG output
-less predictable. Suitable input comes from user interaction (random
-key presses, mouse movements) and certain hardware events. The
-B<entropy> argument is (the lower bound of) an estimate of how much
-randomness is contained in B<buf>, measured in bytes. Details about
-sources of randomness and how to estimate their entropy can be found
-in the literature, e.g. RFC 1750.
-
-RAND_add() may be called with sensitive data such as user entered
-passwords. The seed values cannot be recovered from the PRNG output.
-
-OpenSSL makes sure that the PRNG state is unique for each thread. On
-systems that provide C</dev/urandom>, the randomness device is used
-to seed the PRNG transparently. However, on all other systems, the
-application is responsible for seeding the PRNG by calling RAND_add(),
-L<RAND_egd(3)|RAND_egd(3)>
-or L<RAND_load_file(3)|RAND_load_file(3)>.
-
-RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
-
-RAND_event() collects the entropy from Windows events such as mouse
-movements and other user interaction. It should be called with the
-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
-the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the PRNG. The program can then
-process the messages as usual.
-
-The RAND_screen() function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG by
-calling RAND_event() is a significantly better source of
-randomness. It should be noted that both methods cannot be used on
-servers that run without user interaction.
-
-=head1 RETURN VALUES
-
-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
-with enough data, 0 otherwise.
-
-The other functions do not return values.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=head1 HISTORY
-
-RAND_seed() and RAND_screen() are available in all versions of SSLeay
-and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
-0.9.5, RAND_event() in OpenSSL 0.9.5a.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod
deleted file mode 100644
index ce6329ce54..0000000000
--- a/src/lib/libcrypto/doc/RAND_bytes.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_bytes, RAND_pseudo_bytes - generate random data
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- int RAND_bytes(unsigned char *buf, int num);
-
- int RAND_pseudo_bytes(unsigned char *buf, int num);
-
-=head1 DESCRIPTION
-
-RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
-into B<buf>. An error occurs if the PRNG has not been seeded with
-enough randomness to ensure an unpredictable byte sequence.
-
-RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
-Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
-unique if they are of sufficient length, but are not necessarily
-unpredictable. They can be used for non-cryptographic purposes and for
-certain purposes in cryptographic protocols, but usually not for key
-generation etc.
-
-=head1 RETURN VALUES
-
-RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
-bytes generated are cryptographically strong, 0 otherwise. Both
-functions return -1 if they are not supported by the current RAND
-method.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<RAND_add(3)|RAND_add(3)>
-
-=head1 HISTORY
-
-RAND_bytes() is available in all versions of SSLeay and OpenSSL.  It
-has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
-in OpenSSL 0.9.5.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_cleanup.pod b/src/lib/libcrypto/doc/RAND_cleanup.pod
deleted file mode 100644
index 3a8f0749a8..0000000000
--- a/src/lib/libcrypto/doc/RAND_cleanup.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_cleanup - erase the PRNG state
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_cleanup(void);
-
-=head1 DESCRIPTION
-
-RAND_cleanup() erases the memory used by the PRNG.
-
-=head1 RETURN VALUE
-
-RAND_cleanup() returns no value.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
deleted file mode 100644
index d8c134e621..0000000000
--- a/src/lib/libcrypto/doc/RAND_load_file.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- const char *RAND_file_name(char *buf, size_t num);
-
- int RAND_load_file(const char *filename, long max_bytes);
-
- int RAND_write_file(const char *filename);
-
-=head1 DESCRIPTION
-
-RAND_file_name() generates a default path for the random seed
-file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
-
-RAND_load_file() reads a number of bytes from file B<filename> and
-adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
-if B<max_bytes> is -1, the complete file is read.
-
-RAND_write_file() writes a number of random bytes (currently 1024) to
-file B<filename> which can be used to initialize the PRNG by calling
-RAND_load_file() in a later session.
-
-=head1 RETURN VALUES
-
-RAND_load_file() returns the number of bytes read.
-
-RAND_write_file() returns the number of bytes written, and -1 if the
-bytes written were generated without appropriate seed.
-
-RAND_file_name() returns a pointer to B<buf> on success, and NULL on
-error.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=head1 HISTORY
-
-RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
-all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
deleted file mode 100644
index c9bb6d9f27..0000000000
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ /dev/null
@@ -1,83 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
-
- const RAND_METHOD *RAND_get_rand_method(void);
-
- RAND_METHOD *RAND_SSLeay(void);
-
-=head1 DESCRIPTION
-
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
-generation. By modifying the method, alternative implementations such as
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
-B<ENGINE> API calls.
-
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-=head1 THE RAND_METHOD STRUCTURE
-
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-        int (*status)(void);
- } RAND_METHOD;
-
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-
-=head1 RETURN VALUES
-
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-
-=head1 NOTES
-
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
-
-=head1 HISTORY
-
-RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
-available in all versions of OpenSSL.
-
-In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
-take an ENGINE pointer as its argument. As of version 0.9.7, that has been
-reverted as the ENGINE API transparently overrides RAND defaults if used,
-otherwise RAND API functions work as before. RAND_set_rand_engine() was also
-introduced in version 0.9.7.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
deleted file mode 100644
index fd2c69abd8..0000000000
--- a/src/lib/libcrypto/doc/RSA_blinding_on.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-
- void RSA_blinding_off(RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA is vulnerable to timing attacks. In a setup where attackers can
-measure the time of RSA decryption or signature operations, blinding
-must be used to protect the RSA operation from that attack.
-
-RSA_blinding_on() turns blinding on for key B<rsa> and generates a
-random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
-
-RSA_blinding_off() turns blinding off and frees the memory used for
-the blinding factor.
-
-=head1 RETURN VALUES
-
-RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
-
-RSA_blinding_off() returns no value.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod
deleted file mode 100644
index a5198f3db5..0000000000
--- a/src/lib/libcrypto/doc/RSA_check_key.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_check_key - validate private RSA keys
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_check_key(RSA *rsa);
-
-=head1 DESCRIPTION
-
-This function validates RSA keys. It checks that B<p> and B<q> are
-in fact prime, and that B<n = p*q>.
-
-It also checks that B<d*e = 1 mod (p-1*q-1)>,
-and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
-
-As such, this function can not be used with any arbitrary RSA key object,
-even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
-information.
-
-=head1 RETURN VALUE
-
-RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
--1 is returned if an error occurs while checking the key.
-
-If the key is invalid or an error occurred, the reason code can be
-obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-This function does not work on RSA public keys that have only the modulus
-and public exponent elements populated. It performs integrity checks on all
-the RSA key material, so the RSA key structure must contain all the private
-key data too.
-
-Unlike most other RSA functions, this function does B<not> work
-transparently with any underlying ENGINE implementation because it uses the
-key data in the RSA structure directly. An ENGINE implementation can
-override the way key data is stored and handled, and can even provide
-support for HSM keys - in which case the RSA structure may contain B<no>
-key data at all! If the ENGINE in question is only being used for
-acceleration or analysis purposes, then in all likelihood the RSA key data
-is complete and untouched, but this can't be assumed in the general case.
-
-=head1 BUGS
-
-A method of verifying the RSA key using opaque RSA API functions might need
-to be considered. Right now RSA_check_key() simply uses the RSA structure
-elements directly, bypassing the RSA_METHOD table altogether (and
-completely violating encapsulation and object-orientation in the process).
-The best fix will probably be to introduce a "check_key()" handler to the
-RSA_METHOD function table so that alternative implementations can also
-provide their own verifiers.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-RSA_check_key() appeared in OpenSSL 0.9.4.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
deleted file mode 100644
index 52dbb14a53..0000000000
--- a/src/lib/libcrypto/doc/RSA_generate_key.pod
+++ /dev/null
@@ -1,69 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_generate_key - generate RSA key pair
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- RSA *RSA_generate_key(int num, unsigned long e,
-    void (*callback)(int,int,void *), void *cb_arg);
-
-=head1 DESCRIPTION
-
-RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
-
-The modulus size will be B<num> bits, and the public exponent will be
-B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
-The exponent is an odd number, typically 3, 17 or 65537.
-
-A callback function may be used to provide feedback about the
-progress of the key generation. If B<callback> is not B<NULL>, it
-will be called as follows:
-
-=over 4
-
-=item *
-
-While a random prime number is generated, it is called as
-described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
-
-=item *
-
-When the n-th randomly generated prime is rejected as not
-suitable for the key, B<callback(2, n, cb_arg)> is called.
-
-=item *
-
-When a random p has been found with p-1 relatively prime to B<e>,
-it is called as B<callback(3, 0, cb_arg)>.
-
-=back
-
-The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
-
-=head1 RETURN VALUE
-
-If key generation fails, RSA_generate_key() returns B<NULL>; the
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-B<callback(2, x, cb_arg)> is used with two different meanings.
-
-RSA_generate_key() goes into an infinite loop for illegal input values.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_free(3)|RSA_free(3)>
-
-=head1 HISTORY
-
-The B<cb_arg> argument was added in SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
deleted file mode 100644
index 46cc8f5359..0000000000
--- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,120 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
-
- int RSA_set_ex_data(RSA *r, int idx, void *arg);
-
- void *RSA_get_ex_data(RSA *r, int idx);
-
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                int idx, long argl, void *argp);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-This has several potential uses, it can be used to cache data associated with
-a structure (for example the hash of some part of the structure) or some
-additional data (for example a handle to the data in an external library).
-
-Since the application data can be anything at all it is passed and retrieved
-as a B<void *> type.
-
-The B<RSA_get_ex_new_index()> function is initially called to "register" some
-new application specific data. It takes three optional function pointers which
-are called when the parent structure (in this case an RSA structure) is
-initially created, when it is copied and when it is freed up. If any or all of
-these function pointer arguments are not used they should be set to NULL. The
-precise manner in which these function pointers are called is described in more
-detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
-parameters which will be passed to the supplied functions but which otherwise
-have no special meaning. It returns an B<index> which should be stored
-(typically in a static variable) and passed used in the B<idx> parameter in
-the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
-will return an index greater than any previously returned, this is important
-because the optional functions are called in order of increasing index value.
-
-B<RSA_set_ex_data()> is used to set application specific data, the data is
-supplied in the B<arg> parameter and its precise meaning is up to the
-application.
-
-B<RSA_get_ex_data()> is used to retrieve application specific data. The data
-is returned to the application, this will be the same value as supplied to
-a previous B<RSA_set_ex_data()> call.
-
-B<new_func()> is called when a structure is initially allocated (for example
-with B<RSA_new()>. The parent structure members will not have any meaningful
-values at this point. This function will typically be used to allocate any
-application specific structure.
-
-B<free_func()> is called when a structure is being freed up. The dynamic parent
-structure members should not be accessed because they will be freed up when
-this function is called.
-
-B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
-pointer to the parent RSA structure. B<ptr> is a the application specific data
-(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
-B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
-B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
-it. The B<idx> parameter is the index: this will be the same value returned by
-B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
-the B<argl> and B<argp> parameters are the values originally passed to the same
-corresponding parameters when B<RSA_get_ex_new_index()> was called.
-
-B<dup_func()> is called when a structure is being copied. Pointers to the
-destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
-B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
-the source application data when the function is called, when the function returns
-the value is copied to the destination: the application can thus modify the data
-pointed to by B<from_d> and have different values in the source and destination.
-The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
-and B<free_func()>.
-
-=head1 RETURN VALUES
-
-B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
-index value).
-
-B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
-
-B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
-be valid application data but currently it can only fail if given an invalid B<idx>
-parameter.
-
-B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
-
-On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-B<dup_func()> is currently never called.
-
-The return value of B<new_func()> is ignored.
-
-The B<new_func()> function isn't very useful because no meaningful values are
-present in the parent RSA structure when it is called.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-
-=head1 HISTORY
-
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
-available since SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod
deleted file mode 100644
index 3d15b92824..0000000000
--- a/src/lib/libcrypto/doc/RSA_new.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_new, RSA_free - allocate and free RSA objects
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- RSA * RSA_new(void);
-
- void RSA_free(RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
-calling RSA_new_method(NULL).
-
-RSA_free() frees the B<RSA> structure and its components. The key is
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, RSA_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-
-RSA_free() returns no value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>,
-L<RSA_new_method(3)|RSA_new_method(3)>
-
-=head1 HISTORY
-
-RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
deleted file mode 100644
index b8f678fe72..0000000000
--- a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
+++ /dev/null
@@ -1,124 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
-RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
-RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
-RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
-RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
-padding
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
-
- int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
-
- int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-    unsigned char *f, int fl, unsigned char *p, int pl);
-
- int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
-
- int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
-
- int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_none(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
-
- int RSA_padding_check_none(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
-
-=head1 DESCRIPTION
-
-The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
-decrypt, sign and verify functions. Normally they should not be called
-from application programs.
-
-However, they can also be called directly to implement padding for other
-asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
-RSA_padding_check_PKCS1_OAEP() may be used in an application combined
-with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
-parameter.
-
-RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
-B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
-does not meet the size requirements of the encoding method.
-
-The following encoding methods are implemented:
-
-=over 4
-
-=item PKCS1_type_1
-
-PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
-
-=item PKCS1_type_2
-
-PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
-
-=item PKCS1_OAEP
-
-PKCS #1 v2.0 EME-OAEP
-
-=item SSLv23
-
-PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
-
-=item none
-
-simply copy the data
-
-=back
-
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-
-RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
-a valid encoding for a B<rsa_len> byte RSA key in the respective
-encoding method and stores the recovered data of at most B<tlen> bytes
-(for B<RSA_NO_PADDING>: of size B<tlen>)
-at B<to>.
-
-For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
-of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
-
-=head1 RETURN VALUES
-
-The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
-The RSA_padding_check_xxx() functions return the length of the
-recovered data, -1 on error. Error codes can be obtained by calling
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
-RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
-RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
-RSA_padding_add_none() and RSA_padding_check_none() appeared in
-SSLeay 0.9.0.
-
-RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
-added in OpenSSL 0.9.2b.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod
deleted file mode 100644
index c971e91f4d..0000000000
--- a/src/lib/libcrypto/doc/RSA_print.pod
+++ /dev/null
@@ -1,49 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_print, RSA_print_fp,
-DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
-DHparams_print, DHparams_print_fp - print cryptographic parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
-
- #include <openssl/dsa.h>
-
- int DSAparams_print(BIO *bp, DSA *x);
- int DSAparams_print_fp(FILE *fp, DSA *x);
- int DSA_print(BIO *bp, DSA *x, int offset);
- int DSA_print_fp(FILE *fp, DSA *x, int offset);
-
- #include <openssl/dh.h>
-
- int DHparams_print(BIO *bp, DH *x);
- int DHparams_print_fp(FILE *fp, DH *x);
-
-=head1 DESCRIPTION
-
-A human-readable hexadecimal output of the components of the RSA
-key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
-
-The output lines are indented by B<offset> spaces.
-
-=head1 RETURN VALUES
-
-These functions return 1 on success, 0 on error.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
-
-=head1 HISTORY
-
-RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
-DH_print_fp() are available in all versions of SSLeay and OpenSSL.
-DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
deleted file mode 100644
index 746a80c79e..0000000000
--- a/src/lib/libcrypto/doc/RSA_private_encrypt.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_private_encrypt, RSA_public_decrypt - low level signature operations
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa, int padding);
-
-=head1 DESCRIPTION
-
-These functions handle RSA signatures at a low level.
-
-RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
-message digest with an algorithm identifier) using the private key
-B<rsa> and stores the signature in B<to>. B<to> must point to
-B<RSA_size(rsa)> bytes of memory.
-
-B<padding> denotes one of the following modes:
-
-=over 4
-
-=item RSA_PKCS1_PADDING
-
-PKCS #1 v1.5 padding. This function does not handle the
-B<algorithmIdentifier> specified in PKCS #1. When generating or
-verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
-used.
-
-=item RSA_NO_PADDING
-
-Raw RSA signature. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Signing user data directly with RSA is insecure.
-
-=back
-
-RSA_public_decrypt() recovers the message digest from the B<flen>
-bytes long signature at B<from> using the signer's public key
-B<rsa>. B<to> must point to a memory section large enough to hold the
-message digest (which is smaller than B<RSA_size(rsa) -
-11>). B<padding> is the padding mode that was used to sign the data.
-
-=head1 RETURN VALUES
-
-RSA_private_encrypt() returns the size of the signature (i.e.,
-RSA_size(rsa)). RSA_public_decrypt() returns the size of the
-recovered message digest.
-
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
deleted file mode 100644
index ab0fe3b2cd..0000000000
--- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod
+++ /dev/null
@@ -1,84 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_public_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
-
- int RSA_private_decrypt(int flen, unsigned char *from,
-     unsigned char *to, RSA *rsa, int padding);
-
-=head1 DESCRIPTION
-
-RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
-session key) using the public key B<rsa> and stores the ciphertext in
-B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
-
-B<padding> denotes one of the following modes:
-
-=over 4
-
-=item RSA_PKCS1_PADDING
-
-PKCS #1 v1.5 padding. This currently is the most widely used mode.
-
-=item RSA_PKCS1_OAEP_PADDING
-
-EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
-encoding parameter. This mode is recommended for all new applications.
-
-=item RSA_SSLV23_PADDING
-
-PKCS #1 v1.5 padding with an SSL-specific modification that denotes
-that the server is SSL3 capable.
-
-=item RSA_NO_PADDING
-
-Raw RSA encryption. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Encrypting user data directly with RSA is insecure.
-
-=back
-
-B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
-based padding modes, less than RSA_size(B<rsa>) - 41 for
-RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
-
-RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
-private key B<rsa> and stores the plaintext in B<to>. B<to> must point
-to a memory section large enough to hold the decrypted data (which is
-smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
-was used to encrypt the data.
-
-=head1 RETURN VALUES
-
-RSA_public_encrypt() returns the size of the encrypted data (i.e.,
-RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
-recovered plaintext.
-
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_size(3)|RSA_size(3)>
-
-=head1 HISTORY
-
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
deleted file mode 100644
index 0a305f6b14..0000000000
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ /dev/null
@@ -1,202 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_set_default_method, RSA_get_default_method, RSA_set_method,
-RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
-RSA_new_method - select RSA method
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- void RSA_set_default_method(const RSA_METHOD *meth);
-
- RSA_METHOD *RSA_get_default_method(void);
-
- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
- RSA_METHOD *RSA_get_method(const RSA *rsa);
-
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
- RSA_METHOD *RSA_null_method(void);
-
- int RSA_flags(const RSA *rsa);
-
- RSA *RSA_new_method(RSA_METHOD *method);
-
-=head1 DESCRIPTION
-
-An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations such as
-hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these RSA API functions are affected by the
-use of B<ENGINE> API calls.
-
-Initially, the default RSA_METHOD is the OpenSSL internal implementation,
-as returned by RSA_PKCS1_SSLeay().
-
-RSA_set_default_method() makes B<meth> the default method for all RSA
-structures created later. B<NB>: This is true only whilst no ENGINE has
-been set as a default for RSA, so this function is no longer recommended.
-
-RSA_get_default_method() returns a pointer to the current default
-RSA_METHOD. However, the meaningfulness of this result is dependant on
-whether the ENGINE API is being used, so this function is no longer 
-recommended.
-
-RSA_set_method() selects B<meth> to perform all operations using the key
-B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
-previous method was supplied by an ENGINE, the handle to that ENGINE will
-be released during the change. It is possible to have RSA keys that only
-work with certain RSA_METHOD implementations (eg. from an ENGINE module
-that supports embedded hardware-protected keys), and in such cases
-attempting to change the RSA_METHOD for the key can have unexpected
-results.
-
-RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
-This method may or may not be supplied by an ENGINE implementation, but if
-it is, the return value can only be guaranteed to be valid as long as the
-RSA key itself is valid and does not have its implementation changed by
-RSA_set_method().
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current
-RSA_METHOD. See the BUGS section.
-
-RSA_new_method() allocates and initializes an RSA structure so that
-B<engine> will be used for the RSA operations. If B<engine> is NULL, the
-default ENGINE for RSA operations is used, and if no default ENGINE is set,
-the RSA_METHOD controlled by RSA_set_default_method() is used.
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
-
-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
-
-=head1 THE RSA_METHOD STRUCTURE
-
- typedef struct rsa_meth_st
- {
-     /* name of the implementation */
-        const char *name;
-
-     /* encrypt */
-        int (*rsa_pub_enc)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-
-     /* verify arbitrary data */
-        int (*rsa_pub_dec)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-
-     /* sign arbitrary data */
-        int (*rsa_priv_enc)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-
-     /* decrypt */
-        int (*rsa_priv_dec)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-
-     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
-                                        implementations) */
-        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-     /* called at RSA_new */
-        int (*init)(RSA *rsa);
-
-     /* called at RSA_free */
-        int (*finish)(RSA *rsa);
-
-     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
-      *                            operations, even if p,q,dmp1,dmq1,iqmp
-      *                            are NULL
-      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
-      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
-      */
-        int flags;
-
-        char *app_data; /* ?? */
-
-     /* sign. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
-        int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
-           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
-     /* verify. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
-        int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
-           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
- } RSA_METHOD;
-
-=head1 RETURN VALUES
-
-RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
-and RSA_get_method() return pointers to the respective RSA_METHODs.
-
-RSA_set_default_method() returns no value.
-
-RSA_set_method() returns a pointer to the old RSA_METHOD implementation
-that was replaced. However, this return value should probably be ignored
-because if it was supplied by an ENGINE, the pointer could be invalidated
-at any time if the ENGINE is unloaded (in fact it could be unloaded as a
-result of the RSA_set_method() function releasing its handle to the
-ENGINE). For this reason, the return type may be replaced with a B<void>
-declaration in a future release.
-
-RSA_new_method() returns NULL and sets an error code that can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
-it returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, RSA_METHOD implementations are grouped together with
-other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
-modules. If a default ENGINE is specified for RSA functionality using an
-ENGINE API function, that will override any RSA defaults set using the RSA
-API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
-recommended way to control default implementations for use in RSA and other
-cryptographic algorithms.
-
-=head1 BUGS
-
-The behaviour of RSA_flags() is a mis-feature that is left as-is for now
-to avoid creating compatibility problems. RSA functionality, such as the
-encryption functions, are controlled by the B<flags> value in the RSA key
-itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
-(which is what this function returns). If the flags element of an RSA key
-is changed, the changes will be honoured by RSA functionality but will not
-be reflected in the return value of the RSA_flags() function - in effect
-RSA_flags() behaves more like an RSA_default_flags() function (which does
-not currently exist).
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
-
-=head1 HISTORY
-
-RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
-RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
-well as the rsa_sign and rsa_verify components of RSA_METHOD were
-added in OpenSSL 0.9.4.
-
-RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
-replaced RSA_set_default_method() and RSA_get_default_method()
-respectively, and RSA_set_method() and RSA_new_method() were altered to use
-B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
-version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
-API was restructured so that this change was reversed, and behaviour of the
-other functions resembled more closely the previous behaviour. The
-behaviour of defaults in the ENGINE API now transparently overrides the
-behaviour of defaults in the RSA API without requiring changing these
-function prototypes.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
deleted file mode 100644
index 71688a665e..0000000000
--- a/src/lib/libcrypto/doc/RSA_sign.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_sign, RSA_verify - RSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_sign() signs the message digest B<m> of size B<m_len> using the
-private key B<rsa> as specified in PKCS #1 v2.0. It stores the
-signature in B<sigret> and the signature size in B<siglen>. B<sigret>
-must point to RSA_size(B<rsa>) bytes of memory.
-
-B<type> denotes the message digest algorithm that was used to generate
-B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
-see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
-an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
-and no algorithm identifier) is created.
-
-RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<m> of size B<m_len>. B<type> denotes
-the message digest algorithm that was used to generate the signature.
-B<rsa> is the signer's public key.
-
-=head1 RETURN VALUES
-
-RSA_sign() returns 1 on success, 0 otherwise.  RSA_verify() returns 1
-on successful verification, 0 otherwise.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-Certain signatures with an improper algorithm identifier are accepted
-for compatibility with SSLeay 0.4.5 :-)
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
-
-=head1 HISTORY
-
-RSA_sign() and RSA_verify() are available in all versions of SSLeay
-and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
deleted file mode 100644
index e70380bbfc..0000000000
--- a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
-
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
-B<m_len> using the private key B<rsa> represented in DER using PKCS #1
-padding. It stores the signature in B<sigret> and the signature size
-in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
-memory.
-
-B<dummy> is ignored.
-
-The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
-
-RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
-of size B<siglen> is the DER representation of a given octet string
-B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
-public key.
-
-=head1 RETURN VALUES
-
-RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
-RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
-otherwise.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-These functions serve no recognizable purpose.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
-L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
-added in SSLeay 0.8.
-
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod
deleted file mode 100644
index 5b7f835f95..0000000000
--- a/src/lib/libcrypto/doc/RSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_size - get RSA modulus size
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_size(const RSA *rsa);
-
-=head1 DESCRIPTION
-
-This function returns the RSA modulus size in bytes. It can be used to
-determine how much memory must be allocated for an RSA encrypted
-value.
-
-B<rsa-E<gt>n> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>
-
-=head1 HISTORY
-
-RSA_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
deleted file mode 100644
index ffafa37887..0000000000
--- a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
+++ /dev/null
@@ -1,71 +0,0 @@
-=pod
-
-=head1 NAME
-
-SMIME_read_PKCS7 - parse S/MIME message.
-
-=head1 SYNOPSIS
-
-PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
-
-=head1 DESCRIPTION
-
-SMIME_read_PKCS7() parses a message in S/MIME format.
-
-B<in> is a BIO to read the message from.
-
-If cleartext signing is used then the content is saved in
-a memory bio which is written to B<*bcont>, otherwise
-B<*bcont> is set to B<NULL>.
-
-The parsed PKCS#7 structure is returned or B<NULL> if an
-error occurred.
-
-=head1 NOTES
-
-If B<*bcont> is not B<NULL> then the message is clear text
-signed. B<*bcont> can then be passed to PKCS7_verify() with
-the B<PKCS7_DETACHED> flag set.
-
-Otherwise the type of the returned structure can be determined
-using PKCS7_type().
-
-To support future functionality if B<bcont> is not B<NULL>
-B<*bcont> should be initialized to B<NULL>. For example:
-
- BIO *cont = NULL;
- PKCS7 *p7;
-
- p7 = SMIME_read_PKCS7(in, &cont);
-
-=head1 BUGS
-
-The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
-While it will handle most S/MIME messages more complex compound
-formats may not work.
-
-The parser assumes that the PKCS7 structure is always base64
-encoded and will not handle the case where it is in binary format
-or uses quoted printable format.
-
-The use of a memory BIO to hold the signed content limits the size
-of message which can be processed due to memory restraints: a
-streaming single pass option should be available.
-
-=head1 RETURN VALUES
-
-SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
-is an error occurred. The error can be obtained from ERR_get_error(3).
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
-L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
-L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-SMIME_read_PKCS7() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
deleted file mode 100644
index 2cfad2e049..0000000000
--- a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
-
-=head1 SYNOPSIS
-
-int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
-structure to produce an S/MIME message.
-
-B<out> is the BIO to write the data to. B<p7> is the appropriate
-B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
-being used then the signed data must be supplied in the B<data> 
-argument. B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-The following flags can be passed in the B<flags> parameter.
-
-If B<PKCS7_DETACHED> is set then cleartext signing will be used,
-this option only makes sense for signedData where B<PKCS7_DETACHED>
-is also set when PKCS7_sign() is also called.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
-are added to the content, this only makes sense if B<PKCS7_DETACHED>
-is also set.
-
-If cleartext signing is being used then the data must be read twice:
-once to compute the signature in PKCS7_sign() and once to output the
-S/MIME message.
-
-=head1 BUGS
-
-SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
-should be an option to disable this.
-
-There should really be a way to produce cleartext signing using only
-a single pass of the data.
-
-=head1 RETURN VALUES
-
-SMIME_write_PKCS7() returns 1 for success or 0 for failure.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
-L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-SMIME_write_PKCS7() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
deleted file mode 100644
index 11b35f6fd3..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
+++ /dev/null
@@ -1,72 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
-X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
-X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
-X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
-
-=head1 SYNOPSIS
-
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-
-=head1 DESCRIPTION
-
-X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
-and B<ASN1_OBJECT> structure.
-
-X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
-and B<ASN1_STRING> structure.
-
-X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
-
-X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
-B<type> and value determined by B<bytes> and B<len>.
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
-B<X509_NAME_ENTRY> structure.
-
-=head1 NOTES
-
-X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
-used to examine an B<X509_NAME_ENTRY> function as returned by 
-X509_NAME_get_entry() for example.
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
-X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
-are seldom used in practice because B<X509_NAME_ENTRY> structures
-are almost always part of B<X509_NAME> structures and the
-corresponding B<X509_NAME> functions are typically used to
-create and add new entries in a single operation.
-
-The arguments of these functions support similar options to the similarly
-named ones of the corresponding B<X509_NAME> functions such as
-X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
-B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
-set first so the relevant field information can be looked up internally.
-
-=head1 RETURN VALUES
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
deleted file mode 100644
index e2ab4b0d2b..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
+++ /dev/null
@@ -1,114 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
-X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
-
-=head1 SYNOPSIS
-
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
-
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-
-=head1 DESCRIPTION
-
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
-X509_NAME_add_entry_by_NID() add a field whose name is defined
-by a string B<field>, an object B<obj> or a NID B<nid> respectively.
-The field value to be added is in B<bytes> of length B<len>. If
-B<len> is -1 then the field length is calculated internally using
-strlen(bytes).
-
-The type of field is determined by B<type> which can either be a
-definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
-standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
-added to a position determined by B<loc> and B<set>.
-
-X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
-to B<name>. The new entry is added to a position determined by B<loc>
-and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
-the call.
-
-X509_NAME_delete_entry() deletes an entry from B<name> at position
-B<loc>. The deleted entry is returned and must be freed up.
-
-=head1 NOTES
-
-The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
-is strongly recommened for the B<type> parameter. This allows the
-internal code to correctly determine the type of the field and to
-apply length checks according to the relevant standards. This is
-done using ASN1_STRING_set_by_NID().
-
-If instead an ASN1 type is used no checks are performed and the
-supplied data in B<bytes> is used directly.
-
-In X509_NAME_add_entry_by_txt() the B<field> string represents
-the field name using OBJ_txt2obj(field, 0).
-
-The B<loc> and B<set> parameters determine where a new entry should
-be added. For almost all applications B<loc> can be set to -1 and B<set>
-to 0. This adds a new entry to the end of B<name> as a single valued
-RelativeDistinguishedName (RDN).
-
-B<loc> actually determines the index where the new entry is inserted:
-if it is -1 it is appended. 
-
-B<set> determines how the new type is added. If it is zero a
-new RDN is created.
-
-If B<set> is -1 or 1 it is added to the previous or next RDN
-structure respectively. This will then be a multivalued RDN:
-since multivalues RDNs are very seldom used B<set> is almost
-always set to zero.
-
-=head1 EXAMPLES
-
-Create an B<X509_NAME> structure:
-
-"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
-
- X509_NAME *nm;
- nm = X509_NAME_new();
- if (nm == NULL)
-        /* Some error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "C", "UK", -1, -1, 0))
-        /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "O", "Disorganized Organization", -1, -1, 0))
-        /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "CN", "Joe Bloggs", -1, -1, 0))
-        /* Error */
-
-=head1 RETURN VALUES
-
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
-X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
-success of 0 if an error occurred.
-
-X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
-structure of B<NULL> if an error occurred.
-
-=head1 BUGS
-
-B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
-different algorithm to determine field types. Since this form does
-not understand multicharacter types, performs no length checks and
-can result in invalid field types its use is strongly discouraged.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
deleted file mode 100644
index 333323d734..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ /dev/null
@@ -1,106 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
-X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
-X509_NAME lookup and enumeration functions
-
-=head1 SYNOPSIS
-
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-
-int X509_NAME_entry_count(X509_NAME *name);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
-
-=head1 DESCRIPTION
-
-These functions allow an B<X509_NAME> structure to be examined. The
-B<X509_NAME> structure is the same as the B<Name> type defined in
-RFC2459 (and elsewhere) and used for example in certificate subject
-and issuer names.
-
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
-the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
-should initially be set to -1. If there are no more entries -1 is returned.
-
-X509_NAME_entry_count() returns the total number of entries in B<name>.
-
-X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
-corresponding to index B<loc>. Acceptable values for B<loc> run from
-0 to (X509_NAME_entry_count(name) - 1). The value returned is an
-internal pointer which must not be freed.
-
-X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
-the "text" from the first entry in B<name> which matches B<nid> or
-B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
-will be written and the text written to B<buf> will be null
-terminated. The length of the output string written is returned
-excluding the terminating null. If B<buf> is <NULL> then the amount
-of space needed in B<buf> (excluding the final null) is returned. 
-
-=head1 NOTES
-
-X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
-legacy functions which have various limitations which make them
-of minimal use in practice. They can only find the first matching
-entry and will copy the contents of the field verbatim: this can
-be highly confusing if the target is a muticharacter string type
-like a BMPString or a UTF8String.
-
-For a more general solution X509_NAME_get_index_by_NID() or
-X509_NAME_get_index_by_OBJ() should be used followed by
-X509_NAME_get_entry() on any matching indices and then the
-various B<X509_NAME_ENTRY> utility functions on the result.
-
-=head1 EXAMPLES
-
-Process all entries:
-
- int i;
- X509_NAME_ENTRY *e;
-
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
-        {
-        e = X509_NAME_get_entry(nm, i);
-        /* Do something with e */
-        }
-
-Process all commonName entries:
-
- int loc;
- X509_NAME_ENTRY *e;
-
- loc = -1;
- for (;;)
-        {
-        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
-        if (lastpos == -1)
-                break;
-        e = X509_NAME_get_entry(nm, lastpos);
-        /* Do something with e */
-        }
-
-=head1 RETURN VALUES
-
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
-return the index of the next matching entry or -1 if not found.
-
-X509_NAME_entry_count() returns the total number of entries.
-
-X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
-requested entry or B<NULL> if the index is invalid.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
deleted file mode 100644
index 919b908919..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
-X509_NAME_oneline - X509_NAME printing routines.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
- int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
- char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
- int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-
-=head1 DESCRIPTION
-
-X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
-line (for multiline formats) is indented by B<indent> spaces. The output format
-can be extensively customised by use of the B<flags> parameter.
-
-X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
-written to FILE pointer B<fp>.
-
-X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
-bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
-and returned, otherwise B<buf> is returned.
-
-X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
-
-=head1 NOTES
-
-The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
-produce a non standard output form, they don't handle multi character fields and
-have various quirks and inconsistencies. Their use is strongly discouraged in new
-applications.
-
-Although there are a large number of possible flags for most purposes
-B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
-As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
-for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
-B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
-
-The complete set of the flags supported by X509_NAME_print_ex() is listed below.
-
-Several options can be ored together.
-
-The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
-B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
-to use. Two distinct separators are used between distinct RelativeDistinguishedName
-components and separate values in the same RDN for a multi-valued RDN. Multi-valued
-RDNs are currently very rare so the second separator will hardly ever be used.
-
-B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
-uses comma and plus with spaces: this is more readable that plain comma and plus.
-B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
-spaced newline and plus respectively.
-
-If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
-
-The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
-B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
-use the short name (e.g. CN) the long name (e.g. commonName) always
-use OID numerical form (normally OIDs are only used if the field name is not
-recognised) and no field name respectively.
-
-If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
-separating field names and values.
-
-If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
-printed instead of the values.
-
-If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
-is only of use for multiline format.
-
-Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
-control how each field value is displayed.
-
-In addition a number options can be set for commonly used formats.
-
-B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
-is equivalent to:
- B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
-
-
-B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
- B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
-
-B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
- B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
-
-B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
-
-=head1 SEE ALSO
-
-L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
deleted file mode 100644
index fd5fc65ce1..0000000000
--- a/src/lib/libcrypto/doc/X509_new.pod
+++ /dev/null
@@ -1,37 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_new, X509_free - X509 certificate ASN1 allocation functions
-
-=head1 SYNOPSIS
-
- X509 *X509_new(void);
- void X509_free(X509 *a);
-
-=head1 DESCRIPTION
-
-The X509 ASN1 allocation routines, allocate and free an
-X509 structure, which represents an X509 certificate.
-
-X509_new() allocates and initializes a X509 structure.
-
-X509_free() frees up the B<X509> structure B<a>.
-
-=head1 RETURN VALUES
-
-If the allocation fails, X509_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-Otherwise it returns a pointer to the newly allocated structure.
-
-X509_free() returns no value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
deleted file mode 100644
index 210dfeac08..0000000000
--- a/src/lib/libcrypto/doc/bn.pod
+++ /dev/null
@@ -1,158 +0,0 @@
-=pod
-
-=head1 NAME
-
-bn - multiprecision integer arithmetics
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_new(void);
- void BN_free(BIGNUM *a);
- void BN_init(BIGNUM *);
- void BN_clear(BIGNUM *a);
- void BN_clear_free(BIGNUM *a);
-
- BN_CTX *BN_CTX_new(void);
- void BN_CTX_init(BN_CTX *c);
- void BN_CTX_free(BN_CTX *c);
-
- BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
- BIGNUM *BN_dup(const BIGNUM *a);
-
- BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
-
- int BN_num_bytes(const BIGNUM *a);
- int BN_num_bits(const BIGNUM *a);
- int BN_num_bits_word(BN_ULONG w);
-
- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
-         BN_CTX *ctx);
- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-         const BIGNUM *m, BN_CTX *ctx);
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
- int BN_add_word(BIGNUM *a, BN_ULONG w);
- int BN_sub_word(BIGNUM *a, BN_ULONG w);
- int BN_mul_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
-
- int BN_zero(BIGNUM *a);
- int BN_one(BIGNUM *a);
- const BIGNUM *BN_value_one(void);
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
-
- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
-
- BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
-         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
- int BN_is_prime(const BIGNUM *p, int nchecks,
-         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
-
- int BN_set_bit(BIGNUM *a, int n);
- int BN_clear_bit(BIGNUM *a, int n);
- int BN_is_bit_set(const BIGNUM *a, int n);
- int BN_mask_bits(BIGNUM *a, int n);
- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
- int BN_lshift1(BIGNUM *r, BIGNUM *a);
- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- int BN_rshift1(BIGNUM *r, BIGNUM *a);
-
- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
- char *BN_bn2hex(const BIGNUM *a);
- char *BN_bn2dec(const BIGNUM *a);
- int BN_hex2bn(BIGNUM **a, const char *str);
- int BN_dec2bn(BIGNUM **a, const char *str);
- int BN_print(BIO *fp, const BIGNUM *a);
- int BN_print_fp(FILE *fp, const BIGNUM *a);
- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
-
- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
-     BN_CTX *ctx);
-
- BN_RECP_CTX *BN_RECP_CTX_new(void);
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-        BN_RECP_CTX *recp, BN_CTX *ctx);
-
- BN_MONT_CTX *BN_MONT_CTX_new(void);
- void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-         BN_MONT_CTX *mont, BN_CTX *ctx);
- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
-
-
-=head1 DESCRIPTION
-
-This library performs arithmetic operations on integers of arbitrary
-size. It was written for use in public key cryptography, such as RSA
-and Diffie-Hellman.
-
-It uses dynamic memory allocation for storing its data structures.
-That means that there is no limit on the size of the numbers
-manipulated by these functions, but return values must always be
-checked in case a memory allocation error has occurred.
-
-The basic object in this library is a B<BIGNUM>. It is used to hold a
-single large integer. This type should be considered opaque and fields
-should not be modified or accessed directly.
-
-The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
-L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
-Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
-describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
-random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
-numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
-of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
-
-=head1 SEE ALSO
-
-L<bn_internal(3)|bn_internal(3)>,
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
-L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
-L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
-L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
-L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
-L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
-L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod b/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
deleted file mode 100644
index 45bb18492c..0000000000
--- a/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
-
-=head1 SYNOPSIS
-
- #include <openssl/objects.h>
-
- ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
- int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an ASN1 OBJECT IDENTIFIER.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_DHparams.pod b/src/lib/libcrypto/doc/d2i_DHparams.pod
deleted file mode 100644
index 1e98aebeca..0000000000
--- a/src/lib/libcrypto/doc/d2i_DHparams.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(DH *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode PKCS#3 DH parameters using the
-DHparameter structure described in PKCS#3.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
deleted file mode 100644
index 22c1b50f22..0000000000
--- a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
+++ /dev/null
@@ -1,83 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
-d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
-and parsing functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/x509.h>
-
- DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAparams(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
-
- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
-components structure.
-
-d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
-a SubjectPublicKeyInfo (certificate public key) structure.
-
-d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
-components.
-
-d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
-a B<Dss-Parms> structure as defined in RFC2459.
-
-d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
-B<Dss-Sig-Value> structure as defined in RFC2459.
-
-The usage of all of these functions is similar to the d2i_X509() and
-i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 NOTES
-
-The B<DSA> structure passed to the private key encoding functions should have
-all the private key components present.
-
-The data encoded by the private key functions is unencrypted and therefore 
-offers no private key security.
-
-The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
-functions when encoding public keys because they use a standard format.
-
-The B<DSAPublicKey> functions use an non standard format the actual data encoded
-depends on the value of the B<write_params> field of the B<a> key parameter.
-If B<write_params> is zero then only the B<pub_key> field is encoded as an
-B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
-B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
-
-The B<DSAPrivateKey> functions also use a non standard structure consiting
-consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
-B<priv_key> fields respectively.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
deleted file mode 100644
index 279b29c873..0000000000
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
-d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
-d2i_Netscape_RSA - RSA public and private key encoding functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
- #include <openssl/x509.h>
-
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
-
- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
-
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-
- int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-
-=head1 DESCRIPTION
-
-d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
-structure.
-
-d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
-a SubjectPublicKeyInfo (certificate public key) structure.
-
-d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
-structure.
-
-d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
-NET format.
-
-The usage of all of these functions is similar to the d2i_X509() and
-i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 NOTES
-
-The B<RSA> structure passed to the private key encoding functions should have
-all the PKCS#1 private key components present.
-
-The data encoded by the private key functions is unencrypted and therefore 
-offers no private key security. 
-
-The NET format functions are present to provide compatibility with certain very
-old software. This format has some severe security weaknesses and should be
-avoided if possible.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
deleted file mode 100644
index 5e3c3d0985..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509.pod
+++ /dev/null
@@ -1,231 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
-i2d_X509_fp - X509 encode and decode functions
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509 *d2i_X509(X509 **px, unsigned char **in, int len);
- int i2d_X509(X509 *x, unsigned char **out);
-
- X509 *d2i_X509_bio(BIO *bp, X509 **x);
- X509 *d2i_X509_fp(FILE *fp, X509 **x);
-
- int i2d_X509_bio(X509 *x, BIO *bp);
- int i2d_X509_fp(X509 *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-The X509 encode and decode routines encode and parse an
-B<X509> structure, which represents an X509 certificate.
-
-d2i_X509() attempts to decode B<len> bytes at B<*out>. If 
-successful a pointer to the B<X509> structure is returned. If an error
-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
-returned structure is written to B<*px>. If B<*px> is not B<NULL>
-then it is assumed that B<*px> contains a valid B<X509>
-structure and an attempt is made to reuse it. If the call is
-successful B<*out> is incremented to the byte following the
-parsed data.
-
-i2d_X509() encodes the structure pointed to by B<x> into DER format.
-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
-at B<*out>, and increments it to point after the data just written.
-If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data. 
-
-For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
-allocated for a buffer and the encoded data written to it. In this
-case B<*out> is not incremented and it points to the start of the
-data just written.
-
-d2i_X509_bio() is similar to d2i_X509() except it attempts
-to parse data from BIO B<bp>.
-
-d2i_X509_fp() is similar to d2i_X509() except it attempts
-to parse data from FILE pointer B<fp>.
-
-i2d_X509_bio() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-
-i2d_X509_fp() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-
-=head1 NOTES
-
-The letters B<i> and B<d> in for example B<i2d_X509> stand for
-"internal" (that is an internal C structure) and "DER". So that
-B<i2d_X509> converts from internal to DER.
-
-The functions can also understand B<BER> forms.
-
-The actual X509 structure passed to i2d_X509() must be a valid
-populated B<X509> structure it can B<not> simply be fed with an
-empty structure such as that returned by X509_new().
-
-The encoded data is in binary form and may contain embedded zeroes.
-Therefore any FILE pointers or BIOs should be opened in binary mode.
-Functions such as B<strlen()> will B<not> return the correct length
-of the encoded structure.
-
-The ways that B<*in> and B<*out> are incremented after the operation
-can trap the unwary. See the B<WARNINGS> section for some common
-errors.
-
-The reason for the auto increment behaviour is to reflect a typical
-usage of ASN1 functions: after one structure is encoded or decoded
-another will processed after it.
-
-=head1 EXAMPLES
-
-Allocate and encode the DER encoding of an X509 structure:
-
- int len;
- unsigned char *buf, *p;
-
- len = i2d_X509(x, NULL);
-
- buf = OPENSSL_malloc(len);
-
- if (buf == NULL)
-        /* error */
-
- p = buf;
-
- i2d_X509(x, &p);
-
-If you are using OpenSSL 0.9.7 or later then this can be
-simplified to:
-
-
- int len;
- unsigned char *buf;
-
- buf = NULL;
-
- len = i2d_X509(x, &buf);
-
- if (len < 0)
-        /* error */
-
-Attempt to decode a buffer:
-
- X509 *x;
-
- unsigned char *buf, *p;
-
- int len;
-
- /* Something to setup buf and len */
-
- p = buf;
-
- x = d2i_X509(NULL, &p, len);
-
- if (x == NULL)
-    /* Some error */
-
-Alternative technique:
-
- X509 *x;
-
- unsigned char *buf, *p;
-
- int len;
-
- /* Something to setup buf and len */
-
- p = buf;
-
- x = NULL;
-
- if(!d2i_X509(&x, &p, len))
-    /* Some error */
-
-
-=head1 WARNINGS
-
-The use of temporary variable is mandatory. A common
-mistake is to attempt to use a buffer directly as follows:
-
- int len;
- unsigned char *buf;
-
- len = i2d_X509(x, NULL);
-
- buf = OPENSSL_malloc(len);
-
- if (buf == NULL)
-        /* error */
-
- i2d_X509(x, &buf);
-
- /* Other stuff ... */
-
- OPENSSL_free(buf);
-
-This code will result in B<buf> apparently containing garbage because
-it was incremented after the call to point after the data just written.
-Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
-and the subsequent call to B<OPENSSL_free()> may well crash.
-
-The auto allocation feature (setting buf to NULL) only works on OpenSSL
-0.9.7 and later. Attempts to use it on earlier versions will typically
-cause a segmentation violation.
-
-Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
-
- X509 *x;
-
- if (!d2i_X509(&x, &p, len))
-        /* Some error */
-
-This will probably crash somewhere in B<d2i_X509()>. The reason for this
-is that the variable B<x> is uninitialized and an attempt will be made to
-interpret its (invalid) value as an B<X509> structure, typically causing
-a segmentation violation. If B<x> is set to NULL first then this will not
-happen.
-
-=head1 BUGS
-
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
-B<*px> is valid is broken and some parts of the reused structure may
-persist if they are not present in the new one. As a result the use
-of this "reuse" behaviour is strongly discouraged.
-
-i2d_X509() will not return an error in many versions of OpenSSL,
-if mandatory fields are not initialized due to a programming error
-then the encoded structure may contain invalid data or omit the
-fields entirely and will not be parsed by d2i_X509(). This may be
-fixed in future so code should not assume that i2d_X509() will
-always succeed.
-
-=head1 RETURN VALUES
-
-d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
-or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. 
-
-i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
-successfully encoded or a negative value if an error occurs. The error code
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
-
-i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
-are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
deleted file mode 100644
index 9e5cd92ca7..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
- int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an B<X509_ALGOR> structure which is
-equivalent to the B<AlgorithmIdentifier> structure.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
deleted file mode 100644
index 06c5b23c09..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_CRL.pod
+++ /dev/null
@@ -1,37 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
-i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length);
- int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
-
- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
- X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
-
- int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
- int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an X509 CRL (certificate revocation
-list).
-
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_NAME.pod b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
deleted file mode 100644
index 343ffe1519..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_NAME.pod
+++ /dev/null
@@ -1,31 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
- int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an B<X509_NAME> structure which is the
-the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
-for example in certificate subject and issuer names.
-
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
deleted file mode 100644
index be4ad68257..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_REQ.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
-i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length);
- int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
-
- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
- X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
-
- int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
- int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode a PKCS#10 certificate request.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_SIG.pod b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
deleted file mode 100644
index e48fd79a51..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_SIG.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
- int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an X509_SIG structure which is
-equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
deleted file mode 100644
index c3ccd06207..0000000000
--- a/src/lib/libcrypto/doc/dh.pod
+++ /dev/null
@@ -1,78 +0,0 @@
-=pod
-
-=head1 NAME
-
-dh - Diffie-Hellman key agreement
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
- #include <openssl/engine.h>
-
- DH *   DH_new(void);
- void   DH_free(DH *dh);
-
- int    DH_size(const DH *dh);
-
- DH *   DH_generate_parameters(int prime_len, int generator,
-                void (*callback)(int, int, void *), void *cb_arg);
- int    DH_check(const DH *dh, int *codes);
-
- int    DH_generate_key(DH *dh);
- int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
- void DH_set_default_method(const DH_METHOD *meth);
- const DH_METHOD *DH_get_default_method(void);
- int DH_set_method(DH *dh, const DH_METHOD *meth);
- DH *DH_new_method(ENGINE *engine);
- const DH_METHOD *DH_OpenSSL(void);
-
- int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-             int (*dup_func)(), void (*free_func)());
- int DH_set_ex_data(DH *d, int idx, char *arg);
- char *DH_get_ex_data(DH *d, int idx);
-
- DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
- int    i2d_DHparams(const DH *a, unsigned char **pp);
-
- int    DHparams_print_fp(FILE *fp, const DH *x);
- int    DHparams_print(BIO *bp, const DH *x);
-
-=head1 DESCRIPTION
-
-These functions implement the Diffie-Hellman key agreement protocol.
-The generation of shared DH parameters is described in
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
-to perform a key agreement.
-
-The B<DH> structure consists of several BIGNUM components.
-
- struct
-        {
-        BIGNUM *p;              // prime number (shared)
-        BIGNUM *g;              // generator of Z_p (shared)
-        BIGNUM *priv_key;       // private DH value x
-        BIGNUM *pub_key;        // public DH value g^x
-        // ...
-        };
- DH
-
-Note that DH keys may use non-standard B<DH_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using DH
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 SEE ALSO
-
-L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
-L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
-L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
-L<RSA_print(3)|RSA_print(3)> 
-
-=cut
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
deleted file mode 100644
index ae2e5d81f9..0000000000
--- a/src/lib/libcrypto/doc/dsa.pod
+++ /dev/null
@@ -1,113 +0,0 @@
-=pod
-
-=head1 NAME
-
-dsa - Digital Signature Algorithm
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/engine.h>
-
- DSA *  DSA_new(void);
- void   DSA_free(DSA *dsa);
-
- int    DSA_size(const DSA *dsa);
-
- DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
-                int seed_len, int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *), void *cb_arg);
-
- DH *   DSA_dup_DH(const DSA *r);
-
- int    DSA_generate_key(DSA *dsa);
-
- int    DSA_sign(int dummy, const unsigned char *dgst, int len,
-                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-                BIGNUM **rp);
- int    DSA_verify(int dummy, const unsigned char *dgst, int len,
-                const unsigned char *sigbuf, int siglen, DSA *dsa);
-
- void DSA_set_default_method(const DSA_METHOD *meth);
- const DSA_METHOD *DSA_get_default_method(void);
- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
- DSA *DSA_new_method(ENGINE *engine);
- const DSA_METHOD *DSA_OpenSSL(void);
-
- int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-             int (*dup_func)(), void (*free_func)());
- int DSA_set_ex_data(DSA *d, int idx, char *arg);
- char *DSA_get_ex_data(DSA *d, int idx);
-
- DSA_SIG *DSA_SIG_new(void);
- void   DSA_SIG_free(DSA_SIG *a);
- int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int    DSA_do_verify(const unsigned char *dgst, int dgst_len,
-             DSA_SIG *sig, DSA *dsa);
-
- DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
- DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
- DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
- int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
- int    i2d_DSAparams(const DSA *a,unsigned char **pp);
-
- int    DSAparams_print(BIO *bp, const DSA *x);
- int    DSAparams_print_fp(FILE *fp, const DSA *x);
- int    DSA_print(BIO *bp, const DSA *x, int off);
- int    DSA_print_fp(FILE *bp, const DSA *x, int off);
-
-=head1 DESCRIPTION
-
-These functions implement the Digital Signature Algorithm (DSA).  The
-generation of shared DSA parameters is described in
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
-L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
-generate a signature key. Signature generation and verification are
-described in L<DSA_sign(3)|DSA_sign(3)>.
-
-The B<DSA> structure consists of several BIGNUM components.
-
- struct
-        {
-        BIGNUM *p;              // prime number (public)
-        BIGNUM *q;              // 160-bit subprime, q | p-1 (public)
-        BIGNUM *g;              // generator of subgroup (public)
-        BIGNUM *priv_key;       // private key x
-        BIGNUM *pub_key;        // public key y = g^x
-        // ...
-        }
- DSA;
-
-In public keys, B<priv_key> is NULL.
-
-Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using DSA
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 CONFORMING TO
-
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
-L<DSA_size(3)|DSA_size(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>,
-L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
-L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
-L<RSA_print(3)|RSA_print(3)>
-
-=cut
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
deleted file mode 100644
index c77dad5562..0000000000
--- a/src/lib/libcrypto/doc/engine.pod
+++ /dev/null
@@ -1,621 +0,0 @@
-=pod
-
-=head1 NAME
-
-engine - ENGINE cryptographic module support
-
-=head1 SYNOPSIS
-
- #include <openssl/engine.h>
-
- ENGINE *ENGINE_get_first(void);
- ENGINE *ENGINE_get_last(void);
- ENGINE *ENGINE_get_next(ENGINE *e);
- ENGINE *ENGINE_get_prev(ENGINE *e);
-
- int ENGINE_add(ENGINE *e);
- int ENGINE_remove(ENGINE *e);
-
- ENGINE *ENGINE_by_id(const char *id);
-
- int ENGINE_init(ENGINE *e);
- int ENGINE_finish(ENGINE *e);
-
- void ENGINE_load_openssl(void);
- void ENGINE_load_dynamic(void);
- void ENGINE_load_cswift(void);
- void ENGINE_load_chil(void);
- void ENGINE_load_atalla(void);
- void ENGINE_load_nuron(void);
- void ENGINE_load_ubsec(void);
- void ENGINE_load_aep(void);
- void ENGINE_load_sureware(void);
- void ENGINE_load_4758cca(void);
- void ENGINE_load_openbsd_dev_crypto(void);
- void ENGINE_load_builtin_engines(void);
-
- void ENGINE_cleanup(void);
-
- ENGINE *ENGINE_get_default_RSA(void);
- ENGINE *ENGINE_get_default_DSA(void);
- ENGINE *ENGINE_get_default_DH(void);
- ENGINE *ENGINE_get_default_RAND(void);
- ENGINE *ENGINE_get_cipher_engine(int nid);
- ENGINE *ENGINE_get_digest_engine(int nid);
-
- int ENGINE_set_default_RSA(ENGINE *e);
- int ENGINE_set_default_DSA(ENGINE *e);
- int ENGINE_set_default_DH(ENGINE *e);
- int ENGINE_set_default_RAND(ENGINE *e);
- int ENGINE_set_default_ciphers(ENGINE *e);
- int ENGINE_set_default_digests(ENGINE *e);
- int ENGINE_set_default_string(ENGINE *e, const char *list);
-
- int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
- unsigned int ENGINE_get_table_flags(void);
- void ENGINE_set_table_flags(unsigned int flags);
-
- int ENGINE_register_RSA(ENGINE *e);
- void ENGINE_unregister_RSA(ENGINE *e);
- void ENGINE_register_all_RSA(void);
- int ENGINE_register_DSA(ENGINE *e);
- void ENGINE_unregister_DSA(ENGINE *e);
- void ENGINE_register_all_DSA(void);
- int ENGINE_register_DH(ENGINE *e);
- void ENGINE_unregister_DH(ENGINE *e);
- void ENGINE_register_all_DH(void);
- int ENGINE_register_RAND(ENGINE *e);
- void ENGINE_unregister_RAND(ENGINE *e);
- void ENGINE_register_all_RAND(void);
- int ENGINE_register_ciphers(ENGINE *e);
- void ENGINE_unregister_ciphers(ENGINE *e);
- void ENGINE_register_all_ciphers(void);
- int ENGINE_register_digests(ENGINE *e);
- void ENGINE_unregister_digests(ENGINE *e);
- void ENGINE_register_all_digests(void);
- int ENGINE_register_complete(ENGINE *e);
- int ENGINE_register_all_complete(void);
-
- int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
- int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
- int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-         long i, void *p, void (*f)(), int cmd_optional);
- int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-                 int cmd_optional);
-
- int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
- void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
- int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
- ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
-
- int ENGINE_set_id(ENGINE *e, const char *id);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
- int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
- int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
- int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
- int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
- int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
- int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
- int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
- int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
- int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
- int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
- int ENGINE_set_flags(ENGINE *e, int flags);
- int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-
- const char *ENGINE_get_id(const ENGINE *e);
- const char *ENGINE_get_name(const ENGINE *e);
- const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
- const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
- const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
- const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
- ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
- ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
- ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
- ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
- ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
- const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
- const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
- int ENGINE_get_flags(const ENGINE *e);
- const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-
- EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-     UI_METHOD *ui_method, void *callback_data);
- EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-     UI_METHOD *ui_method, void *callback_data);
-
- void ENGINE_add_conf_module(void);
-
-=head1 DESCRIPTION
-
-These functions create, manipulate, and use cryptographic modules in the
-form of B<ENGINE> objects. These objects act as containers for
-implementations of cryptographic algorithms, and support a
-reference-counted mechanism to allow them to be dynamically loaded in and
-out of the running application.
-
-The cryptographic functionality that can be provided by an B<ENGINE>
-implementation includes the following abstractions;
-
- RSA_METHOD - for providing alternative RSA implementations
- DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
- EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
- EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
- key-loading - loading public and/or private EVP_PKEY keys
-
-=head2 Reference counting and handles
-
-Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
-treated as handles - ie. not only as pointers, but also as references to
-the underlying ENGINE object. Ie. you should obtain a new reference when
-making copies of an ENGINE pointer if the copies will be used (and
-released) independantly.
-
-ENGINE objects have two levels of reference-counting to match the way in
-which the objects are used. At the most basic level, each ENGINE pointer is
-inherently a B<structural> reference - you need a structural reference
-simply to refer to the pointer value at all, as this kind of reference is
-your guarantee that the structure can not be deallocated until you release
-your reference.
-
-However, a structural reference provides no guarantee that the ENGINE has
-been initiliased to be usable to perform any of its cryptographic
-implementations - and indeed it's quite possible that most ENGINEs will not
-initialised at all on standard setups, as ENGINEs are typically used to
-support specialised hardware. To use an ENGINE's functionality, you need a
-B<functional> reference. This kind of reference can be considered a
-specialised form of structural reference, because each functional reference
-implicitly contains a structural reference as well - however to avoid
-difficult-to-find programming bugs, it is recommended to treat the two
-kinds of reference independantly. If you have a functional reference to an
-ENGINE, you have a guarantee that the ENGINE has been initialised ready to
-perform cryptographic operations and will not be uninitialised or cleaned
-up until after you have released your reference.
-
-We will discuss the two kinds of reference separately, including how to
-tell which one you are dealing with at any given point in time (after all
-they are both simply (ENGINE *) pointers, the difference is in the way they
-are used).
-
-I<Structural references>
-
-This basic type of reference is typically used for creating new ENGINEs
-dynamically, iterating across OpenSSL's internal linked-list of loaded
-ENGINEs, reading information about an ENGINE, etc. Essentially a structural
-reference is sufficient if you only need to query or manipulate the data of
-an ENGINE implementation rather than use its functionality.
-
-The ENGINE_new() function returns a structural reference to a new (empty)
-ENGINE object. Other than that, structural references come from return
-values to various ENGINE API functions such as; ENGINE_by_id(),
-ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
-ENGINE_get_prev(). All structural references should be released by a
-corresponding to call to the ENGINE_free() function - the ENGINE object
-itself will only actually be cleaned up and deallocated when the last
-structural reference is released.
-
-It should also be noted that many ENGINE API function calls that accept a
-structural reference will internally obtain another reference - typically
-this happens whenever the supplied ENGINE will be needed by OpenSSL after
-the function has returned. Eg. the function to add a new ENGINE to
-OpenSSL's internal list is ENGINE_add() - if this function returns success,
-then OpenSSL will have stored a new structural reference internally so the
-caller is still responsible for freeing their own reference with
-ENGINE_free() when they are finished with it. In a similar way, some
-functions will automatically release the structural reference passed to it
-if part of the function's job is to do so. Eg. the ENGINE_get_next() and
-ENGINE_get_prev() functions are used for iterating across the internal
-ENGINE list - they will return a new structural reference to the next (or
-previous) ENGINE in the list or NULL if at the end (or beginning) of the
-list, but in either case the structural reference passed to the function is
-released on behalf of the caller.
-
-To clarify a particular function's handling of references, one should
-always consult that function's documentation "man" page, or failing that
-the openssl/engine.h header file includes some hints.
-
-I<Functional references>
-
-As mentioned, functional references exist when the cryptographic
-functionality of an ENGINE is required to be available. A functional
-reference can be obtained in one of two ways; from an existing structural
-reference to the required ENGINE, or by asking OpenSSL for the default
-operational ENGINE for a given cryptographic purpose.
-
-To obtain a functional reference from an existing structural reference,
-call the ENGINE_init() function. This returns zero if the ENGINE was not
-already operational and couldn't be successfully initialised (eg. lack of
-system drivers, no special hardware attached, etc), otherwise it will
-return non-zero to indicate that the ENGINE is now operational and will
-have allocated a new B<functional> reference to the ENGINE. In this case,
-the supplied ENGINE pointer is, from the point of the view of the caller,
-both a structural reference and a functional reference - so if the caller
-intends to use it as a functional reference it should free the structural
-reference with ENGINE_free() first. If the caller wishes to use it only as
-a structural reference (eg. if the ENGINE_init() call was simply to test if
-the ENGINE seems available/online), then it should free the functional
-reference; all functional references are released by the ENGINE_finish()
-function.
-
-The second way to get a functional reference is by asking OpenSSL for a
-default implementation for a given task, eg. by ENGINE_get_default_RSA(),
-ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
-section, though they are not usually required by application programmers as
-they are used automatically when creating and using the relevant
-algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
-
-=head2 Default implementations
-
-For each supported abstraction, the ENGINE code maintains an internal table
-of state to control which implementations are available for a given
-abstraction and which should be used by default. These implementations are
-registered in the tables separated-out by an 'nid' index, because
-abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
-algorithms and modes - ENGINEs will support different numbers and
-combinations of these. In the case of other abstractions like RSA, DSA,
-etc, there is only one "algorithm" so all implementations implicitly
-register using the same 'nid' index. ENGINEs can be B<registered> into
-these tables to make themselves available for use automatically by the
-various abstractions, eg. RSA. For illustrative purposes, we continue with
-the RSA example, though all comments apply similarly to the other
-abstractions (they each get their own table and linkage to the
-corresponding section of openssl code).
-
-When a new RSA key is being created, ie. in RSA_new_method(), a
-"get_default" call will be made to the ENGINE subsystem to process the RSA
-state table and return a functional reference to an initialised ENGINE
-whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
-will return NULL and the RSA key will operate with a NULL ENGINE handle by
-using the conventional RSA implementation in OpenSSL (and will from then on
-behave the way it used to before the ENGINE API existed - for details see
-L<RSA_new_method(3)|RSA_new_method(3)>).
-
-Each state table has a flag to note whether it has processed this
-"get_default" query since the table was last modified, because to process
-this question it must iterate across all the registered ENGINEs in the
-table trying to initialise each of them in turn, in case one of them is
-operational. If it returns a functional reference to an ENGINE, it will
-also cache another reference to speed up processing future queries (without
-needing to iterate across the table). Likewise, it will cache a NULL
-response if no ENGINE was available so that future queries won't repeat the
-same iteration unless the state table changes. This behaviour can also be
-changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
-ENGINE_set_table_flags()), no attempted initialisations will take place,
-instead the only way for the state table to return a non-NULL ENGINE to the
-"get_default" query will be if one is expressly set in the table. Eg.
-ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
-that it also sets the state table's cached response for the "get_default"
-query.
-
-In the case of abstractions like EVP_CIPHER, where implementations are
-indexed by 'nid', these flags and cached-responses are distinct for each
-'nid' value.
-
-It is worth illustrating the difference between "registration" of ENGINEs
-into these per-algorithm state tables and using the alternative
-"set_default" functions. The latter handles both "registration" and also
-setting the cached "default" ENGINE in each relevant state table - so
-registered ENGINEs will only have a chance to be initialised for use as a
-default if a default ENGINE wasn't already set for the same state table.
-Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
-ciphers {A} and DSA, and the following code is executed;
-
- ENGINE_register_complete(X);
- ENGINE_set_default(Y, ENGINE_METHOD_ALL);
- e1 = ENGINE_get_default_RSA();
- e2 = ENGINE_get_cipher_engine(A);
- e3 = ENGINE_get_cipher_engine(B);
- e4 = ENGINE_get_default_DSA();
- e5 = ENGINE_get_cipher_engine(C);
-
-The results would be as follows;
-
- assert(e1 == X);
- assert(e2 == Y);
- assert(e3 == X);
- assert(e4 == Y);
- assert(e5 == NULL);
-
-=head2 Application requirements
-
-This section will explain the basic things an application programmer should
-support to make the most useful elements of the ENGINE functionality
-available to the user. The first thing to consider is whether the
-programmer wishes to make alternative ENGINE modules available to the
-application and user. OpenSSL maintains an internal linked list of
-"visible" ENGINEs from which it has to operate - at start-up, this list is
-empty and in fact if an application does not call any ENGINE API calls and
-it uses static linking against openssl, then the resulting application
-binary will not contain any alternative ENGINE code at all. So the first
-consideration is whether any/all available ENGINE implementations should be
-made visible to OpenSSL - this is controlled by calling the various "load"
-functions, eg.
-
- /* Make the "dynamic" ENGINE available */
- void ENGINE_load_dynamic(void);
- /* Make the CryptoSwift hardware acceleration support available */
- void ENGINE_load_cswift(void);
- /* Make support for nCipher's "CHIL" hardware available */
- void ENGINE_load_chil(void);
- ...
- /* Make ALL ENGINE implementations bundled with OpenSSL available */
- void ENGINE_load_builtin_engines(void);
-
-Having called any of these functions, ENGINE objects would have been
-dynamically allocated and populated with these implementations and linked
-into OpenSSL's internal linked list. At this point it is important to
-mention an important API function;
-
- void ENGINE_cleanup(void);
-
-If no ENGINE API functions are called at all in an application, then there
-are no inherent memory leaks to worry about from the ENGINE functionality,
-however if any ENGINEs are "load"ed, even if they are never registered or
-used, it is necessary to use the ENGINE_cleanup() function to
-correspondingly cleanup before program exit, if the caller wishes to avoid
-memory leaks. This mechanism uses an internal callback registration table
-so that any ENGINE API functionality that knows it requires cleanup can
-register its cleanup details to be called during ENGINE_cleanup(). This
-approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
-at all that your program uses, yet doesn't automatically create linker
-dependencies to all possible ENGINE functionality - only the cleanup
-callbacks required by the functionality you do use will be required by the
-linker.
-
-The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
-the program and loaded into memory at run-time) does not mean they are
-"registered" or called into use by OpenSSL automatically - that behaviour
-is something for the application to have control over. Some applications
-will want to allow the user to specify exactly which ENGINE they want used
-if any is to be used at all. Others may prefer to load all support and have
-OpenSSL automatically use at run-time any ENGINE that is able to
-successfully initialise - ie. to assume that this corresponds to
-acceleration hardware attached to the machine or some such thing. There are
-probably numerous other ways in which applications may prefer to handle
-things, so we will simply illustrate the consequences as they apply to a
-couple of simple cases and leave developers to consider these and the
-source code to openssl's builtin utilities as guides.
-
-I<Using a specific ENGINE implementation>
-
-Here we'll assume an application has been configured by its user or admin
-to want to use the "ACME" ENGINE if it is available in the version of
-OpenSSL the application was compiled with. If it is available, it should be
-used by default for all RSA, DSA, and symmetric cipher operation, otherwise
-OpenSSL should use its builtin software as per usual. The following code
-illustrates how to approach this;
-
- ENGINE *e;
- const char *engine_id = "ACME";
- ENGINE_load_builtin_engines();
- e = ENGINE_by_id(engine_id);
- if(!e)
-     /* the engine isn't available */
-     return;
- if(!ENGINE_init(e)) {
-     /* the engine couldn't initialise, release 'e' */
-     ENGINE_free(e);
-     return;
- }
- if(!ENGINE_set_default_RSA(e))
-     /* This should only happen when 'e' can't initialise, but the previous
-      * statement suggests it did. */
-     abort();
- ENGINE_set_default_DSA(e);
- ENGINE_set_default_ciphers(e);
- /* Release the functional reference from ENGINE_init() */
- ENGINE_finish(e);
- /* Release the structural reference from ENGINE_by_id() */
- ENGINE_free(e);
-
-I<Automatically using builtin ENGINE implementations>
-
-Here we'll assume we want to load and register all ENGINE implementations
-bundled with OpenSSL, such that for any cryptographic algorithm required by
-OpenSSL - if there is an ENGINE that implements it and can be initialise,
-it should be used. The following code illustrates how this can work;
-
- /* Load all bundled ENGINEs into memory and make them visible */
- ENGINE_load_builtin_engines();
- /* Register all of them for every algorithm they collectively implement */
- ENGINE_register_all_complete();
-
-That's all that's required. Eg. the next time OpenSSL tries to set up an
-RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
-ENGINE_init() and if any of those succeed, that ENGINE will be set as the
-default for use with RSA from then on.
-
-=head2 Advanced configuration support
-
-There is a mechanism supported by the ENGINE framework that allows each
-ENGINE implementation to define an arbitrary set of configuration
-"commands" and expose them to OpenSSL and any applications based on
-OpenSSL. This mechanism is entirely based on the use of name-value pairs
-and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
-applications want to provide a transparent way for users to provide
-arbitrary configuration "directives" directly to such ENGINEs. It is also
-possible for the application to dynamically interrogate the loaded ENGINE
-implementations for the names, descriptions, and input flags of their
-available "control commands", providing a more flexible configuration
-scheme. However, if the user is expected to know which ENGINE device he/she
-is using (in the case of specialised hardware, this goes without saying)
-then applications may not need to concern themselves with discovering the
-supported control commands and simply prefer to allow settings to passed
-into ENGINEs exactly as they are provided by the user.
-
-Before illustrating how control commands work, it is worth mentioning what
-they are typically used for. Broadly speaking there are two uses for
-control commands; the first is to provide the necessary details to the
-implementation (which may know nothing at all specific to the host system)
-so that it can be initialised for use. This could include the path to any
-driver or config files it needs to load, required network addresses,
-smart-card identifiers, passwords to initialise password-protected devices,
-logging information, etc etc. This class of commands typically needs to be
-passed to an ENGINE B<before> attempting to initialise it, ie. before
-calling ENGINE_init(). The other class of commands consist of settings or
-operations that tweak certain behaviour or cause certain operations to take
-place, and these commands may work either before or after ENGINE_init(), or
-in same cases both. ENGINE implementations should provide indications of
-this in the descriptions attached to builtin control commands and/or in
-external product documentation.
-
-I<Issuing control commands to an ENGINE>
-
-Let's illustrate by example; a function for which the caller supplies the
-name of the ENGINE it wishes to use, a table of string-pairs for use before
-initialisation, and another table for use after initialisation. Note that
-the string-pairs used for control commands consist of a command "name"
-followed by the command "parameter" - the parameter could be NULL in some
-cases but the name can not. This function should initialise the ENGINE
-(issuing the "pre" commands beforehand and the "post" commands afterwards)
-and set it as the default for everything except RAND and then return a
-boolean success or failure.
-
- int generic_load_engine_fn(const char *engine_id,
-                            const char **pre_cmds, int pre_num,
-                            const char **post_cmds, int post_num)
- {
-     ENGINE *e = ENGINE_by_id(engine_id);
-     if(!e) return 0;
-     while(pre_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
-             ENGINE_free(e);
-             return 0;
-         }
-         pre_cmds += 2;
-     }
-     if(!ENGINE_init(e)) {
-         fprintf(stderr, "Failed initialisation\n");
-         ENGINE_free(e);
-         return 0;
-     }
-     /* ENGINE_init() returned a functional reference, so free the structural
-      * reference from ENGINE_by_id(). */
-     ENGINE_free(e);
-     while(post_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
-             ENGINE_finish(e);
-             return 0;
-         }
-         post_cmds += 2;
-     }
-     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
-     /* Success */
-     return 1;
- }
-
-Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
-relax the semantics of the function - if set non-zero it will only return
-failure if the ENGINE supported the given command name but failed while
-executing it, if the ENGINE doesn't support the command name it will simply
-return success without doing anything. In this case we assume the user is
-only supplying commands specific to the given ENGINE so we set this to
-FALSE.
-
-I<Discovering supported control commands>
-
-It is possible to discover at run-time the names, numerical-ids, descriptions
-and input parameters of the control commands supported from a structural
-reference to any ENGINE. It is first important to note that some control
-commands are defined by OpenSSL itself and it will intercept and handle these
-control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
-used for the control command. openssl/engine.h defines a symbol,
-ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
-command value lower than this symbol is considered a "generic" command is
-handled directly by the OpenSSL core routines.
-
-It is using these "core" control commands that one can discover the the control
-commands implemented by a given ENGINE, specifically the commands;
-
- #define ENGINE_HAS_CTRL_FUNCTION               10
- #define ENGINE_CTRL_GET_FIRST_CMD_TYPE         11
- #define ENGINE_CTRL_GET_NEXT_CMD_TYPE          12
- #define ENGINE_CTRL_GET_CMD_FROM_NAME          13
- #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD      14
- #define ENGINE_CTRL_GET_NAME_FROM_CMD          15
- #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD      16
- #define ENGINE_CTRL_GET_DESC_FROM_CMD          17
- #define ENGINE_CTRL_GET_CMD_FLAGS              18
-
-Whilst these commands are automatically processed by the OpenSSL framework code,
-they use various properties exposed by each ENGINE by which to process these
-queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
-it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
-the ENGINE's flags, and it can expose an array of control command descriptions.
-If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
-simply pass all these "core" control commands directly to the ENGINE's ctrl()
-handler (and thus, it must have supplied one), so it is up to the ENGINE to
-reply to these "discovery" commands itself. If that flag is not set, then the
-OpenSSL framework code will work with the following rules;
-
- if no ctrl() handler supplied;
-     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
-     all other commands fail.
- if a ctrl() handler was supplied but no array of control commands;
-     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-     all other commands fail.
- if a ctrl() handler and array of control commands was supplied;
-     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-     all other commands proceed processing ...
-
-If the ENGINE's array of control commands is empty then all other commands will
-fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
-the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
-identifier of a command supported by the ENGINE and returns the next command
-identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
-name for a command and returns the corresponding identifier or fails if no such
-command name exists, and the remaining commands take a command identifier and
-return properties of the corresponding commands. All except
-ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
-or populate a supplied character buffer with a copy of the command name or
-description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
-possible values;
-
- #define ENGINE_CMD_FLAG_NUMERIC                (unsigned int)0x0001
- #define ENGINE_CMD_FLAG_STRING                 (unsigned int)0x0002
- #define ENGINE_CMD_FLAG_NO_INPUT               (unsigned int)0x0004
- #define ENGINE_CMD_FLAG_INTERNAL               (unsigned int)0x0008
-
-If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
-informational to the caller - this flag will prevent the command being usable
-for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
-"INTERNAL" commands are not intended to be exposed to text-based configuration
-by applications, administrations, users, etc. These can support arbitrary
-operations via ENGINE_ctrl(), including passing to and/or from the control
-commands data of any arbitrary type. These commands are supported in the
-discovery mechanisms simply to allow applications determinie if an ENGINE
-supports certain specific commands it might want to use (eg. application "foo"
-might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
-and ENGINE could therefore decide whether or not to support this "foo"-specific
-extension).
-
-=head2 Future developments
-
-The ENGINE API and internal architecture is currently being reviewed. Slated for
-possible release in 0.9.8 is support for transparent loading of "dynamic"
-ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
-implementations to be provided independantly of OpenSSL libraries and/or
-OpenSSL-based applications, and would also remove any requirement for
-applications to explicitly use the "dynamic" ENGINE to bind to shared-library
-implementations.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
-L<RSA_new_method(3)|RSA_new_method(3)>
-
-=cut
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
deleted file mode 100644
index b3ca14314f..0000000000
--- a/src/lib/libcrypto/doc/evp.pod
+++ /dev/null
@@ -1,45 +0,0 @@
-=pod
-
-=head1 NAME
-
-evp - high-level cryptographic functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
-=head1 DESCRIPTION
-
-The EVP library provides a high-level interface to cryptographic
-functions.
-
-B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
-and decryption to implement digital "envelopes".
-
-The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
-digital signatures.
-
-Symmetric encryption is available with the B<EVP_Encrypt>I<...>
-functions.  The B<EVP_Digest>I<...> functions provide message digests.
-
-Algorithms are loaded with OpenSSL_add_all_algorithms(3).
-
-All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
-modules providing alternative implementations. If ENGINE implementations of
-ciphers or digests are registered as defaults, then the various EVP functions
-will automatically use those implementations automatically in preference to
-built in software implementations. For more information, consult the engine(3)
-man page.
-
-=head1 SEE ALSO
-
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>,
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
-L<engine(3)|engine(3)>
-
-=cut
diff --git a/src/lib/libcrypto/doc/lh_stats.pod b/src/lib/libcrypto/doc/lh_stats.pod
deleted file mode 100644
index 3eeaa72e52..0000000000
--- a/src/lib/libcrypto/doc/lh_stats.pod
+++ /dev/null
@@ -1,60 +0,0 @@
-=pod
-
-=head1 NAME
-
-lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
-lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
-
-=head1 SYNOPSIS
-
- #include <openssl/lhash.h>
-
- void lh_stats(LHASH *table, FILE *out);
- void lh_node_stats(LHASH *table, FILE *out);
- void lh_node_usage_stats(LHASH *table, FILE *out);
-
- void lh_stats_bio(LHASH *table, BIO *out);
- void lh_node_stats_bio(LHASH *table, BIO *out);
- void lh_node_usage_stats_bio(LHASH *table, BIO *out);
-
-=head1 DESCRIPTION
-
-The B<LHASH> structure records statistics about most aspects of
-accessing the hash table.  This is mostly a legacy of Eric Young
-writing this library for the reasons of implementing what looked like
-a nice algorithm rather than for a particular software product.
-
-lh_stats() prints out statistics on the size of the hash table, how
-many entries are in it, and the number and result of calls to the
-routines in this library.
-
-lh_node_stats() prints the number of entries for each 'bucket' in the
-hash table.
-
-lh_node_usage_stats() prints out a short summary of the state of the
-hash table.  It prints the 'load' and the 'actual load'.  The load is
-the average number of data items per 'bucket' in the hash table.  The
-'actual load' is the average number of items per 'bucket', but only
-for buckets which contain entries.  So the 'actual load' is the
-average number of searches that will need to find an item in the hash
-table, while the 'load' is the average number that will be done to
-record a miss.
-
-lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
-are the same as the above, except that the output goes to a B<BIO>.
-
-=head1 RETURN VALUES
-
-These functions do not return values.
-
-=head1 SEE ALSO
-
-L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
-
-=head1 HISTORY
-
-These functions are available in all versions of SSLeay and OpenSSL.
-
-This manpage is derived from the SSLeay documentation.
-
-=cut
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
deleted file mode 100644
index 45ac53ffc1..0000000000
--- a/src/lib/libcrypto/doc/rsa.pod
+++ /dev/null
@@ -1,123 +0,0 @@
-=pod
-
-=head1 NAME
-
-rsa - RSA public key cryptosystem
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
- #include <openssl/engine.h>
-
- RSA * RSA_new(void);
- void RSA_free(RSA *rsa);
-
- int RSA_public_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_private_decrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa,int padding);
-
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
- int RSA_size(const RSA *rsa);
-
- RSA *RSA_generate_key(int num, unsigned long e,
-    void (*callback)(int,int,void *), void *cb_arg);
-
- int RSA_check_key(RSA *rsa);
-
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
- void RSA_blinding_off(RSA *rsa);
-
- void RSA_set_default_method(const RSA_METHOD *meth);
- const RSA_METHOD *RSA_get_default_method(void);
- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
- const RSA_METHOD *RSA_get_method(const RSA *rsa);
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
- RSA_METHOD *RSA_null_method(void);
- int RSA_flags(const RSA *rsa);
- RSA *RSA_new_method(ENGINE *engine);
-
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
-
- int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-    int (*dup_func)(), void (*free_func)());
- int RSA_set_ex_data(RSA *r,int idx,char *arg);
- char *RSA_get_ex_data(RSA *r, int idx);
-
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-
-=head1 DESCRIPTION
-
-These functions implement RSA public key encryption and signatures
-as defined in PKCS #1 v2.0 [RFC 2437].
-
-The B<RSA> structure consists of several BIGNUM components. It can
-contain public as well as private RSA keys:
-
- struct
-        {
-        BIGNUM *n;              // public modulus
-        BIGNUM *e;              // public exponent
-        BIGNUM *d;              // private exponent
-        BIGNUM *p;              // secret prime factor
-        BIGNUM *q;              // secret prime factor
-        BIGNUM *dmp1;           // d mod (p-1)
-        BIGNUM *dmq1;           // d mod (q-1)
-        BIGNUM *iqmp;           // q^-1 mod p
-        // ...
-        };
- RSA
-
-In public keys, the private exponent and the related secret values are
-B<NULL>.
-
-B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
-keys, but the RSA operations are much faster when these values are
-available.
-
-Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using RSA
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 PATENTS
-
-RSA was covered by a US patent which expired in September 2000.
-
-=head1 SEE ALSO
-
-L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>,
-L<RSA_check_key(3)|RSA_check_key(3)>,
-L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
-L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
-
-=cut
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
deleted file mode 100644
index aa0669eb7a..0000000000
--- a/src/lib/libcrypto/dsa/dsa.h
+++ /dev/null
@@ -1,272 +0,0 @@
-/* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
- * work and I have just tweaked them a little to fit into my
- * stylistic vision for SSLeay :-) */
-
-#ifndef HEADER_DSA_H
-#define HEADER_DSA_H
-
-#ifdef OPENSSL_NO_DSA
-#error DSA is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-#define OPENSSL_DSA_MAX_MODULUS_BITS    3072
-
-#define DSA_FLAG_CACHE_MONT_P   0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
-                                              * implementation now uses constant time
-                                              * modular exponentiation for secret exponents
-                                              * by default. This flag causes the
-                                              * faster variable sliding window method to
-                                              * be used for all exponents.
-                                              */
-
-/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
- * it is then the applications responsibility to ensure the external method
- * is compliant.
- */
-
-#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW     0x04
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_DSA_SIZE_T int
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct dsa_st DSA;
-
-typedef struct DSA_SIG_st
-        {
-        BIGNUM *r;
-        BIGNUM *s;
-        } DSA_SIG;
-
-typedef struct dsa_method {
-        const char *name;
-        DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
-        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                                                                BIGNUM **rp);
-        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-                                                        DSA_SIG *sig, DSA *dsa);
-        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                        BN_MONT_CTX *in_mont);
-        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx); /* Can be null */
-        int (*init)(DSA *dsa);
-        int (*finish)(DSA *dsa);
-        int flags;
-        char *app_data;
-} DSA_METHOD;
-
-struct dsa_st
-        {
-        /* This first variable is used to pick up errors where
-         * a DSA is passed instead of of a EVP_PKEY */
-        int pad;
-        long version;
-        int write_params;
-        BIGNUM *p;
-        BIGNUM *q;      /* == 20 */
-        BIGNUM *g;
-
-        BIGNUM *pub_key;  /* y public key */
-        BIGNUM *priv_key; /* x private key */
-
-        BIGNUM *kinv;   /* Signing pre-calc */
-        BIGNUM *r;      /* Signing pre-calc */
-
-        int flags;
-        /* Normally used to cache montgomery values */
-        char *method_mont_p;
-        int references;
-        CRYPTO_EX_DATA ex_data;
-        const DSA_METHOD *meth;
-        /* functional reference if 'meth' is ENGINE-provided */
-        ENGINE *engine;
-        };
-
-#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
-                (char *(*)())d2i_DSAparams,(char *)(x))
-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
-                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
-                (unsigned char *)(x))
-#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
-                (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
-                (unsigned char *)(x))
-
-
-DSA_SIG * DSA_SIG_new(void);
-void    DSA_SIG_free(DSA_SIG *a);
-int     i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
-int     DSA_do_verify(const unsigned char *dgst,int dgst_len,
-                      DSA_SIG *sig,DSA *dsa);
-
-const DSA_METHOD *DSA_OpenSSL(void);
-
-void    DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
-
-DSA *   DSA_new(void);
-DSA *   DSA_new_method(ENGINE *engine);
-void    DSA_free (DSA *r);
-/* "up" the DSA object's reference count */
-int     DSA_up_ref(DSA *r);
-int     DSA_size(const DSA *);
-        /* next 4 return -1 on error */
-int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int     DSA_sign(int type,const unsigned char *dgst,int dlen,
-                unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int     DSA_verify(int type,const unsigned char *dgst,int dgst_len,
-                const unsigned char *sigbuf, int siglen, DSA *dsa);
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
-
-DSA *   d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA *   d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA *   d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-DSA *   DSA_generate_parameters(int bits,
-                unsigned char *seed,int seed_len,
-                int *counter_ret, unsigned long *h_ret,void
-                (*callback)(int, int, void *),void *cb_arg);
-int     DSA_generate_key(DSA *a);
-int     i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int     i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int     i2d_DSAparams(const DSA *a,unsigned char **pp);
-
-#ifndef OPENSSL_NO_BIO
-int     DSAparams_print(BIO *bp, const DSA *x);
-int     DSA_print(BIO *bp, const DSA *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int     DSAparams_print_fp(FILE *fp, const DSA *x);
-int     DSA_print_fp(FILE *bp, const DSA *x, int off);
-#endif
-
-#define DSS_prime_checks 50
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
- * 50 rounds of Rabin-Miller */
-#define DSA_is_prime(n, callback, cb_arg) \
-        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-#ifndef OPENSSL_NO_DH
-/* Convert DSA structure (key or just parameters) into DH structure
- * (be careful to avoid small subgroup attacks when using this!) */
-DH *DSA_dup_DH(const DSA *r);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSA_strings(void);
-
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_D2I_DSA_SIG                                110
-#define DSA_F_DSAPARAMS_PRINT                            100
-#define DSA_F_DSAPARAMS_PRINT_FP                         101
-#define DSA_F_DSA_DO_SIGN                                112
-#define DSA_F_DSA_DO_VERIFY                              113
-#define DSA_F_DSA_NEW_METHOD                             103
-#define DSA_F_DSA_PRINT                                  104
-#define DSA_F_DSA_PRINT_FP                               105
-#define DSA_F_DSA_SIGN                                   106
-#define DSA_F_DSA_SIGN_SETUP                             107
-#define DSA_F_DSA_SIG_NEW                                109
-#define DSA_F_DSA_VERIFY                                 108
-#define DSA_F_I2D_DSA_SIG                                111
-#define DSA_F_SIG_CB                                     114
-
-/* Reason codes. */
-#define DSA_R_BAD_Q_VALUE                                102
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
-#define DSA_R_MISSING_PARAMETERS                         101
-#define DSA_R_MODULUS_TOO_LARGE                          103
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
deleted file mode 100644
index 23fce555aa..0000000000
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_NEW_PRE) {
-                DSA_SIG *sig;
-                sig = OPENSSL_malloc(sizeof(DSA_SIG));
-                sig->r = NULL;
-                sig->s = NULL;
-                *pval = (ASN1_VALUE *)sig;
-                if(sig) return 2;
-                DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
-        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
-        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
-
-/* Override the default free and new methods */
-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_NEW_PRE) {
-                *pval = (ASN1_VALUE *)DSA_new();
-                if(*pval) return 2;
-                return 0;
-        } else if(operation == ASN1_OP_FREE_PRE) {
-                DSA_free((DSA *)*pval);
-                *pval = NULL;
-                return 2;
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
-        ASN1_SIMPLE(DSA, version, LONG),
-        ASN1_SIMPLE(DSA, p, BIGNUM),
-        ASN1_SIMPLE(DSA, q, BIGNUM),
-        ASN1_SIMPLE(DSA, g, BIGNUM),
-        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
-
-ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
-        ASN1_SIMPLE(DSA, p, BIGNUM),
-        ASN1_SIMPLE(DSA, q, BIGNUM),
-        ASN1_SIMPLE(DSA, g, BIGNUM),
-} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
-
-/* DSA public key is a bit trickier... its effectively a CHOICE type
- * decided by a field called write_params which can either write out
- * just the public key as an INTEGER or the parameters and public key
- * in a SEQUENCE
- */
-
-ASN1_SEQUENCE(dsa_pub_internal) = {
-        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-        ASN1_SIMPLE(DSA, p, BIGNUM),
-        ASN1_SIMPLE(DSA, q, BIGNUM),
-        ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
-        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
deleted file mode 100644
index d7fac69154..0000000000
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/dsa/dsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
-static ERR_STRING_DATA DSA_str_functs[]=
-        {
-{ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA DSA_str_reasons[]=
-        {
-{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_DSA_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,DSA_str_functs);
-                ERR_load_strings(0,DSA_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
deleted file mode 100644
index e40afeea51..0000000000
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_FIPS
-DSA *DSA_generate_parameters(int bits,
-                unsigned char *seed_in, int seed_len,
-                int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *),
-                void *cb_arg)
-        {
-        int ok=0;
-        unsigned char seed[SHA_DIGEST_LENGTH];
-        unsigned char md[SHA_DIGEST_LENGTH];
-        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
-        BIGNUM *r0,*W,*X,*c,*test;
-        BIGNUM *g=NULL,*q=NULL,*p=NULL;
-        BN_MONT_CTX *mont=NULL;
-        int k,n=0,i,b,m=0;
-        int counter=0;
-        int r=0;
-        BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
-        unsigned int h=2;
-        DSA *ret=NULL;
-
-        if (bits < 512) bits=512;
-        bits=(bits+63)/64*64;
-
-        if (seed_len < 20)
-                seed_in = NULL; /* seed buffer too small -- ignore */
-        if (seed_len > 20) 
-                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-                                * but our internal buffers are restricted to 160 bits*/
-        if ((seed_in != NULL) && (seed_len == 20))
-                memcpy(seed,seed_in,seed_len);
-
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((ctx2=BN_CTX_new()) == NULL) goto err;
-        if ((ctx3=BN_CTX_new()) == NULL) goto err;
-        if ((ret=DSA_new()) == NULL) goto err;
-
-        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-        BN_CTX_start(ctx2);
-        r0 = BN_CTX_get(ctx2);
-        g = BN_CTX_get(ctx2);
-        W = BN_CTX_get(ctx2);
-        q = BN_CTX_get(ctx2);
-        X = BN_CTX_get(ctx2);
-        c = BN_CTX_get(ctx2);
-        p = BN_CTX_get(ctx2);
-        test = BN_CTX_get(ctx2);
-        if (test == NULL) goto err;
-
-        if (!BN_lshift(test,BN_value_one(),bits-1)) goto err;
-
-        for (;;)
-                {
-                for (;;) /* find q */
-                        {
-                        int seed_is_random;
-
-                        /* step 1 */
-                        if (callback != NULL) callback(0,m++,cb_arg);
-
-                        if (!seed_len)
-                                {
-                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
-                                seed_is_random = 1;
-                                }
-                        else
-                                {
-                                seed_is_random = 0;
-                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
-                                }
-                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
-                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
-                        /* precompute "SEED + 1" for step 7: */
-                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-                                {
-                                buf[i]++;
-                                if (buf[i] != 0) break;
-                                }
-
-                        /* step 2 */
-                        EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-                        EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
-                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
-                                md[i]^=buf2[i];
-
-                        /* step 3 */
-                        md[0]|=0x80;
-                        md[SHA_DIGEST_LENGTH-1]|=0x01;
-                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
-
-                        /* step 4 */
-                        r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
-                        if (r > 0)
-                                break;
-                        if (r != 0)
-                                goto err;
-
-                        /* do a callback call */
-                        /* step 5 */
-                        }
-
-                if (callback != NULL) callback(2,0,cb_arg);
-                if (callback != NULL) callback(3,0,cb_arg);
-
-                /* step 6 */
-                counter=0;
-                /* "offset = 2" */
-
-                n=(bits-1)/160;
-                b=(bits-1)-n*160;
-
-                for (;;)
-                        {
-                        if (callback != NULL && counter != 0)
-                                callback(0,counter,cb_arg);
-
-                        /* step 7 */
-                        if (!BN_zero(W)) goto err;
-                        /* now 'buf' contains "SEED + offset - 1" */
-                        for (k=0; k<=n; k++)
-                                {
-                                /* obtain "SEED + offset + k" by incrementing: */
-                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-                                        {
-                                        buf[i]++;
-                                        if (buf[i] != 0) break;
-                                        }
-
-                                EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-
-                                /* step 8 */
-                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
-                                        goto err;
-                                if (!BN_lshift(r0,r0,160*k)) goto err;
-                                if (!BN_add(W,W,r0)) goto err;
-                                }
-
-                        /* more of step 8 */
-                        if (!BN_mask_bits(W,bits-1)) goto err;
-                        if (!BN_copy(X,W)) goto err;
-                        if (!BN_add(X,X,test)) goto err;
-
-                        /* step 9 */
-                        if (!BN_lshift1(r0,q)) goto err;
-                        if (!BN_mod(c,X,r0,ctx)) goto err;
-                        if (!BN_sub(r0,c,BN_value_one())) goto err;
-                        if (!BN_sub(p,X,r0)) goto err;
-
-                        /* step 10 */
-                        if (BN_cmp(p,test) >= 0)
-                                {
-                                /* step 11 */
-                                r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
-                                if (r > 0)
-                                                goto end; /* found it */
-                                if (r != 0)
-                                        goto err;
-                                }
-
-                        /* step 13 */
-                        counter++;
-                        /* "offset = offset + n + 1" */
-
-                        /* step 14 */
-                        if (counter >= 4096) break;
-                        }
-                }
-end:
-        if (callback != NULL) callback(2,1,cb_arg);
-
-        /* We now need to generate g */
-        /* Set r0=(p-1)/q */
-        if (!BN_sub(test,p,BN_value_one())) goto err;
-        if (!BN_div(r0,NULL,test,q,ctx)) goto err;
-
-        if (!BN_set_word(test,h)) goto err;
-        if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
-
-        for (;;)
-                {
-                /* g=test^r0%p */
-                if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
-                if (!BN_is_one(g)) break;
-                if (!BN_add(test,test,BN_value_one())) goto err;
-                h++;
-                }
-
-        if (callback != NULL) callback(3,1,cb_arg);
-
-        ok=1;
-err:
-        if (!ok)
-                {
-                if (ret != NULL) DSA_free(ret);
-                }
-        else
-                {
-                ret->p=BN_dup(p);
-                ret->q=BN_dup(q);
-                ret->g=BN_dup(g);
-                if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
-                        {
-                        ok=0;
-                        goto err;
-                        }
-                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
-                if (counter_ret != NULL) *counter_ret=counter;
-                if (h_ret != NULL) *h_ret=h;
-                }
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (ctx2 != NULL)
-                {
-                BN_CTX_end(ctx2);
-                BN_CTX_free(ctx2);
-                }
-        if (ctx3 != NULL) BN_CTX_free(ctx3);
-        if (mont != NULL) BN_MONT_CTX_free(mont);
-        return(ok?ret:NULL);
-        }
-#endif /* ndef OPENSSL_FIPS */
-#endif /* ndef OPENSSL_NO_SHA */
-
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
deleted file mode 100644
index 980b6dc2d3..0000000000
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SHA
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_FIPS
-int DSA_generate_key(DSA *dsa)
-        {
-        int ok=0;
-        BN_CTX *ctx=NULL;
-        BIGNUM *pub_key=NULL,*priv_key=NULL;
-
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-        if (dsa->priv_key == NULL)
-                {
-                if ((priv_key=BN_new()) == NULL) goto err;
-                }
-        else
-                priv_key=dsa->priv_key;
-
-        do
-                if (!BN_rand_range(priv_key,dsa->q)) goto err;
-        while (BN_is_zero(priv_key));
-
-        if (dsa->pub_key == NULL)
-                {
-                if ((pub_key=BN_new()) == NULL) goto err;
-                }
-        else
-                pub_key=dsa->pub_key;
-        
-        {
-                BIGNUM local_prk;
-                BIGNUM *prk;
-
-                if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        BN_init(&local_prk);
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        prk = priv_key;
-
-                if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
-        }
-
-        dsa->priv_key=priv_key;
-        dsa->pub_key=pub_key;
-        ok=1;
-
-err:
-        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
-        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
-        if (ctx != NULL) BN_CTX_free(ctx);
-        return(ok);
-        }
-#endif
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
deleted file mode 100644
index 4171af24c6..0000000000
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
-
-static const DSA_METHOD *default_DSA_method = NULL;
-
-void DSA_set_default_method(const DSA_METHOD *meth)
-        {
-        default_DSA_method = meth;
-        }
-
-const DSA_METHOD *DSA_get_default_method(void)
-        {
-        if(!default_DSA_method)
-                default_DSA_method = DSA_OpenSSL();
-        return default_DSA_method;
-        }
-
-DSA *DSA_new(void)
-        {
-        return DSA_new_method(NULL);
-        }
-
-int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
-        {
-        /* NB: The caller is specifically setting a method, so it's not up to us
-         * to deal with which ENGINE it comes from. */
-        const DSA_METHOD *mtmp;
-        mtmp = dsa->meth;
-        if (mtmp->finish) mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
-        if (dsa->engine)
-                {
-                ENGINE_finish(dsa->engine);
-                dsa->engine = NULL;
-                }
-#endif
-        dsa->meth = meth;
-        if (meth->init) meth->init(dsa);
-        return 1;
-        }
-
-DSA *DSA_new_method(ENGINE *engine)
-        {
-        DSA *ret;
-
-        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
-        if (ret == NULL)
-                {
-                DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->meth = DSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-        if (engine)
-                {
-                if (!ENGINE_init(engine))
-                        {
-                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                ret->engine = engine;
-                }
-        else
-                ret->engine = ENGINE_get_default_DSA();
-        if(ret->engine)
-                {
-                ret->meth = ENGINE_get_DSA(ret->engine);
-                if(!ret->meth)
-                        {
-                        DSAerr(DSA_F_DSA_NEW_METHOD,
-                                ERR_R_ENGINE_LIB);
-                        ENGINE_finish(ret->engine);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                }
-#endif
-
-        ret->pad=0;
-        ret->version=0;
-        ret->write_params=1;
-        ret->p=NULL;
-        ret->q=NULL;
-        ret->g=NULL;
-
-        ret->pub_key=NULL;
-        ret->priv_key=NULL;
-
-        ret->kinv=NULL;
-        ret->r=NULL;
-        ret->method_mont_p=NULL;
-
-        ret->references=1;
-        ret->flags=ret->meth->flags;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-                {
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-        
-        return(ret);
-        }
-
-void DSA_free(DSA *r)
-        {
-        int i;
-
-        if (r == NULL) return;
-
-        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-        REF_PRINT("DSA",r);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"DSA_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        if(r->meth->finish)
-                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        if(r->engine)
-                ENGINE_finish(r->engine);
-#endif
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
-
-        if (r->p != NULL) BN_clear_free(r->p);
-        if (r->q != NULL) BN_clear_free(r->q);
-        if (r->g != NULL) BN_clear_free(r->g);
-        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-        if (r->kinv != NULL) BN_clear_free(r->kinv);
-        if (r->r != NULL) BN_clear_free(r->r);
-        OPENSSL_free(r);
-        }
-
-int DSA_up_ref(DSA *r)
-        {
-        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-        REF_PRINT("DSA",r);
-#endif
-#ifdef REF_CHECK
-        if (i < 2)
-                {
-                fprintf(stderr, "DSA_up_ref, bad reference count\n");
-                abort();
-                }
-#endif
-        return ((i > 1) ? 1 : 0);
-        }
-
-int DSA_size(const DSA *r)
-        {
-        int ret,i;
-        ASN1_INTEGER bs;
-        unsigned char buf[4];   /* 4 bytes looks really small.
-                                   However, i2d_ASN1_INTEGER() will not look
-                                   beyond the first byte, as long as the second
-                                   parameter is NULL. */
-
-        i=BN_num_bits(r->q);
-        bs.length=(i+7)/8;
-        bs.data=buf;
-        bs.type=V_ASN1_INTEGER;
-        /* If the top bit is set the asn1 encoding is 1 larger. */
-        buf[0]=0xff;    
-
-        i=i2d_ASN1_INTEGER(&bs,NULL);
-        i+=i; /* r and s */
-        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-        return(ret);
-        }
-
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int DSA_set_ex_data(DSA *d, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-        }
-
-void *DSA_get_ex_data(DSA *d, int idx)
-        {
-        return(CRYPTO_get_ex_data(&d->ex_data,idx));
-        }
-
-#ifndef OPENSSL_NO_DH
-DH *DSA_dup_DH(const DSA *r)
-        {
-        /* DSA has p, q, g, optional pub_key, optional priv_key.
-         * DH has p, optional length, g, optional pub_key, optional priv_key.
-         */ 
-
-        DH *ret = NULL;
-
-        if (r == NULL)
-                goto err;
-        ret = DH_new();
-        if (ret == NULL)
-                goto err;
-        if (r->p != NULL) 
-                if ((ret->p = BN_dup(r->p)) == NULL)
-                        goto err;
-        if (r->q != NULL)
-                ret->length = BN_num_bits(r->q);
-        if (r->g != NULL)
-                if ((ret->g = BN_dup(r->g)) == NULL)
-                        goto err;
-        if (r->pub_key != NULL)
-                if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
-                        goto err;
-        if (r->priv_key != NULL)
-                if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
-                        goto err;
-
-        return ret;
-
- err:
-        if (ret != NULL)
-                DH_free(ret);
-        return NULL;
-        }
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
deleted file mode 100644
index 5de5fc7e91..0000000000
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_FIPS
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                BN_MONT_CTX *in_mont);
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-
-static DSA_METHOD openssl_dsa_meth = {
-"OpenSSL DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-dsa_mod_exp,
-dsa_bn_mod_exp,
-dsa_init,
-dsa_finish,
-0,
-NULL
-};
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
-        return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-        {
-        BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
-        BIGNUM m;
-        BIGNUM xr;
-        BN_CTX *ctx=NULL;
-        int i,reason=ERR_R_BN_LIB;
-        DSA_SIG *ret=NULL;
-
-        BN_init(&m);
-        BN_init(&xr);
-
-        if (!dsa->p || !dsa->q || !dsa->g)
-                {
-                reason=DSA_R_MISSING_PARAMETERS;
-                goto err;
-                }
-
-        s=BN_new();
-        if (s == NULL) goto err;
-
-        i=BN_num_bytes(dsa->q); /* should be 20 */
-        if ((dlen > i) || (dlen > 50))
-                {
-                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-                goto err;
-                }
-
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-
-        if ((dsa->kinv == NULL) || (dsa->r == NULL))
-                {
-                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-                }
-        else
-                {
-                kinv=dsa->kinv;
-                dsa->kinv=NULL;
-                r=dsa->r;
-                dsa->r=NULL;
-                }
-
-        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
-        /* Compute  s = inv(k) (m + xr) mod q */
-        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
-        if (!BN_add(s, &xr, &m)) goto err;              /* s = m + xr */
-        if (BN_cmp(s,dsa->q) > 0)
-                BN_sub(s,s,dsa->q);
-        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
-        ret=DSA_SIG_new();
-        if (ret == NULL) goto err;
-        ret->r = r;
-        ret->s = s;
-        
-err:
-        if (!ret)
-                {
-                DSAerr(DSA_F_DSA_DO_SIGN,reason);
-                BN_free(r);
-                BN_free(s);
-                }
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&m);
-        BN_clear_free(&xr);
-        if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
-            BN_clear_free(kinv);
-        return(ret);
-        }
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-        {
-        BN_CTX *ctx;
-        BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
-        int ret=0;
-
-        if (!dsa->p || !dsa->q || !dsa->g)
-                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
-                return 0;
-                }
-
-        BN_init(&k);
-        BN_init(&kq);
-
-        if (ctx_in == NULL)
-                {
-                if ((ctx=BN_CTX_new()) == NULL) goto err;
-                }
-        else
-                ctx=ctx_in;
-
-        if ((r=BN_new()) == NULL) goto err;
-
-        /* Get random k */
-        do
-                if (!BN_rand_range(&k, dsa->q)) goto err;
-        while (BN_is_zero(&k));
-        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                {
-                BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
-                }
-
-        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-                {
-                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
-                                                CRYPTO_LOCK_DSA,
-                                                dsa->p, ctx))
-                        goto err;
-                }
-
-        /* Compute r = (g^k mod p) mod q */
-
-        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                {
-                if (!BN_copy(&kq, &k)) goto err;
-
-                /* We do not want timing information to leak the length of k,
-                 * so we compute g^k using an equivalent exponent of fixed length.
-                 *
-                 * (This is a kludge that we need because the BN_mod_exp_mont()
-                 * does not let us specify the desired timing behaviour.) */
-
-                if (!BN_add(&kq, &kq, dsa->q)) goto err;
-                if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
-                        {
-                        if (!BN_add(&kq, &kq, dsa->q)) goto err;
-                        }
-
-                K = &kq;
-                }
-        else
-                {
-                K = &k;
-                }
-        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
-                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
-        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
-        /* Compute  part of 's = inv(k) (m + xr) mod q' */
-        if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
-        if (*kinvp != NULL) BN_clear_free(*kinvp);
-        *kinvp=kinv;
-        kinv=NULL;
-        if (*rp != NULL) BN_clear_free(*rp);
-        *rp=r;
-        ret=1;
-err:
-        if (!ret)
-                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-                if (kinv != NULL) BN_clear_free(kinv);
-                if (r != NULL) BN_clear_free(r);
-                }
-        if (ctx_in == NULL) BN_CTX_free(ctx);
-        if (kinv != NULL) BN_clear_free(kinv);
-        BN_clear_free(&k);
-        BN_clear_free(&kq);
-        return(ret);
-        }
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa)
-        {
-        BN_CTX *ctx;
-        BIGNUM u1,u2,t1;
-        BN_MONT_CTX *mont=NULL;
-        int ret = -1;
-        if (!dsa->p || !dsa->q || !dsa->g)
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
-                return -1;
-                }
-
-        if (BN_num_bits(dsa->q) != 160)
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
-                return -1;
-                }
-
-        if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
-                return -1;
-                }
-
-        BN_init(&u1);
-        BN_init(&u2);
-        BN_init(&t1);
-
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-                {
-                ret = 0;
-                goto err;
-                }
-        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-                {
-                ret = 0;
-                goto err;
-                }
-
-        /* Calculate W = inv(S) mod Q
-         * save W in u2 */
-        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
-        /* save M in u1 */
-        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
-        /* u1 = M * w mod q */
-        if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
-        /* u2 = r * w mod q */
-        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-
-        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-                {
-                mont = BN_MONT_CTX_set_locked(
-                                        (BN_MONT_CTX **)&dsa->method_mont_p,
-                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
-                if (!mont)
-                        goto err;
-                }
-
-#if 0
-        {
-        BIGNUM t2;
-
-        BN_init(&t2);
-        /* v = ( g^u1 * y^u2 mod p ) mod q */
-        /* let t1 = g ^ u1 mod p */
-        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
-        /* let t2 = y ^ u2 mod p */
-        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
-        /* let u1 = t1 * t2 mod p */
-        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
-        BN_free(&t2);
-        }
-        /* let u1 = u1 mod q */
-        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
-#else
-        {
-        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
-                                                dsa->p,ctx,mont)) goto err;
-        /* BN_copy(&u1,&t1); */
-        /* let u1 = u1 mod q */
-        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-        }
-#endif
-        /* V is now in u1.  If the signature is correct, it will be
-         * equal to R. */
-        ret=(BN_ucmp(&u1, sig->r) == 0);
-
-        err:
-        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_free(&u1);
-        BN_free(&u2);
-        BN_free(&t1);
-        return(ret);
-        }
-
-static int dsa_init(DSA *dsa)
-{
-        dsa->flags|=DSA_FLAG_CACHE_MONT_P;
-        return(1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
-        if(dsa->method_mont_p)
-                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
-        return(1);
-}
-
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-                BN_MONT_CTX *in_mont)
-{
-        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
-}
-        
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx)
-{
-        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-}
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
deleted file mode 100644
index 37c65efb20..0000000000
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/dsa/dsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
-                && !FIPS_dsa_check(dsa))
-                return NULL;
-#endif
-        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-        }
-
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
-             unsigned int *siglen, DSA *dsa)
-        {
-        DSA_SIG *s;
-        s=DSA_do_sign(dgst,dlen,dsa);
-        if (s == NULL)
-                {
-                *siglen=0;
-                return(0);
-                }
-        *siglen=i2d_DSA_SIG(s,&sig);
-        DSA_SIG_free(s);
-        return(1);
-        }
-
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
-                && !FIPS_dsa_check(dsa))
-                return 0;
-#endif
-        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
-        }
-
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
deleted file mode 100644
index c9784bed48..0000000000
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/dsa/dsa_vrf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-
-int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa)
-        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
-                && !FIPS_dsa_check(dsa))
-                return -1;
-#endif
-        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-        }
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-             const unsigned char *sigbuf, int siglen, DSA *dsa)
-        {
-        DSA_SIG *s;
-        int ret=-1;
-
-        s = DSA_SIG_new();
-        if (s == NULL) return(ret);
-        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-        DSA_SIG_free(s);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h
deleted file mode 100644
index aa721f7feb..0000000000
--- a/src/lib/libcrypto/dso/dso.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/* dso.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-#define HEADER_DSO_H
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-#define DSO_CTRL_GET_FLAGS      1
-#define DSO_CTRL_SET_FLAGS      2
-#define DSO_CTRL_OR_FLAGS       3
-
-/* By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the DSO
- * object (using DSO_set_name_converter()). This callback could even utilise
- * the DSO_METHOD's converter too if it only wants to override behaviour for
- * one or two possible DSO methods. However, the following flag can be set in a
- * DSO to prevent *any* native name-translation at all - eg. if the caller has
- * prompted the user for a path to a driver library so the filename should be
- * interpreted as-is. */
-#define DSO_FLAG_NO_NAME_TRANSLATION            0x01
-/* An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and
- * other operating systems where the translation also may prefix
- * the name with something, like 'lib', and ignored everywhere else.
- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
- * at the same time. */
-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
-
-/* The following flag controls the translation of symbol names to upper
- * case.  This is currently only being implemented for OpenVMS.
- */
-#define DSO_FLAG_UPCASE_SYMBOL                  0x10
-
-
-typedef void (*DSO_FUNC_TYPE)(void);
-
-typedef struct dso_st DSO;
-
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
- * filename to transform. They should either return NULL (if there is an error
- * condition) or a newly allocated string containing the transformed form that
- * the caller will need to free with OPENSSL_free() when done. */
-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-
-typedef struct dso_meth_st
-        {
-        const char *name;
-        /* Loads a shared library, NB: new DSO_METHODs must ensure that a
-         * successful load populates the loaded_filename field, and likewise a
-         * successful unload OPENSSL_frees and NULLs it out. */
-        int (*dso_load)(DSO *dso);
-        /* Unloads a shared library */
-        int (*dso_unload)(DSO *dso);
-        /* Binds a variable */
-        void *(*dso_bind_var)(DSO *dso, const char *symname);
-        /* Binds a function - assumes a return type of DSO_FUNC_TYPE.
-         * This should be cast to the real function prototype by the
-         * caller. Platforms that don't have compatible representations
-         * for different prototypes (this is possible within ANSI C)
-         * are highly unlikely to have shared libraries at all, let
-         * alone a DSO_METHOD implemented for them. */
-        DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
-
-/* I don't think this would actually be used in any circumstances. */
-#if 0
-        /* Unbinds a variable */
-        int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
-        /* Unbinds a function */
-        int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-#endif
-        /* The generic (yuck) "ctrl()" function. NB: Negative return
-         * values (rather than zero) indicate errors. */
-        long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
-        /* The default DSO_METHOD-specific function for converting filenames to
-         * a canonical native form. */
-        DSO_NAME_CONVERTER_FUNC dso_name_converter;
-
-        /* [De]Initialisation handlers. */
-        int (*init)(DSO *dso);
-        int (*finish)(DSO *dso);
-        } DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st
-        {
-        DSO_METHOD *meth;
-        /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
-         * doesn't use anything but will need to cache the filename
-         * for use in the dso_bind handler. All in all, let each
-         * method control its own destiny. "Handles" and such go in
-         * a STACK. */
-        STACK *meth_data;
-        int references;
-        int flags;
-        /* For use by applications etc ... use this for your bits'n'pieces,
-         * don't touch meth_data! */
-        CRYPTO_EX_DATA ex_data;
-        /* If this callback function pointer is set to non-NULL, then it will
-         * be used on DSO_load() in place of meth->dso_name_converter. NB: This
-         * should normally set using DSO_set_name_converter(). */
-        DSO_NAME_CONVERTER_FUNC name_converter;
-        /* This is populated with (a copy of) the platform-independant
-         * filename used for this DSO. */
-        char *filename;
-        /* This is populated with (a copy of) the translated filename by which
-         * the DSO was actually loaded. It is NULL iff the DSO is not currently
-         * loaded. NB: This is here because the filename translation process
-         * may involve a callback being invoked more than once not only to
-         * convert to a platform-specific form, but also to try different
-         * filenames in the process of trying to perform a load. As such, this
-         * variable can be used to indicate (a) whether this DSO structure
-         * corresponds to a loaded library or not, and (b) the filename with
-         * which it was actually loaded. */
-        char *loaded_filename;
-        };
-
-
-DSO *   DSO_new(void);
-DSO *   DSO_new_method(DSO_METHOD *method);
-int     DSO_free(DSO *dso);
-int     DSO_flags(DSO *dso);
-int     DSO_up_ref(DSO *dso);
-long    DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/* This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success. */
-int     DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                                DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded. */
-const char *DSO_get_filename(DSO *dso);
-int     DSO_set_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
- * caller-created DSO_METHODs can do the same thing. A non-NULL return value
- * will need to be OPENSSL_free()'d. */
-char    *DSO_convert_filename(DSO *dso, const char *filename);
-/* If the DSO is currently loaded, this returns the filename that it was loaded
- * under, otherwise it returns NULL. So it is also useful as a test as to
- * whether the DSO is currently loaded. NB: This will not necessarily return
- * the same value as DSO_convert_filename(dso, dso->filename), because the
- * DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded. */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void    DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/* The all-singing all-dancing load function, you normally pass NULL
- * for the first and third parameters. Use DSO_up and DSO_free for
- * subsequent reference count handling. Any flags passed in will be set
- * in the constructed DSO after its init() function but before the
- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/* This method is the default, but will beg, borrow, or steal whatever
- * method should be the default on any particular platform (including
- * DSO_METH_null() if necessary). */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/* This method is defined for all platforms - if a platform has no
- * DSO support then this will be the only method! */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
- * shl_unload, shl_findsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-#define DSO_F_DLFCN_BIND_FUNC                            100
-#define DSO_F_DLFCN_BIND_VAR                             101
-#define DSO_F_DLFCN_LOAD                                 102
-#define DSO_F_DLFCN_NAME_CONVERTER                       123
-#define DSO_F_DLFCN_UNLOAD                               103
-#define DSO_F_DL_BIND_FUNC                               104
-#define DSO_F_DL_BIND_VAR                                105
-#define DSO_F_DL_LOAD                                    106
-#define DSO_F_DL_NAME_CONVERTER                          124
-#define DSO_F_DL_UNLOAD                                  107
-#define DSO_F_DSO_BIND_FUNC                              108
-#define DSO_F_DSO_BIND_VAR                               109
-#define DSO_F_DSO_CONVERT_FILENAME                       126
-#define DSO_F_DSO_CTRL                                   110
-#define DSO_F_DSO_FREE                                   111
-#define DSO_F_DSO_GET_FILENAME                           127
-#define DSO_F_DSO_GET_LOADED_FILENAME                    128
-#define DSO_F_DSO_LOAD                                   112
-#define DSO_F_DSO_NEW_METHOD                             113
-#define DSO_F_DSO_SET_FILENAME                           129
-#define DSO_F_DSO_SET_NAME_CONVERTER                     122
-#define DSO_F_DSO_UP_REF                                 114
-#define DSO_F_VMS_BIND_VAR                               115
-#define DSO_F_VMS_LOAD                                   116
-#define DSO_F_VMS_UNLOAD                                 117
-#define DSO_F_WIN32_BIND_FUNC                            118
-#define DSO_F_WIN32_BIND_VAR                             119
-#define DSO_F_WIN32_LOAD                                 120
-#define DSO_F_WIN32_NAME_CONVERTER                       125
-#define DSO_F_WIN32_UNLOAD                               121
-
-/* Reason codes. */
-#define DSO_R_CTRL_FAILED                                100
-#define DSO_R_DSO_ALREADY_LOADED                         110
-#define DSO_R_FILENAME_TOO_BIG                           101
-#define DSO_R_FINISH_FAILED                              102
-#define DSO_R_LOAD_FAILED                                103
-#define DSO_R_NAME_TRANSLATION_FAILED                    109
-#define DSO_R_NO_FILENAME                                111
-#define DSO_R_NULL_HANDLE                                104
-#define DSO_R_SET_FILENAME_FAILED                        112
-#define DSO_R_STACK_ERROR                                105
-#define DSO_R_SYM_FAILURE                                106
-#define DSO_R_UNLOAD_FAILED                              107
-#define DSO_R_UNSUPPORTED                                108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
deleted file mode 100644
index d48b4202f2..0000000000
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/* dso_dlfcn.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifdef __linux
-#define _GNU_SOURCE
-#endif
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DLFCN
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-        {
-        return NULL;
-        }
-#else
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-/* Part of the hack in "dlfcn_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dlfcn_load(DSO *dso);
-static int dlfcn_unload(DSO *dso);
-static void *dlfcn_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-#if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *dlfcn_name_converter(DSO *dso, const char *filename);
-
-static DSO_METHOD dso_meth_dlfcn = {
-        "OpenSSL 'dlfcn' shared library method",
-        dlfcn_load,
-        dlfcn_unload,
-        dlfcn_bind_var,
-        dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
-        NULL, /* unbind_var */
-        NULL, /* unbind_func */
-#endif
-        NULL, /* ctrl */
-        dlfcn_name_converter,
-        NULL, /* init */
-        NULL  /* finish */
-        };
-
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-        {
-        return(&dso_meth_dlfcn);
-        }
-
-/* Prior to using the dlopen() function, we should decide on the flag
- * we send. There's a few different ways of doing this and it's a
- * messy venn-diagram to match up which platforms support what. So
- * as we don't have autoconf yet, I'm implementing a hack that could
- * be hacked further relatively easily to deal with cases as we find
- * them. Initially this is to cope with OpenBSD. */
-#if defined(__OpenBSD__) || defined(__NetBSD__)
-#       ifdef DL_LAZY
-#               define DLOPEN_FLAG DL_LAZY
-#       else
-#               ifdef RTLD_NOW
-#                       define DLOPEN_FLAG RTLD_NOW
-#               else
-#                       define DLOPEN_FLAG 0
-#               endif
-#       endif
-#else
-#       ifdef OPENSSL_SYS_SUNOS
-#               define DLOPEN_FLAG 1
-#       else
-#               define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#       endif
-#endif
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (void*) returned from dlopen().
- */
-
-static int dlfcn_load(DSO *dso)
-        {
-        void *ptr = NULL;
-        /* See applicable comments in dso_dl.c */
-        char *filename = DSO_convert_filename(dso, NULL);
-
-        if(filename == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
-                goto err;
-                }
-        ptr = dlopen(filename, DLOPEN_FLAG);
-        if(ptr == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
-                ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
-                goto err;
-                }
-        if(!sk_push(dso->meth_data, (char *)ptr))
-                {
-                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
-                goto err;
-                }
-        /* Success */
-        dso->loaded_filename = filename;
-        return(1);
-err:
-        /* Cleanup! */
-        if(filename != NULL)
-                OPENSSL_free(filename);
-        if(ptr != NULL)
-                dlclose(ptr);
-        return(0);
-}
-
-static int dlfcn_unload(DSO *dso)
-        {
-        void *ptr;
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if(sk_num(dso->meth_data) < 1)
-                return(1);
-        ptr = (void *)sk_pop(dso->meth_data);
-        if(ptr == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
-                /* Should push the value back onto the stack in
-                 * case of a retry. */
-                sk_push(dso->meth_data, (char *)ptr);
-                return(0);
-                }
-        /* For now I'm not aware of any errors associated with dlclose() */
-        dlclose(ptr);
-        return(1);
-        }
-
-static void *dlfcn_bind_var(DSO *dso, const char *symname)
-        {
-        void *ptr, *sym;
-
-        if((dso == NULL) || (symname == NULL))
-                {
-                DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(sk_num(dso->meth_data) < 1)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
-                return(NULL);
-                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-        if(ptr == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
-                return(NULL);
-                }
-        sym = dlsym(ptr, symname);
-        if(sym == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
-                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-                return(NULL);
-                }
-        return(sym);
-        }
-
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
-        {
-        void *ptr;
-        DSO_FUNC_TYPE sym, *tsym = &sym;
-
-        if((dso == NULL) || (symname == NULL))
-                {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(sk_num(dso->meth_data) < 1)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
-                return(NULL);
-                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-        if(ptr == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
-                return(NULL);
-                }
-        *(void**)(tsym) = dlsym(ptr, symname);
-        if(sym == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
-                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-                return(NULL);
-                }
-        return(sym);
-        }
-
-static char *dlfcn_name_converter(DSO *dso, const char *filename)
-        {
-        char *translated;
-        int len, rsize, transform;
-
-        len = strlen(filename);
-        rsize = len + 1;
-        transform = (strstr(filename, "/") == NULL);
-        if(transform)
-                {
-                /* We will convert this to "%s.so" or "lib%s.so" */
-                rsize += 3;     /* The length of ".so" */
-                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        rsize += 3; /* The length of "lib" */
-                }
-        translated = OPENSSL_malloc(rsize);
-        if(translated == NULL)
-                {
-                DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
-                                DSO_R_NAME_TRANSLATION_FAILED);
-                return(NULL);
-                }
-        if(transform)
-                {
-                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        snprintf(translated, rsize, "lib%s.so", filename);
-                else
-                        snprintf(translated, rsize, "%s.so", filename);
-                }
-        else
-                snprintf(translated, rsize, "%s", filename);
-        return(translated);
-        }
-
-#ifdef OPENSSL_FIPS
-static void dlfcn_ref_point(){}
-
-int DSO_pathbyaddr(void *addr,char *path,int sz)
-        {
-        Dl_info dli;
-        int len;
-
-        if (addr == NULL)
-                {
-                union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
-                addr = t.p;
-                }
-
-        if (dladdr(addr,&dli))
-                {
-                len = (int)strlen(dli.dli_fname);
-                if (sz <= 0) return len+1;
-                if (len >= sz) len=sz-1;
-                memcpy(path,dli.dli_fname,len);
-                path[len++]=0;
-                return len;
-                }
-
-        ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
-        return -1;
-        }
-#endif
-#endif /* DSO_DLFCN */
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
deleted file mode 100644
index 581677cc36..0000000000
--- a/src/lib/libcrypto/dso/dso_err.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/dso/dso_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dso.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
-
-static ERR_STRING_DATA DSO_str_functs[]=
-        {
-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),       "DLFCN_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR),        "DLFCN_BIND_VAR"},
-{ERR_FUNC(DSO_F_DLFCN_LOAD),    "DLFCN_LOAD"},
-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),  "DLFCN_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DLFCN_UNLOAD),  "DLFCN_UNLOAD"},
-{ERR_FUNC(DSO_F_DL_BIND_FUNC),  "DL_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DL_BIND_VAR),   "DL_BIND_VAR"},
-{ERR_FUNC(DSO_F_DL_LOAD),       "DL_LOAD"},
-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER),     "DL_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DL_UNLOAD),     "DL_UNLOAD"},
-{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
-{ERR_FUNC(DSO_F_DSO_BIND_VAR),  "DSO_bind_var"},
-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),  "DSO_convert_filename"},
-{ERR_FUNC(DSO_F_DSO_CTRL),      "DSO_ctrl"},
-{ERR_FUNC(DSO_F_DSO_FREE),      "DSO_free"},
-{ERR_FUNC(DSO_F_DSO_GET_FILENAME),      "DSO_get_filename"},
-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),       "DSO_get_loaded_filename"},
-{ERR_FUNC(DSO_F_DSO_LOAD),      "DSO_load"},
-{ERR_FUNC(DSO_F_DSO_NEW_METHOD),        "DSO_new_method"},
-{ERR_FUNC(DSO_F_DSO_SET_FILENAME),      "DSO_set_filename"},
-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),        "DSO_set_name_converter"},
-{ERR_FUNC(DSO_F_DSO_UP_REF),    "DSO_up_ref"},
-{ERR_FUNC(DSO_F_VMS_BIND_VAR),  "VMS_BIND_VAR"},
-{ERR_FUNC(DSO_F_VMS_LOAD),      "VMS_LOAD"},
-{ERR_FUNC(DSO_F_VMS_UNLOAD),    "VMS_UNLOAD"},
-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC),       "WIN32_BIND_FUNC"},
-{ERR_FUNC(DSO_F_WIN32_BIND_VAR),        "WIN32_BIND_VAR"},
-{ERR_FUNC(DSO_F_WIN32_LOAD),    "WIN32_LOAD"},
-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),  "WIN32_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_WIN32_UNLOAD),  "WIN32_UNLOAD"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA DSO_str_reasons[]=
-        {
-{ERR_REASON(DSO_R_CTRL_FAILED)           ,"control command failed"},
-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    ,"dso already loaded"},
-{ERR_REASON(DSO_R_FILENAME_TOO_BIG)      ,"filename too big"},
-{ERR_REASON(DSO_R_FINISH_FAILED)         ,"cleanup method function failed"},
-{ERR_REASON(DSO_R_LOAD_FAILED)           ,"could not load the shared library"},
-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
-{ERR_REASON(DSO_R_NO_FILENAME)           ,"no filename"},
-{ERR_REASON(DSO_R_NULL_HANDLE)           ,"a null shared library handle was used"},
-{ERR_REASON(DSO_R_SET_FILENAME_FAILED)   ,"set filename failed"},
-{ERR_REASON(DSO_R_STACK_ERROR)           ,"the meth_data stack is corrupt"},
-{ERR_REASON(DSO_R_SYM_FAILURE)           ,"could not bind to the requested symbol name"},
-{ERR_REASON(DSO_R_UNLOAD_FAILED)         ,"could not unload the shared library"},
-{ERR_REASON(DSO_R_UNSUPPORTED)           ,"functionality not supported"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_DSO_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,DSO_str_functs);
-                ERR_load_strings(0,DSO_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
deleted file mode 100644
index 48d9fdb25e..0000000000
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ /dev/null
@@ -1,439 +0,0 @@
-/* dso_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD *default_DSO_meth = NULL;
-
-DSO *DSO_new(void)
-        {
-        return(DSO_new_method(NULL));
-        }
-
-void DSO_set_default_method(DSO_METHOD *meth)
-        {
-        default_DSO_meth = meth;
-        }
-
-DSO_METHOD *DSO_get_default_method(void)
-        {
-        return(default_DSO_meth);
-        }
-
-DSO_METHOD *DSO_get_method(DSO *dso)
-        {
-        return(dso->meth);
-        }
-
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
-        {
-        DSO_METHOD *mtmp;
-        mtmp = dso->meth;
-        dso->meth = meth;
-        return(mtmp);
-        }
-
-DSO *DSO_new_method(DSO_METHOD *meth)
-        {
-        DSO *ret;
-
-        if(default_DSO_meth == NULL)
-                /* We default to DSO_METH_openssl() which in turn defaults
-                 * to stealing the "best available" method. Will fallback
-                 * to DSO_METH_null() in the worst case. */
-                default_DSO_meth = DSO_METHOD_openssl();
-        ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
-        if(ret == NULL)
-                {
-                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        memset(ret, 0, sizeof(DSO));
-        ret->meth_data = sk_new_null();
-        if(ret->meth_data == NULL)
-                {
-                /* sk_new doesn't generate any errors so we do */
-                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                OPENSSL_free(ret);
-                return(NULL);
-                }
-        if(meth == NULL)
-                ret->meth = default_DSO_meth;
-        else
-                ret->meth = meth;
-        ret->references = 1;
-        if((ret->meth->init != NULL) && !ret->meth->init(ret))
-                {
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-int DSO_free(DSO *dso)
-        {
-        int i;
- 
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
- 
-        i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
-#ifdef REF_PRINT
-        REF_PRINT("DSO",dso);
-#endif
-        if(i > 0) return(1);
-#ifdef REF_CHECK
-        if(i < 0)
-                {
-                fprintf(stderr,"DSO_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
-                {
-                DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
-                return(0);
-                }
- 
-        if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
-                {
-                DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
-                return(0);
-                }
-        
-        sk_free(dso->meth_data);
-        if(dso->filename != NULL)
-                OPENSSL_free(dso->filename);
-        if(dso->loaded_filename != NULL)
-                OPENSSL_free(dso->loaded_filename);
- 
-        OPENSSL_free(dso);
-        return(1);
-        }
-
-int DSO_flags(DSO *dso)
-        {
-        return((dso == NULL) ? 0 : dso->flags);
-        }
-
-
-int DSO_up_ref(DSO *dso)
-        {
-        if (dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-
-        CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
-        return(1);
-        }
-
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
-        {
-        DSO *ret;
-        int allocated = 0;
-
-        if(dso == NULL)
-                {
-                ret = DSO_new_method(meth);
-                if(ret == NULL)
-                        {
-                        DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                allocated = 1;
-                /* Pass the provided flags to the new DSO object */
-                if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
-                        {
-                        DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
-                        goto err;
-                        }
-                }
-        else
-                ret = dso;
-        /* Don't load if we're currently already loaded */
-        if(ret->filename != NULL)
-                {
-                DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
-                goto err;
-                }
-        /* filename can only be NULL if we were passed a dso that already has
-         * one set. */
-        if(filename != NULL)
-                if(!DSO_set_filename(ret, filename))
-                        {
-                        DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
-                        goto err;
-                        }
-        filename = ret->filename;
-        if(filename == NULL)
-                {
-                DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
-                goto err;
-                }
-        if(ret->meth->dso_load == NULL)
-                {
-                DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
-                goto err;
-                }
-        if(!ret->meth->dso_load(ret))
-                {
-                DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
-                goto err;
-                }
-        /* Load succeeded */
-        return(ret);
-err:
-        if(allocated)
-                DSO_free(ret);
-        return(NULL);
-        }
-
-void *DSO_bind_var(DSO *dso, const char *symname)
-        {
-        void *ret = NULL;
-
-        if((dso == NULL) || (symname == NULL))
-                {
-                DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(dso->meth->dso_bind_var == NULL)
-                {
-                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
-                return(NULL);
-                }
-        if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
-                {
-                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
-                return(NULL);
-                }
-        /* Success */
-        return(ret);
-        }
-
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
-        {
-        DSO_FUNC_TYPE ret = NULL;
-
-        if((dso == NULL) || (symname == NULL))
-                {
-                DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(dso->meth->dso_bind_func == NULL)
-                {
-                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
-                return(NULL);
-                }
-        if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
-                {
-                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
-                return(NULL);
-                }
-        /* Success */
-        return(ret);
-        }
-
-/* I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for
- * any error because possible DSO_ctrl() commands may return values
- * such as "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at
- * odd times. I'd prefer "output" values to be passed by reference and
- * the return value as success/failure like usual ... but we conform
- * when we must... :-) */
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
-        {
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-                return(-1);
-                }
-        /* We should intercept certain generic commands and only pass control
-         * to the method-specific ctrl() function if it's something we don't
-         * handle. */
-        switch(cmd)
-                {
-        case DSO_CTRL_GET_FLAGS:
-                return dso->flags;
-        case DSO_CTRL_SET_FLAGS:
-                dso->flags = (int)larg;
-                return(0);
-        case DSO_CTRL_OR_FLAGS:
-                dso->flags |= (int)larg;
-                return(0);
-        default:
-                break;
-                }
-        if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
-                {
-                DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
-                return(-1);
-                }
-        return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
-        }
-
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                        DSO_NAME_CONVERTER_FUNC *oldcb)
-        {
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
-                                ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if(oldcb)
-                *oldcb = dso->name_converter;
-        dso->name_converter = cb;
-        return(1);
-        }
-
-const char *DSO_get_filename(DSO *dso)
-        {
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        return(dso->filename);
-        }
-
-int DSO_set_filename(DSO *dso, const char *filename)
-        {
-        char *copied;
-
-        if((dso == NULL) || (filename == NULL))
-                {
-                DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if(dso->loaded_filename)
-                {
-                DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
-                return(0);
-                }
-        /* We'll duplicate filename */
-        copied = OPENSSL_malloc(strlen(filename) + 1);
-        if(copied == NULL)
-                {
-                DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        BUF_strlcpy(copied, filename, strlen(filename) + 1);
-        if(dso->filename)
-                OPENSSL_free(dso->filename);
-        dso->filename = copied;
-        return(1);
-        }
-
-char *DSO_convert_filename(DSO *dso, const char *filename)
-        {
-        char *result = NULL;
-
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(filename == NULL)
-                filename = dso->filename;
-        if(filename == NULL)
-                {
-                DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
-                return(NULL);
-                }
-        if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-                {
-                if(dso->name_converter != NULL)
-                        result = dso->name_converter(dso, filename);
-                else if(dso->meth->dso_name_converter != NULL)
-                        result = dso->meth->dso_name_converter(dso, filename);
-                }
-        if(result == NULL)
-                {
-                result = OPENSSL_malloc(strlen(filename) + 1);
-                if(result == NULL)
-                        {
-                        DSOerr(DSO_F_DSO_CONVERT_FILENAME,
-                                        ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                BUF_strlcpy(result, filename, strlen(filename) + 1);
-                }
-        return(result);
-        }
-
-const char *DSO_get_loaded_filename(DSO *dso)
-        {
-        if(dso == NULL)
-                {
-                DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
-                                ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        return(dso->loaded_filename);
-        }
diff --git a/src/lib/libcrypto/dso/dso_null.c b/src/lib/libcrypto/dso/dso_null.c
deleted file mode 100644
index fa13a7cb0f..0000000000
--- a/src/lib/libcrypto/dso/dso_null.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* dso_null.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* This "NULL" method is provided as the fallback for systems that have
- * no appropriate support for "shared-libraries". */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD dso_meth_null = {
-        "NULL shared library method",
-        NULL, /* load */
-        NULL, /* unload */
-        NULL, /* bind_var */
-        NULL, /* bind_func */
-/* For now, "unbind" doesn't exist */
-#if 0
-        NULL, /* unbind_var */
-        NULL, /* unbind_func */
-#endif
-        NULL, /* ctrl */
-        NULL, /* init */
-        NULL  /* finish */
-        };
-
-DSO_METHOD *DSO_METHOD_null(void)
-        {
-        return(&dso_meth_null);
-        }
-
diff --git a/src/lib/libcrypto/dso/dso_openssl.c b/src/lib/libcrypto/dso/dso_openssl.c
deleted file mode 100644
index a4395ebffe..0000000000
--- a/src/lib/libcrypto/dso/dso_openssl.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* dso_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-/* We just pinch the method from an appropriate "default" method. */
-
-DSO_METHOD *DSO_METHOD_openssl(void)
-        {
-#ifdef DEF_DSO_METHOD
-        return(DEF_DSO_METHOD());
-#elif defined(DSO_DLFCN)
-        return(DSO_METHOD_dlfcn());
-#elif defined(DSO_DL)
-        return(DSO_METHOD_dl());
-#elif defined(DSO_WIN32)
-        return(DSO_METHOD_win32());
-#elif defined(DSO_VMS)
-        return(DSO_METHOD_vms());
-#else
-        return(DSO_METHOD_null());
-#endif
-        }
-
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
deleted file mode 100644
index 6d6a9b7127..0000000000
--- a/src/lib/libcrypto/ec/ec.h
+++ /dev/null
@@ -1,243 +0,0 @@
-/* crypto/ec/ec.h */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_EC_H
-#define HEADER_EC_H
-
-#ifdef OPENSSL_NO_EC
-#error EC is disabled.
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-typedef enum {
-        /* values as defined in X9.62 (ECDSA) and elsewhere */
-        POINT_CONVERSION_COMPRESSED = 2,
-        POINT_CONVERSION_UNCOMPRESSED = 4,
-        POINT_CONVERSION_HYBRID = 6
-} point_conversion_form_t;
-
-
-typedef struct ec_method_st EC_METHOD;
-
-typedef struct ec_group_st
-        /*
-         EC_METHOD *meth;
-         -- field definition
-         -- curve coefficients
-         -- optional generator with associated information (order, cofactor)
-         -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
-        */
-        EC_GROUP;
-
-typedef struct ec_point_st EC_POINT;
-
-
-/* EC_METHODs for curves over GF(p).
- * EC_GFp_simple_method provides the basis for the optimized methods.
- */
-const EC_METHOD *EC_GFp_simple_method(void);
-const EC_METHOD *EC_GFp_mont_method(void);
-#if 0
-const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
-const EC_METHOD *EC_GFp_nist_method(void); /* TODO */
-#endif
-
-
-EC_GROUP *EC_GROUP_new(const EC_METHOD *);
-void EC_GROUP_free(EC_GROUP *);
-void EC_GROUP_clear_free(EC_GROUP *);
-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
-
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
-        
-
-/* We don't have types for field specifications and field elements in general.
- * Otherwise we could declare
- *     int EC_GROUP_set_curve(EC_GROUP *, .....);
- */
-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-
-/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
- * after choosing an appropriate EC_METHOD */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-
-EC_POINT *EC_POINT_new(const EC_GROUP *);
-void EC_POINT_free(EC_POINT *);
-void EC_POINT_clear_free(EC_POINT *);
-int EC_POINT_copy(EC_POINT *, const EC_POINT *);
- 
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
-
-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, int y_bit, BN_CTX *);
-
-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *);
-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
-        const unsigned char *buf, size_t len, BN_CTX *);
-
-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-
-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-
-
-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
-
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EC_strings(void);
-
-/* Error codes for the EC functions. */
-
-/* Function codes. */
-#define EC_F_COMPUTE_WNAF                                143
-#define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
-#define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
-#define EC_F_EC_GFP_MONT_FIELD_MUL                       131
-#define EC_F_EC_GFP_MONT_FIELD_SQR                       132
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP           100
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR           101
-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
-#define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_COPY                               106
-#define EC_F_EC_GROUP_GET0_GENERATOR                     139
-#define EC_F_EC_GROUP_GET_COFACTOR                       140
-#define EC_F_EC_GROUP_GET_CURVE_GFP                      130
-#define EC_F_EC_GROUP_GET_ORDER                          141
-#define EC_F_EC_GROUP_NEW                                108
-#define EC_F_EC_GROUP_PRECOMPUTE_MULT                    142
-#define EC_F_EC_GROUP_SET_CURVE_GFP                      109
-#define EC_F_EC_GROUP_SET_EXTRA_DATA                     110
-#define EC_F_EC_GROUP_SET_GENERATOR                      111
-#define EC_F_EC_POINTS_MAKE_AFFINE                       136
-#define EC_F_EC_POINTS_MUL                               138
-#define EC_F_EC_POINT_ADD                                112
-#define EC_F_EC_POINT_CMP                                113
-#define EC_F_EC_POINT_COPY                               114
-#define EC_F_EC_POINT_DBL                                115
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
-#define EC_F_EC_POINT_IS_AT_INFINITY                     118
-#define EC_F_EC_POINT_IS_ON_CURVE                        119
-#define EC_F_EC_POINT_MAKE_AFFINE                        120
-#define EC_F_EC_POINT_NEW                                121
-#define EC_F_EC_POINT_OCT2POINT                          122
-#define EC_F_EC_POINT_POINT2OCT                          123
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
-#define EC_F_EC_POINT_SET_TO_INFINITY                    127
-#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP                135
-
-/* Reason codes. */
-#define EC_R_BUFFER_TOO_SMALL                            100
-#define EC_R_INCOMPATIBLE_OBJECTS                        101
-#define EC_R_INVALID_ARGUMENT                            112
-#define EC_R_INVALID_COMPRESSED_POINT                    110
-#define EC_R_INVALID_COMPRESSION_BIT                     109
-#define EC_R_INVALID_ENCODING                            102
-#define EC_R_INVALID_FIELD                               103
-#define EC_R_INVALID_FORM                                104
-#define EC_R_NOT_INITIALIZED                             111
-#define EC_R_POINT_AT_INFINITY                           106
-#define EC_R_POINT_IS_NOT_ON_CURVE                       107
-#define EC_R_SLOT_FULL                                   108
-#define EC_R_UNDEFINED_GENERATOR                         113
-#define EC_R_UNKNOWN_ORDER                               114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/ec/ec_cvt.c b/src/lib/libcrypto/ec/ec_cvt.c
deleted file mode 100644
index 45b0ec33a0..0000000000
--- a/src/lib/libcrypto/ec/ec_cvt.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/ec/ec_cvt.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-
-
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        const EC_METHOD *meth;
-        EC_GROUP *ret;
-        
-        /* Finally, this will use EC_GFp_nist_method if 'p' is a special
-         * prime with optimized modular arithmetics (for NIST curves)
-         */
-        meth = EC_GFp_mont_method();
-        
-        ret = EC_GROUP_new(meth);
-        if (ret == NULL)
-                return NULL;
-
-        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-                {
-                EC_GROUP_clear_free(ret);
-                return NULL;
-                }
-
-        return ret;
-        }
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
deleted file mode 100644
index 5b70f94382..0000000000
--- a/src/lib/libcrypto/ec/ec_err.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* crypto/ec/ec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ec.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
-
-static ERR_STRING_DATA EC_str_functs[]=
-        {
-{ERR_FUNC(EC_F_COMPUTE_WNAF),   "COMPUTE_WNAF"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE),       "ec_GFp_mont_field_decode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE),       "ec_GFp_mont_field_encode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL),  "ec_GFp_mont_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR),  "ec_GFp_mont_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),      "ec_GFp_simple_group_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),      "ec_GFp_simple_group_set_generator"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE),      "ec_GFp_simple_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT),        "ec_GFp_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT),        "ec_GFp_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),       "ec_GFp_simple_points_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),   "ec_GFp_simple_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_COPY),  "EC_GROUP_copy"},
-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR),        "EC_GROUP_get0_generator"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR),  "EC_GROUP_get_cofactor"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),     "EC_GROUP_get_order"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW),   "EC_GROUP_new"},
-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),       "EC_GROUP_precompute_mult"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),        "EC_GROUP_set_extra_data"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),  "EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINTS_MUL),  "EC_POINTs_mul"},
-{ERR_FUNC(EC_F_EC_POINT_ADD),   "EC_POINT_add"},
-{ERR_FUNC(EC_F_EC_POINT_CMP),   "EC_POINT_cmp"},
-{ERR_FUNC(EC_F_EC_POINT_COPY),  "EC_POINT_copy"},
-{ERR_FUNC(EC_F_EC_POINT_DBL),   "EC_POINT_dbl"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),    "EC_POINT_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),       "EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY),        "EC_POINT_is_at_infinity"},
-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE),   "EC_POINT_is_on_curve"},
-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE),   "EC_POINT_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_NEW),   "EC_POINT_new"},
-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT),     "EC_POINT_oct2point"},
-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT),     "EC_POINT_point2oct"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),    "EC_POINT_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),        "EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),       "EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY),       "EC_POINT_set_to_infinity"},
-{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP),   "GFP_MONT_GROUP_SET_CURVE_GFP"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA EC_str_reasons[]=
-        {
-{ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},
-{ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
-{ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
-{ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
-{ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
-{ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE)  ,"point is not on curve"},
-{ERR_REASON(EC_R_SLOT_FULL)              ,"slot full"},
-{ERR_REASON(EC_R_UNDEFINED_GENERATOR)    ,"undefined generator"},
-{ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_EC_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,EC_str_functs);
-                ERR_load_strings(0,EC_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
deleted file mode 100644
index cc4cf27755..0000000000
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ /dev/null
@@ -1,277 +0,0 @@
-/* crypto/ec/ec_lcl.h */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdlib.h>
-
-#include <openssl/ec.h>
-
-
-/* Structure details are not part of the exported interface,
- * so all this may change in future versions. */
-
-struct ec_method_st {
-        /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
-        int (*group_init)(EC_GROUP *);
-        void (*group_finish)(EC_GROUP *);
-        void (*group_clear_finish)(EC_GROUP *);
-        int (*group_copy)(EC_GROUP *, const EC_GROUP *);
-
-        /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
-        int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-        int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-
-        /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
-         * EC_GROUP_get_order, EC_GROUP_get_cofactor:
-         */
-        int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
-                const BIGNUM *order, const BIGNUM *cofactor);
-        EC_POINT *(*group_get0_generator)(const EC_GROUP *);
-        int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-        int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-
-        /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
-        int (*point_init)(EC_POINT *);
-        void (*point_finish)(EC_POINT *);
-        void (*point_clear_finish)(EC_POINT *);
-        int (*point_copy)(EC_POINT *, const EC_POINT *);
-
-        /* used by EC_POINT_set_to_infinity,
-         * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
-         * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
-         * EC_POINT_set_compressed_coordinates_GFp:
-         */
-        int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
-        int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
-                const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-        int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
-                BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-        int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
-                const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-        int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
-                BIGNUM *x, BIGNUM *y, BN_CTX *);
-        int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
-                const BIGNUM *x, int y_bit, BN_CTX *);
-
-        /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
-        size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-                unsigned char *buf, size_t len, BN_CTX *);
-        int (*oct2point)(const EC_GROUP *, EC_POINT *,
-                const unsigned char *buf, size_t len, BN_CTX *);
-
-        /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
-        int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-        int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-        int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
-
-        /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
-        int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
-        int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-        int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-
-        /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
-        int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
-        int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-
-
-        /* internal functions */
-
-        /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
-         * the same implementations of point operations can be used with different
-         * optimized implementations of expensive field operations: */
-        int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-        int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-        int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
-        int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
-        int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-} /* EC_METHOD */;
-
-
-struct ec_group_st {
-        const EC_METHOD *meth;
-
-        void *extra_data;
-        void *(*extra_data_dup_func)(void *);
-        void (*extra_data_free_func)(void *);
-        void (*extra_data_clear_free_func)(void *);
-
-        /* All members except 'meth' and 'extra_data...' are handled by
-         * the method functions, even if they appear generic */
-        
-        BIGNUM field; /* Field specification.
-                       * For curves over GF(p), this is the modulus. */
-
-        BIGNUM a, b; /* Curve coefficients.
-                      * (Here the assumption is that BIGNUMs can be used
-                      * or abused for all kinds of fields, not just GF(p).)
-                      * For characteristic  > 3,  the curve is defined
-                      * by a Weierstrass equation of the form
-                      *     y^2 = x^3 + a*x + b.
-                      */
-        int a_is_minus3; /* enable optimized point arithmetics for special case */
-
-        EC_POINT *generator; /* optional */
-        BIGNUM order, cofactor;
-
-        void *field_data1; /* method-specific (e.g., Montgomery structure) */
-        void *field_data2; /* method-specific */
-} /* EC_GROUP */;
-
-
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
- * (with visibility limited to 'package' level for now).
- * We use the function pointers as index for retrieval; this obviates
- * global ex_data-style index tables.
- * (Currently, we have one slot only, but is is possible to extend this
- * if necessary.) */
-int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-void EC_GROUP_free_extra_data(EC_GROUP *);
-void EC_GROUP_clear_free_extra_data(EC_GROUP *);
-
-
-
-struct ec_point_st {
-        const EC_METHOD *meth;
-
-        /* All members except 'meth' are handled by the method functions,
-         * even if they appear generic */
-
-        BIGNUM X;
-        BIGNUM Y;
-        BIGNUM Z; /* Jacobian projective coordinates:
-                   * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
-        int Z_is_one; /* enable optimized point arithmetics for special case */
-} /* EC_POINT */;
-
-
-
-/* method functions in ecp_smpl.c */
-int ec_GFp_simple_group_init(EC_GROUP *);
-void ec_GFp_simple_group_finish(EC_GROUP *);
-void ec_GFp_simple_group_clear_finish(EC_GROUP *);
-int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
-        const BIGNUM *order, const BIGNUM *cofactor);
-EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
-int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-int ec_GFp_simple_point_init(EC_POINT *);
-void ec_GFp_simple_point_finish(EC_POINT *);
-void ec_GFp_simple_point_clear_finish(EC_POINT *);
-int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
-        const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ecp_mont.c */
-int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_mont_group_finish(EC_GROUP *);
-void ec_GFp_mont_group_clear_finish(EC_GROUP *);
-int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-
-
-/* method functions in ecp_recp.c */
-int ec_GFp_recp_group_init(EC_GROUP *);
-int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_recp_group_finish(EC_GROUP *);
-void ec_GFp_recp_group_clear_finish(EC_GROUP *);
-int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ecp_nist.c */
-int ec_GFp_nist_group_init(EC_GROUP *);
-int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_nist_group_finish(EC_GROUP *);
-void ec_GFp_nist_group_clear_finish(EC_GROUP *);
-int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
deleted file mode 100644
index deb522060f..0000000000
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ /dev/null
@@ -1,656 +0,0 @@
-/* crypto/ec/ec_lib.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
-#include "ec_lcl.h"
-
-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
-
-
-/* functions for EC_GROUP objects */
-
-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
-        {
-        EC_GROUP *ret;
-
-        if (meth == NULL)
-                {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
-                return NULL;
-                }
-        if (meth->group_init == 0)
-                {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return NULL;
-                }
-
-        ret = OPENSSL_malloc(sizeof *ret);
-        if (ret == NULL)
-                {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-
-        ret->meth = meth;
-
-        ret->extra_data = NULL;
-        ret->extra_data_dup_func = 0;
-        ret->extra_data_free_func = 0;
-        ret->extra_data_clear_free_func = 0;
-        
-        if (!meth->group_init(ret))
-                {
-                OPENSSL_free(ret);
-                return NULL;
-                }
-        
-        return ret;
-        }
-
-
-void EC_GROUP_free(EC_GROUP *group)
-        {
-        if (!group) return;
-
-        if (group->meth->group_finish != 0)
-                group->meth->group_finish(group);
-
-        EC_GROUP_free_extra_data(group);
-
-        OPENSSL_free(group);
-        }
- 
-
-void EC_GROUP_clear_free(EC_GROUP *group)
-        {
-        if (!group) return;
-
-        if (group->meth->group_clear_finish != 0)
-                group->meth->group_clear_finish(group);
-        else if (group->meth != NULL && group->meth->group_finish != 0)
-                group->meth->group_finish(group);
-
-        EC_GROUP_clear_free_extra_data(group);
-
-        OPENSSL_cleanse(group, sizeof *group);
-        OPENSSL_free(group);
-        }
-
-
-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
-        {
-        if (dest->meth->group_copy == 0)
-                {
-                ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (dest->meth != src->meth)
-                {
-                ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        if (dest == src)
-                return 1;
-        
-        EC_GROUP_clear_free_extra_data(dest);
-        if (src->extra_data_dup_func)
-                {
-                if (src->extra_data != NULL)
-                        {
-                        dest->extra_data = src->extra_data_dup_func(src->extra_data);
-                        if (dest->extra_data == NULL)
-                                return 0;
-                        }
-
-                dest->extra_data_dup_func = src->extra_data_dup_func;
-                dest->extra_data_free_func = src->extra_data_free_func;
-                dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
-                }
-
-        return dest->meth->group_copy(dest, src);
-        }
-
-
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
-        {
-        return group->meth;
-        }
-
-
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        if (group->meth->group_set_curve_GFp == 0)
-                {
-                ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_set_curve_GFp(group, p, a, b, ctx);
-        }
-
-
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-        {
-        if (group->meth->group_get_curve_GFp == 0)
-                {
-                ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_get_curve_GFp(group, p, a, b, ctx);
-        }
-
-
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
-        {
-        if (group->meth->group_set_generator == 0)
-                {
-                ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_set_generator(group, generator, order, cofactor);
-        }
-
-
-EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
-        {
-        if (group->meth->group_get0_generator == 0)
-                {
-                ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_get0_generator(group);
-        }
-
-
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
-        {
-        if (group->meth->group_get_order == 0)
-                {
-                ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_get_order(group, order, ctx);
-        }
-
-
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
-        {
-        if (group->meth->group_get_cofactor == 0)
-                {
-                ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        return group->meth->group_get_cofactor(group, cofactor, ctx);
-        }
-
-
-/* this has 'package' visibility */
-int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
-        {
-        if ((group->extra_data != NULL)
-                || (group->extra_data_dup_func != 0)
-                || (group->extra_data_free_func != 0)
-                || (group->extra_data_clear_free_func != 0))
-                {
-                ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
-                return 0;
-                }
-
-        group->extra_data = extra_data;
-        group->extra_data_dup_func = extra_data_dup_func;
-        group->extra_data_free_func = extra_data_free_func;
-        group->extra_data_clear_free_func = extra_data_clear_free_func;
-        return 1;
-        }
-
-
-/* this has 'package' visibility */
-void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
-        {
-        if ((group->extra_data_dup_func != extra_data_dup_func)
-                || (group->extra_data_free_func != extra_data_free_func)
-                || (group->extra_data_clear_free_func != extra_data_clear_free_func))
-                {
-#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
-                ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
-#endif
-                return NULL;
-                }
-
-        return group->extra_data;
-        }
-
-
-/* this has 'package' visibility */
-void EC_GROUP_free_extra_data(EC_GROUP *group)
-        {
-        if (group->extra_data_free_func)
-                group->extra_data_free_func(group->extra_data);
-        group->extra_data = NULL;
-        group->extra_data_dup_func = 0;
-        group->extra_data_free_func = 0;
-        group->extra_data_clear_free_func = 0;
-        }
-
-
-/* this has 'package' visibility */
-void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
-        {
-        if (group->extra_data_clear_free_func)
-                group->extra_data_clear_free_func(group->extra_data);
-        else if (group->extra_data_free_func)
-                group->extra_data_free_func(group->extra_data);
-        group->extra_data = NULL;
-        group->extra_data_dup_func = 0;
-        group->extra_data_free_func = 0;
-        group->extra_data_clear_free_func = 0;
-        }
-
-
-
-/* functions for EC_POINT objects */
-
-EC_POINT *EC_POINT_new(const EC_GROUP *group)
-        {
-        EC_POINT *ret;
-
-        if (group == NULL)
-                {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
-                return NULL;
-                }
-        if (group->meth->point_init == 0)
-                {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return NULL;
-                }
-
-        ret = OPENSSL_malloc(sizeof *ret);
-        if (ret == NULL)
-                {
-                ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-
-        ret->meth = group->meth;
-        
-        if (!ret->meth->point_init(ret))
-                {
-                OPENSSL_free(ret);
-                return NULL;
-                }
-        
-        return ret;
-        }
-
-
-void EC_POINT_free(EC_POINT *point)
-        {
-        if (!point) return;
-
-        if (point->meth->point_finish != 0)
-                point->meth->point_finish(point);
-        OPENSSL_free(point);
-        }
- 
-
-void EC_POINT_clear_free(EC_POINT *point)
-        {
-        if (!point) return;
-
-        if (point->meth->point_clear_finish != 0)
-                point->meth->point_clear_finish(point);
-        else if (point->meth != NULL && point->meth->point_finish != 0)
-                point->meth->point_finish(point);
-        OPENSSL_cleanse(point, sizeof *point);
-        OPENSSL_free(point);
-        }
-
-
-int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
-        {
-        if (dest->meth->point_copy == 0)
-                {
-                ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (dest->meth != src->meth)
-                {
-                ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        if (dest == src)
-                return 1;
-        return dest->meth->point_copy(dest, src);
-        }
-
-
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
-        {
-        return point->meth;
-        }
-
-
-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-        {
-        if (group->meth->point_set_to_infinity == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_to_infinity(group, point);
-        }
-
-
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-        {
-        if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-        }
-
-
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-        {
-        if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
-                {
-                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-        }
-
-
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-        {
-        if (group->meth->point_set_affine_coordinates_GFp == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx);
-        }
-
-
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-        {
-        if (group->meth->point_get_affine_coordinates_GFp == 0)
-                {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx);
-        }
-
-
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, int y_bit, BN_CTX *ctx)
-        {
-        if (group->meth->point_set_compressed_coordinates_GFp == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx);
-        }
-
-
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx)
-        {
-        if (group->meth->point2oct == 0)
-                {
-                ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point2oct(group, point, form, buf, len, ctx);
-        }
-
-
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
-        const unsigned char *buf, size_t len, BN_CTX *ctx)
-        {
-        if (group->meth->oct2point == 0)
-                {
-                ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->oct2point(group, point, buf, len, ctx);
-        }
-
-
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-        {
-        if (group->meth->add == 0)
-                {
-                ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
-                {
-                ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->add(group, r, a, b, ctx);
-        }
-
-
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-        {
-        if (group->meth->dbl == 0)
-                {
-                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if ((group->meth != r->meth) || (r->meth != a->meth))
-                {
-                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->dbl(group, r, a, ctx);
-        }
-
-
-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
-        {
-        if (group->meth->dbl == 0)
-                {
-                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != a->meth)
-                {
-                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->invert(group, a, ctx);
-        }
-
-
-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-        {
-        if (group->meth->is_at_infinity == 0)
-                {
-                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->is_at_infinity(group, point);
-        }
-
-
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-        {
-        if (group->meth->is_on_curve == 0)
-                {
-                ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->is_on_curve(group, point, ctx);
-        }
-
-
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-        {
-        if (group->meth->point_cmp == 0)
-                {
-                ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if ((group->meth != a->meth) || (a->meth != b->meth))
-                {
-                ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_cmp(group, a, b, ctx);
-        }
-
-
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-        {
-        if (group->meth->make_affine == 0)
-                {
-                ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->make_affine(group, point, ctx);
-        }
-
-
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-        {
-        size_t i;
-
-        if (group->meth->points_make_affine == 0)
-                {
-                ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        for (i = 0; i < num; i++)
-                {
-                if (group->meth != points[i]->meth)
-                        {
-                        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-                        return 0;
-                        }
-                }
-        return group->meth->points_make_affine(group, num, points, ctx);
-        }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
deleted file mode 100644
index 16822a73cf..0000000000
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/* crypto/ec/ec_mult.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-/* TODO: optional precomputation of multiples of the generator */
-
-
-
-/*
- * wNAF-based interleaving multi-exponentation method
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
- */
-
-
-/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
- * This is an array  r[]  of values that are either zero or odd with an
- * absolute value less than  2^w  satisfying
- *     scalar = \sum_j r[j]*2^j
- * where at most one of any  w+1  consecutive digits is non-zero.
- */
-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx)
-        {
-        BIGNUM *c;
-        int ok = 0;
-        signed char *r = NULL;
-        int sign = 1;
-        int bit, next_bit, mask;
-        size_t len = 0, j;
-        
-        BN_CTX_start(ctx);
-        c = BN_CTX_get(ctx);
-        if (c == NULL) goto err;
-        
-        if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-        bit = 1 << w; /* at most 128 */
-        next_bit = bit << 1; /* at most 256 */
-        mask = next_bit - 1; /* at most 255 */
-
-        if (!BN_copy(c, scalar)) goto err;
-        if (c->neg)
-                {
-                sign = -1;
-                c->neg = 0;
-                }
-
-        len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */
-        r = OPENSSL_malloc(len);
-        if (r == NULL) goto err;
-
-        j = 0;
-        while (!BN_is_zero(c))
-                {
-                int u = 0;
-
-                if (BN_is_odd(c)) 
-                        {
-                        if (c->d == NULL || c->top == 0)
-                                {
-                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        u = c->d[0] & mask;
-                        if (u & bit)
-                                {
-                                u -= next_bit;
-                                /* u < 0 */
-                                if (!BN_add_word(c, -u)) goto err;
-                                }
-                        else
-                                {
-                                /* u > 0 */
-                                if (!BN_sub_word(c, u)) goto err;
-                                }
-
-                        if (u <= -bit || u >= bit || !(u & 1) || c->neg)
-                                {
-                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        }
-
-                r[j++] = sign * u;
-                
-                if (BN_is_odd(c))
-                        {
-                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                if (!BN_rshift1(c, c)) goto err;
-                }
-
-        if (j > len)
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-        len = j;
-        ok = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (!ok)
-                {
-                OPENSSL_free(r);
-                r = NULL;
-                }
-        if (ok)
-                *ret_len = len;
-        return r;
-        }
-
-
-/* TODO: table should be optimised for the wNAF-based implementation,
- *       sometimes smaller windows will give better performance
- *       (thus the boundaries should be increased)
- */
-#define EC_window_bits_for_scalar_size(b) \
-                ((size_t) \
-                 ((b) >= 2000 ? 6 : \
-                  (b) >=  800 ? 5 : \
-                  (b) >=  300 ? 4 : \
-                  (b) >=   70 ? 3 : \
-                  (b) >=   20 ? 2 : \
-                   1))
-
-/* Compute
- *      \sum scalars[i]*points[i],
- * also including
- *      scalar*generator
- * in the addition if scalar != NULL
- */
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        EC_POINT *generator = NULL;
-        EC_POINT *tmp = NULL;
-        size_t totalnum;
-        size_t i, j;
-        int k;
-        int r_is_inverted = 0;
-        int r_is_at_infinity = 1;
-        size_t *wsize = NULL; /* individual window sizes */
-        signed char **wNAF = NULL; /* individual wNAFs */
-        size_t *wNAF_len = NULL;
-        size_t max_len = 0;
-        size_t num_val;
-        EC_POINT **val = NULL; /* precomputation */
-        EC_POINT **v;
-        EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
-        int ret = 0;
-        
-        if (group->meth != r->meth)
-                {
-                ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-
-        if ((scalar == NULL) && (num == 0))
-                {
-                return EC_POINT_set_to_infinity(group, r);
-                }
-
-        if (scalar != NULL)
-                {
-                generator = EC_GROUP_get0_generator(group);
-                if (generator == NULL)
-                        {
-                        ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
-                        return 0;
-                        }
-                }
-        
-        for (i = 0; i < num; i++)
-                {
-                if (group->meth != points[i]->meth)
-                        {
-                        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-                        return 0;
-                        }
-                }
-
-        totalnum = num + (scalar != NULL);
-
-        wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
-        wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
-        wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
-        if (wNAF != NULL)
-                {
-                wNAF[0] = NULL; /* preliminary pivot */
-                }
-        if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
-
-        /* num_val := total number of points to precompute */
-        num_val = 0;
-        for (i = 0; i < totalnum; i++)
-                {
-                size_t bits;
-
-                bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
-                wsize[i] = EC_window_bits_for_scalar_size(bits);
-                num_val += 1u << (wsize[i] - 1);
-                }
-
-        /* all precomputed points go into a single array 'val',
-         * 'val_sub[i]' is a pointer to the subarray for the i-th point */
-        val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
-        if (val == NULL) goto err;
-        val[num_val] = NULL; /* pivot element */
-
-        val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-        if (val_sub == NULL) goto err;
-
-        /* allocate points for precomputation */
-        v = val;
-        for (i = 0; i < totalnum; i++)
-                {
-                val_sub[i] = v;
-                for (j = 0; j < (1u << (wsize[i] - 1)); j++)
-                        {
-                        *v = EC_POINT_new(group);
-                        if (*v == NULL) goto err;
-                        v++;
-                        }
-                }
-        if (!(v == val + num_val))
-                {
-                ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        goto err;
-                }
-        
-        tmp = EC_POINT_new(group);
-        if (tmp == NULL) goto err;
-
-        /* prepare precomputed values:
-         *    val_sub[i][0] :=     points[i]
-         *    val_sub[i][1] := 3 * points[i]
-         *    val_sub[i][2] := 5 * points[i]
-         *    ...
-         */
-        for (i = 0; i < totalnum; i++)
-                {
-                if (i < num)
-                        {
-                        if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
-                        }
-                else
-                        {
-                        if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
-                        }
-
-                if (wsize[i] > 1)
-                        {
-                        if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
-                        for (j = 1; j < (1u << (wsize[i] - 1)); j++)
-                                {
-                                if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
-                                }
-                        }
-
-                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
-                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx);
-                if (wNAF[i] == NULL) goto err;
-                if (wNAF_len[i] > max_len)
-                        max_len = wNAF_len[i];
-                }
-
-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
-        if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
-#endif
-
-        r_is_at_infinity = 1;
-
-        for (k = max_len - 1; k >= 0; k--)
-                {
-                if (!r_is_at_infinity)
-                        {
-                        if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
-                        }
-                
-                for (i = 0; i < totalnum; i++)
-                        {
-                        if (wNAF_len[i] > (size_t)k)
-                                {
-                                int digit = wNAF[i][k];
-                                int is_neg;
-
-                                if (digit) 
-                                        {
-                                        is_neg = digit < 0;
-
-                                        if (is_neg)
-                                                digit = -digit;
-
-                                        if (is_neg != r_is_inverted)
-                                                {
-                                                if (!r_is_at_infinity)
-                                                        {
-                                                        if (!EC_POINT_invert(group, r, ctx)) goto err;
-                                                        }
-                                                r_is_inverted = !r_is_inverted;
-                                                }
-
-                                        /* digit > 0 */
-
-                                        if (r_is_at_infinity)
-                                                {
-                                                if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
-                                                r_is_at_infinity = 0;
-                                                }
-                                        else
-                                                {
-                                                if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
-                                                }
-                                        }
-                                }
-                        }
-                }
-
-        if (r_is_at_infinity)
-                {
-                if (!EC_POINT_set_to_infinity(group, r)) goto err;
-                }
-        else
-                {
-                if (r_is_inverted)
-                        if (!EC_POINT_invert(group, r, ctx)) goto err;
-                }
-        
-        ret = 1;
-
- err:
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        if (tmp != NULL)
-                EC_POINT_free(tmp);
-        if (wsize != NULL)
-                OPENSSL_free(wsize);
-        if (wNAF_len != NULL)
-                OPENSSL_free(wNAF_len);
-        if (wNAF != NULL)
-                {
-                signed char **w;
-                
-                for (w = wNAF; *w != NULL; w++)
-                        OPENSSL_free(*w);
-                
-                OPENSSL_free(wNAF);
-                }
-        if (val != NULL)
-                {
-                for (v = val; *v != NULL; v++)
-                        EC_POINT_clear_free(*v);
-
-                OPENSSL_free(val);
-                }
-        if (val_sub != NULL)
-                {
-                OPENSSL_free(val_sub);
-                }
-        return ret;
-        }
-
-
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
-        {
-        const EC_POINT *points[1];
-        const BIGNUM *scalars[1];
-
-        points[0] = point;
-        scalars[0] = p_scalar;
-
-        return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
-        }
-
-
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-        {
-        const EC_POINT *generator;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *order;
-        int ret = 0;
-
-        generator = EC_GROUP_get0_generator(group);
-        if (generator == NULL)
-                {
-                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
-                return 0;
-                }
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-        
-        BN_CTX_start(ctx);
-        order = BN_CTX_get(ctx);
-        if (order == NULL) goto err;
-        
-        if (!EC_GROUP_get_order(group, order, ctx)) return 0;
-        if (BN_is_zero(order))
-                {
-                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
-                goto err;
-                }
-
-        /* TODO */
-
-        ret = 1;
-        
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
deleted file mode 100644
index 7b30d4c38a..0000000000
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/* crypto/ec/ecp_mont.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-const EC_METHOD *EC_GFp_mont_method(void)
-        {
-        static const EC_METHOD ret = {
-                ec_GFp_mont_group_init,
-                ec_GFp_mont_group_finish,
-                ec_GFp_mont_group_clear_finish,
-                ec_GFp_mont_group_copy,
-                ec_GFp_mont_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_get0_generator,
-                ec_GFp_simple_group_get_order,
-                ec_GFp_simple_group_get_cofactor,
-                ec_GFp_simple_point_init,
-                ec_GFp_simple_point_finish,
-                ec_GFp_simple_point_clear_finish,
-                ec_GFp_simple_point_copy,
-                ec_GFp_simple_point_set_to_infinity,
-                ec_GFp_simple_set_Jprojective_coordinates_GFp,
-                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates_GFp,
-                ec_GFp_simple_point2oct,
-                ec_GFp_simple_oct2point,
-                ec_GFp_simple_add,
-                ec_GFp_simple_dbl,
-                ec_GFp_simple_invert,
-                ec_GFp_simple_is_at_infinity,
-                ec_GFp_simple_is_on_curve,
-                ec_GFp_simple_cmp,
-                ec_GFp_simple_make_affine,
-                ec_GFp_simple_points_make_affine,
-                ec_GFp_mont_field_mul,
-                ec_GFp_mont_field_sqr,
-                ec_GFp_mont_field_encode,
-                ec_GFp_mont_field_decode,
-                ec_GFp_mont_field_set_to_one };
-
-        return &ret;
-        }
-
-
-int ec_GFp_mont_group_init(EC_GROUP *group)
-        {
-        int ok;
-
-        ok = ec_GFp_simple_group_init(group);
-        group->field_data1 = NULL;
-        group->field_data2 = NULL;
-        return ok;
-        }
-
-
-int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BN_MONT_CTX *mont = NULL;
-        BIGNUM *one = NULL;
-        int ret = 0;
-
-        if (group->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                }
-        if (group->field_data2 != NULL)
-                {
-                BN_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
-        
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        mont = BN_MONT_CTX_new();
-        if (mont == NULL) goto err;
-        if (!BN_MONT_CTX_set(mont, p, ctx))
-                {
-                ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB);
-                goto err;
-                }
-        one = BN_new();
-        if (one == NULL) goto err;
-        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-
-        group->field_data1 = mont;
-        mont = NULL;
-        group->field_data2 = one;
-        one = NULL;
-
-        ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx);
-
-        if (!ret)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                BN_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
-
- err:
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        if (mont != NULL)
-                BN_MONT_CTX_free(mont);
-        return ret;
-        }
-
-
-void ec_GFp_mont_group_finish(EC_GROUP *group)
-        {
-        if (group->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                }
-        if (group->field_data2 != NULL)
-                {
-                BN_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
-        ec_GFp_simple_group_finish(group);
-        }
-
-
-void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
-        {
-        if (group->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                }
-        if (group->field_data2 != NULL)
-                {
-                BN_clear_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
-        ec_GFp_simple_group_clear_finish(group);
-        }
-
-
-int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-        {
-        if (dest->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(dest->field_data1);
-                dest->field_data1 = NULL;
-                }
-        if (dest->field_data2 != NULL)
-                {
-                BN_clear_free(dest->field_data2);
-                dest->field_data2 = NULL;
-                }
-
-        if (!ec_GFp_simple_group_copy(dest, src)) return 0;
-
-        if (src->field_data1 != NULL)
-                {
-                dest->field_data1 = BN_MONT_CTX_new();
-                if (dest->field_data1 == NULL) return 0;
-                if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
-                }
-        if (src->field_data2 != NULL)
-                {
-                dest->field_data2 = BN_dup(src->field_data2);
-                if (dest->field_data2 == NULL) goto err;
-                }
-
-        return 1;
-
- err:
-        if (dest->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(dest->field_data1);
-                dest->field_data1 = NULL;
-                }
-        return 0;       
-        }
-
-
-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        if (group->field_data1 == NULL)
-                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
-                return 0;
-                }
-
-        return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
-        }
-
-
-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-        {
-        if (group->field_data1 == NULL)
-                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
-                return 0;
-                }
-
-        return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
-        }
-
-
-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-        {
-        if (group->field_data1 == NULL)
-                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
-                return 0;
-                }
-
-        return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
-        }
-
-
-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-        {
-        if (group->field_data1 == NULL)
-                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
-                return 0;
-                }
-
-        return BN_from_montgomery(r, a, group->field_data1, ctx);
-        }
-
-
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
-        {
-        if (group->field_data2 == NULL)
-                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
-                return 0;
-                }
-
-        if (!BN_copy(r, group->field_data2)) return 0;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
deleted file mode 100644
index ed07748675..0000000000
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* crypto/ec/ecp_nist.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-
-#if 0
-const EC_METHOD *EC_GFp_nist_method(void)
-        {
-        static const EC_METHOD ret = {
-                ec_GFp_nist_group_init,
-                ec_GFp_nist_group_finish,
-                ec_GFp_nist_group_clear_finish,
-                ec_GFp_nist_group_copy,
-                ec_GFp_nist_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_get0_generator,
-                ec_GFp_simple_group_get_order,
-                ec_GFp_simple_group_get_cofactor,
-                ec_GFp_simple_point_init,
-                ec_GFp_simple_point_finish,
-                ec_GFp_simple_point_clear_finish,
-                ec_GFp_simple_point_copy,
-                ec_GFp_simple_point_set_to_infinity,
-                ec_GFp_simple_set_Jprojective_coordinates_GFp,
-                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates_GFp,
-                ec_GFp_simple_point2oct,
-                ec_GFp_simple_oct2point,
-                ec_GFp_simple_add,
-                ec_GFp_simple_dbl,
-                ec_GFp_simple_invert,
-                ec_GFp_simple_is_at_infinity,
-                ec_GFp_simple_is_on_curve,
-                ec_GFp_simple_cmp,
-                ec_GFp_simple_make_affine,
-                ec_GFp_simple_points_make_affine,
-                ec_GFp_nist_field_mul,
-                ec_GFp_nist_field_sqr,
-                0 /* field_encode */,
-                0 /* field_decode */,
-                0 /* field_set_to_one */ };
-
-        return &ret;
-        }
-#endif
-
-
-int ec_GFp_nist_group_init(EC_GROUP *group)
-        {
-        int ok;
-
-        ok = ec_GFp_simple_group_init(group);
-        group->field_data1 = NULL;
-        return ok;
-        }
-
-
-int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-/* TODO */
-
-
-void ec_GFp_nist_group_finish(EC_GROUP *group);
-/* TODO */
-
-
-void ec_GFp_nist_group_clear_finish(EC_GROUP *group);
-/* TODO */
-
-
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
-/* TODO */
-
-
-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-/* TODO */
-
-
-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
-/* TODO */
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
deleted file mode 100644
index e9a51fb87a..0000000000
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ /dev/null
@@ -1,1717 +0,0 @@
-/* crypto/ec/ecp_smpl.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-const EC_METHOD *EC_GFp_simple_method(void)
-        {
-        static const EC_METHOD ret = {
-                ec_GFp_simple_group_init,
-                ec_GFp_simple_group_finish,
-                ec_GFp_simple_group_clear_finish,
-                ec_GFp_simple_group_copy,
-                ec_GFp_simple_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_get0_generator,
-                ec_GFp_simple_group_get_order,
-                ec_GFp_simple_group_get_cofactor,
-                ec_GFp_simple_point_init,
-                ec_GFp_simple_point_finish,
-                ec_GFp_simple_point_clear_finish,
-                ec_GFp_simple_point_copy,
-                ec_GFp_simple_point_set_to_infinity,
-                ec_GFp_simple_set_Jprojective_coordinates_GFp,
-                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates_GFp,
-                ec_GFp_simple_point2oct,
-                ec_GFp_simple_oct2point,
-                ec_GFp_simple_add,
-                ec_GFp_simple_dbl,
-                ec_GFp_simple_invert,
-                ec_GFp_simple_is_at_infinity,
-                ec_GFp_simple_is_on_curve,
-                ec_GFp_simple_cmp,
-                ec_GFp_simple_make_affine,
-                ec_GFp_simple_points_make_affine,
-                ec_GFp_simple_field_mul,
-                ec_GFp_simple_field_sqr,
-                0 /* field_encode */,
-                0 /* field_decode */,
-                0 /* field_set_to_one */ };
-
-        return &ret;
-        }
-
-
-int ec_GFp_simple_group_init(EC_GROUP *group)
-        {
-        BN_init(&group->field);
-        BN_init(&group->a);
-        BN_init(&group->b);
-        group->a_is_minus3 = 0;
-        group->generator = NULL;
-        BN_init(&group->order);
-        BN_init(&group->cofactor);
-        return 1;
-        }
-
-
-void ec_GFp_simple_group_finish(EC_GROUP *group)
-        {
-        BN_free(&group->field);
-        BN_free(&group->a);
-        BN_free(&group->b);
-        if (group->generator != NULL)
-                EC_POINT_free(group->generator);
-        BN_free(&group->order);
-        BN_free(&group->cofactor);
-        }
-
-
-void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
-        {
-        BN_clear_free(&group->field);
-        BN_clear_free(&group->a);
-        BN_clear_free(&group->b);
-        if (group->generator != NULL)
-                {
-                EC_POINT_clear_free(group->generator);
-                group->generator = NULL;
-                }
-        BN_clear_free(&group->order);
-        BN_clear_free(&group->cofactor);
-        }
-
-
-int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-        {
-        if (!BN_copy(&dest->field, &src->field)) return 0;
-        if (!BN_copy(&dest->a, &src->a)) return 0;
-        if (!BN_copy(&dest->b, &src->b)) return 0;
-
-        dest->a_is_minus3 = src->a_is_minus3;
-
-        if (src->generator != NULL)
-                {
-                if (dest->generator == NULL)
-                        {
-                        dest->generator = EC_POINT_new(dest);
-                        if (dest->generator == NULL) return 0;
-                        }
-                if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
-                }
-        else
-                {
-                /* src->generator == NULL */
-                if (dest->generator != NULL)
-                        {
-                        EC_POINT_clear_free(dest->generator);
-                        dest->generator = NULL;
-                        }
-                }
-
-        if (!BN_copy(&dest->order, &src->order)) return 0;
-        if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
-
-        return 1;
-        }
-
-
-int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group,
-        const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        int ret = 0;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *tmp_a;
-        
-        /* p must be a prime > 3 */
-        if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD);
-                return 0;
-                }
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        tmp_a = BN_CTX_get(ctx);
-        if (tmp_a == NULL) goto err;
-
-        /* group->field */
-        if (!BN_copy(&group->field, p)) goto err;
-        group->field.neg = 0;
-
-        /* group->a */
-        if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
-        if (group->meth->field_encode)
-                { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }     
-        else
-                if (!BN_copy(&group->a, tmp_a)) goto err;
-        
-        /* group->b */
-        if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
-        if (group->meth->field_encode)
-                if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
-        
-        /* group->a_is_minus3 */
-        if (!BN_add_word(tmp_a, 3)) goto err;
-        group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
-
-        ret = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-        {
-        int ret = 0;
-        BN_CTX *new_ctx = NULL;
-        
-        if (p != NULL)
-                {
-                if (!BN_copy(p, &group->field)) return 0;
-                }
-
-        if (a != NULL || b != NULL)
-                {
-                if (group->meth->field_decode)
-                        {
-                        if (ctx == NULL)
-                                {
-                                ctx = new_ctx = BN_CTX_new();
-                                if (ctx == NULL)
-                                        return 0;
-                                }
-                        if (a != NULL)
-                                {
-                                if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-                                }
-                        if (b != NULL)
-                                {
-                                if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-                                }
-                        }
-                else
-                        {
-                        if (a != NULL)
-                                {
-                                if (!BN_copy(a, &group->a)) goto err;
-                                }
-                        if (b != NULL)
-                                {
-                                if (!BN_copy(b, &group->b)) goto err;
-                                }
-                        }
-                }
-        
-        ret = 1;
-        
- err:
-        if (new_ctx)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-
-int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator,
-        const BIGNUM *order, const BIGNUM *cofactor)
-        {
-        if (generator == NULL)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
-                return 0   ;
-                }
-
-        if (group->generator == NULL)
-                {
-                group->generator = EC_POINT_new(group);
-                if (group->generator == NULL) return 0;
-                }
-        if (!EC_POINT_copy(group->generator, generator)) return 0;
-
-        if (order != NULL)
-                { if (!BN_copy(&group->order, order)) return 0; }       
-        else
-                { if (!BN_zero(&group->order)) return 0; }      
-
-        if (cofactor != NULL)
-                { if (!BN_copy(&group->cofactor, cofactor)) return 0; } 
-        else
-                { if (!BN_zero(&group->cofactor)) return 0; }   
-
-        return 1;
-        }
-
-
-EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group)
-        {
-        return group->generator;
-        }
-
-
-int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
-        {
-        if (!BN_copy(order, &group->order))
-                return 0;
-
-        return !BN_is_zero(&group->order);
-        }
-
-
-int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
-        {
-        if (!BN_copy(cofactor, &group->cofactor))
-                return 0;
-
-        return !BN_is_zero(&group->cofactor);
-        }
-
-
-int ec_GFp_simple_point_init(EC_POINT *point)
-        {
-        BN_init(&point->X);
-        BN_init(&point->Y);
-        BN_init(&point->Z);
-        point->Z_is_one = 0;
-
-        return 1;
-        }
-
-
-void ec_GFp_simple_point_finish(EC_POINT *point)
-        {
-        BN_free(&point->X);
-        BN_free(&point->Y);
-        BN_free(&point->Z);
-        }
-
-
-void ec_GFp_simple_point_clear_finish(EC_POINT *point)
-        {
-        BN_clear_free(&point->X);
-        BN_clear_free(&point->Y);
-        BN_clear_free(&point->Z);
-        point->Z_is_one = 0;
-        }
-
-
-int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-        {
-        if (!BN_copy(&dest->X, &src->X)) return 0;
-        if (!BN_copy(&dest->Y, &src->Y)) return 0;
-        if (!BN_copy(&dest->Z, &src->Z)) return 0;
-        dest->Z_is_one = src->Z_is_one;
-
-        return 1;
-        }
-
-
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-        {
-        point->Z_is_one = 0;
-        return (BN_zero(&point->Z));
-        }
-
-
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        int ret = 0;
-        
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        if (x != NULL)
-                {
-                if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
-                if (group->meth->field_encode)
-                        {
-                        if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
-                        }
-                }
-        
-        if (y != NULL)
-                {
-                if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
-                if (group->meth->field_encode)
-                        {
-                        if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
-                        }
-                }
-        
-        if (z != NULL)
-                {
-                int Z_is_one;
-
-                if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
-                Z_is_one = BN_is_one(&point->Z);
-                if (group->meth->field_encode)
-                        {
-                        if (Z_is_one && (group->meth->field_set_to_one != 0))
-                                {
-                                if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
-                                }
-                        else
-                                {
-                                if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
-                                }
-                        }
-                point->Z_is_one = Z_is_one;
-                }
-        
-        ret = 1;
-        
- err:
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        int ret = 0;
-        
-        if (group->meth->field_decode != 0)
-                {
-                if (ctx == NULL)
-                        {
-                        ctx = new_ctx = BN_CTX_new();
-                        if (ctx == NULL)
-                                return 0;
-                        }
-
-                if (x != NULL)
-                        {
-                        if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-                        }
-                if (y != NULL)
-                        {
-                        if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-                        }
-                if (z != NULL)
-                        {
-                        if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
-                        }
-                }
-        else    
-                {
-                if (x != NULL)
-                        {
-                        if (!BN_copy(x, &point->X)) goto err;
-                        }
-                if (y != NULL)
-                        {
-                        if (!BN_copy(y, &point->Y)) goto err;
-                        }
-                if (z != NULL)
-                        {
-                        if (!BN_copy(z, &point->Z)) goto err;
-                        }
-                }
-        
-        ret = 1;
-
- err:
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-        {
-        if (x == NULL || y == NULL)
-                {
-                /* unlike for projective coordinates, we do not tolerate this */
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-
-        return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
-        }
-
-
-int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
-        const BIGNUM *X_, *Y_, *Z_;
-        int ret = 0;
-
-        if (EC_POINT_is_at_infinity(group, point))
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY);
-                return 0;
-                }
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        X = BN_CTX_get(ctx);
-        Y = BN_CTX_get(ctx);
-        Z = BN_CTX_get(ctx);
-        Z_1 = BN_CTX_get(ctx);
-        Z_2 = BN_CTX_get(ctx);
-        Z_3 = BN_CTX_get(ctx);
-        if (Z_3 == NULL) goto err;
-
-        /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
-        
-        if (group->meth->field_decode)
-                {
-                if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
-                if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
-                if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
-                X_ = X; Y_ = Y; Z_ = Z;
-                }
-        else
-                {
-                X_ = &point->X;
-                Y_ = &point->Y;
-                Z_ = &point->Z;
-                }
-        
-        if (BN_is_one(Z_))
-                {
-                if (x != NULL)
-                        {
-                        if (!BN_copy(x, X_)) goto err;
-                        }
-                if (y != NULL)
-                        {
-                        if (!BN_copy(y, Y_)) goto err;
-                        }
-                }
-        else
-                {
-                if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB);
-                        goto err;
-                        }
-                
-                if (group->meth->field_encode == 0)
-                        {
-                        /* field_sqr works on standard representation */
-                        if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
-                        }
-                else
-                        {
-                        if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
-                        }
-        
-                if (x != NULL)
-                        {
-                        if (group->meth->field_encode == 0)
-                                {
-                                /* field_mul works on standard representation */
-                                if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
-                                }
-                        else
-                                {
-                                if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
-                                }
-                        }
-
-                if (y != NULL)
-                        {
-                        if (group->meth->field_encode == 0)
-                                {
-                                /* field_mul works on standard representation */
-                                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
-                                if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
-                                
-                                }
-                        else
-                                {
-                                if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
-                                if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
-                                }
-                        }
-                }
-
-        ret = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *tmp1, *tmp2, *x, *y;
-        int ret = 0;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        y_bit = (y_bit != 0);
-
-        BN_CTX_start(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        tmp2 = BN_CTX_get(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL) goto err;
-
-        /* Recover y.  We have a Weierstrass equation
-         *     y^2 = x^3 + a*x + b,
-         * so  y  is one of the square roots of  x^3 + a*x + b.
-         */
-
-        /* tmp1 := x^3 */
-        if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
-        if (group->meth->field_decode == 0)
-                {
-                /* field_{sqr,mul} work on standard representation */
-                if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
-                if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
-                }
-        else
-                {
-                if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
-                if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
-                }
-        
-        /* tmp1 := tmp1 + a*x */
-        if (group->a_is_minus3)
-                {
-                if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
-                if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
-                if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-                }
-        else
-                {
-                if (group->meth->field_decode)
-                        {
-                        if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
-                        if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
-                        }
-                else
-                        {
-                        /* field_mul works on standard representation */
-                        if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
-                        }
-                
-                if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-                }
-        
-        /* tmp1 := tmp1 + b */
-        if (group->meth->field_decode)
-                {
-                if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
-                if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-                }
-        else
-                {
-                if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
-                }
-        
-        if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
-                {
-                unsigned long err = ERR_peek_error();
-                
-                if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
-                        {
-                        (void)ERR_get_error();
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
-                        }
-                else
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB);
-                goto err;
-                }
-        /* If tmp1 is not a square (i.e. there is no point on the curve with
-         * our x), then y now is a nonsense value too */
-
-        if (y_bit != BN_is_odd(y))
-                {
-                if (BN_is_zero(y))
-                        {
-                        int kron;
-
-                        kron = BN_kronecker(x, &group->field, ctx);
-                        if (kron == -2) goto err;
-
-                        if (kron == 1)
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT);
-                        else
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
-                        goto err;
-                        }
-                if (!BN_usub(y, &group->field, y)) goto err;
-                }
-        if (y_bit != BN_is_odd(y))
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-
-        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-        ret = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx)
-        {
-        size_t ret;
-        BN_CTX *new_ctx = NULL;
-        int used_ctx = 0;
-        BIGNUM *x, *y;
-        size_t field_len, i, skip;
-
-        if ((form != POINT_CONVERSION_COMPRESSED)
-                && (form != POINT_CONVERSION_UNCOMPRESSED)
-                && (form != POINT_CONVERSION_HYBRID))
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-                goto err;
-                }
-
-        if (EC_POINT_is_at_infinity(group, point))
-                {
-                /* encodes to a single 0 octet */
-                if (buf != NULL)
-                        {
-                        if (len < 1)
-                                {
-                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                                return 0;
-                                }
-                        buf[0] = 0;
-                        }
-                return 1;
-                }
-
-
-        /* ret := required output buffer length */
-        field_len = BN_num_bytes(&group->field);
-        ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-        /* if 'buf' is NULL, just return required length */
-        if (buf != NULL)
-                {
-                if (len < ret)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                        goto err;
-                        }
-
-                if (ctx == NULL)
-                        {
-                        ctx = new_ctx = BN_CTX_new();
-                        if (ctx == NULL)
-                                return 0;
-                        }
-
-                BN_CTX_start(ctx);
-                used_ctx = 1;
-                x = BN_CTX_get(ctx);
-                y = BN_CTX_get(ctx);
-                if (y == NULL) goto err;
-
-                if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-                if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
-                        buf[0] = form + 1;
-                else
-                        buf[0] = form;
-        
-                i = 1;
-                
-                skip = field_len - BN_num_bytes(x);
-                if (skip > field_len)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                while (skip > 0)
-                        {
-                        buf[i++] = 0;
-                        skip--;
-                        }
-                skip = BN_bn2bin(x, buf + i);
-                i += skip;
-                if (i != 1 + field_len)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-
-                if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-                        {
-                        skip = field_len - BN_num_bytes(y);
-                        if (skip > field_len)
-                                {
-                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        while (skip > 0)
-                                {
-                                buf[i++] = 0;
-                                skip--;
-                                }
-                        skip = BN_bn2bin(y, buf + i);
-                        i += skip;
-                        }
-
-                if (i != ret)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                }
-        
-        if (used_ctx)
-                BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-
- err:
-        if (used_ctx)
-                BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return 0;
-        }
-
-
-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-        const unsigned char *buf, size_t len, BN_CTX *ctx)
-        {
-        point_conversion_form_t form;
-        int y_bit;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *x, *y;
-        size_t field_len, enc_len;
-        int ret = 0;
-
-        if (len == 0)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-                return 0;
-                }
-        form = buf[0];
-        y_bit = form & 1;
-        form = form & ~1U;
-        if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
-                && (form != POINT_CONVERSION_UNCOMPRESSED)
-                && (form != POINT_CONVERSION_HYBRID))
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                return 0;
-                }
-        if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                return 0;
-                }
-
-        if (form == 0)
-                {
-                if (len != 1)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                        return 0;
-                        }
-
-                return EC_POINT_set_to_infinity(group, point);
-                }
-        
-        field_len = BN_num_bytes(&group->field);
-        enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-        if (len != enc_len)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                return 0;
-                }
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL) goto err;
-
-        if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-        if (BN_ucmp(x, &group->field) >= 0)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                goto err;
-                }
-
-        if (form == POINT_CONVERSION_COMPRESSED)
-                {
-                if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
-                }
-        else
-                {
-                if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-                if (BN_ucmp(y, &group->field) >= 0)
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                        goto err;
-                        }
-                if (form == POINT_CONVERSION_HYBRID)
-                        {
-                        if (y_bit != BN_is_odd(y))
-                                {
-                                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                                goto err;
-                                }
-                        }
-
-                if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-                }
-        
-        if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-                goto err;
-                }
-
-        ret = 1;
-        
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-        {
-        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-        const BIGNUM *p;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
-        int ret = 0;
-        
-        if (a == b)
-                return EC_POINT_dbl(group, r, a, ctx);
-        if (EC_POINT_is_at_infinity(group, a))
-                return EC_POINT_copy(r, b);
-        if (EC_POINT_is_at_infinity(group, b))
-                return EC_POINT_copy(r, a);
-        
-        field_mul = group->meth->field_mul;
-        field_sqr = group->meth->field_sqr;
-        p = &group->field;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        n0 = BN_CTX_get(ctx);
-        n1 = BN_CTX_get(ctx);
-        n2 = BN_CTX_get(ctx);
-        n3 = BN_CTX_get(ctx);
-        n4 = BN_CTX_get(ctx);
-        n5 = BN_CTX_get(ctx);
-        n6 = BN_CTX_get(ctx);
-        if (n6 == NULL) goto end;
-
-        /* Note that in this function we must not read components of 'a' or 'b'
-         * once we have written the corresponding components of 'r'.
-         * ('r' might be one of 'a' or 'b'.)
-         */
-
-        /* n1, n2 */
-        if (b->Z_is_one)
-                {
-                if (!BN_copy(n1, &a->X)) goto end;
-                if (!BN_copy(n2, &a->Y)) goto end;
-                /* n1 = X_a */
-                /* n2 = Y_a */
-                }
-        else
-                {
-                if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
-                if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
-                /* n1 = X_a * Z_b^2 */
-
-                if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
-                if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
-                /* n2 = Y_a * Z_b^3 */
-                }
-
-        /* n3, n4 */
-        if (a->Z_is_one)
-                {
-                if (!BN_copy(n3, &b->X)) goto end;
-                if (!BN_copy(n4, &b->Y)) goto end;
-                /* n3 = X_b */
-                /* n4 = Y_b */
-                }
-        else
-                {
-                if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
-                if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
-                /* n3 = X_b * Z_a^2 */
-
-                if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
-                if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
-                /* n4 = Y_b * Z_a^3 */
-                }
-
-        /* n5, n6 */
-        if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
-        if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
-        /* n5 = n1 - n3 */
-        /* n6 = n2 - n4 */
-
-        if (BN_is_zero(n5))
-                {
-                if (BN_is_zero(n6))
-                        {
-                        /* a is the same point as b */
-                        BN_CTX_end(ctx);
-                        ret = EC_POINT_dbl(group, r, a, ctx);
-                        ctx = NULL;
-                        goto end;
-                        }
-                else
-                        {
-                        /* a is the inverse of b */
-                        if (!BN_zero(&r->Z)) goto end;
-                        r->Z_is_one = 0;
-                        ret = 1;
-                        goto end;
-                        }
-                }
-
-        /* 'n7', 'n8' */
-        if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
-        if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
-        /* 'n7' = n1 + n3 */
-        /* 'n8' = n2 + n4 */
-
-        /* Z_r */
-        if (a->Z_is_one && b->Z_is_one)
-                {
-                if (!BN_copy(&r->Z, n5)) goto end;
-                }
-        else
-                {
-                if (a->Z_is_one)
-                        { if (!BN_copy(n0, &b->Z)) goto end; }
-                else if (b->Z_is_one)
-                        { if (!BN_copy(n0, &a->Z)) goto end; }
-                else
-                        { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
-                if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
-                }
-        r->Z_is_one = 0;
-        /* Z_r = Z_a * Z_b * n5 */
-
-        /* X_r */
-        if (!field_sqr(group, n0, n6, ctx)) goto end;
-        if (!field_sqr(group, n4, n5, ctx)) goto end;
-        if (!field_mul(group, n3, n1, n4, ctx)) goto end;
-        if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
-        /* X_r = n6^2 - n5^2 * 'n7' */
-        
-        /* 'n9' */
-        if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
-        if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
-        /* n9 = n5^2 * 'n7' - 2 * X_r */
-
-        /* Y_r */
-        if (!field_mul(group, n0, n0, n6, ctx)) goto end;
-        if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
-        if (!field_mul(group, n1, n2, n5, ctx)) goto end;
-        if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
-        if (BN_is_odd(n0))
-                if (!BN_add(n0, n0, p)) goto end;
-        /* now  0 <= n0 < 2*p,  and n0 is even */
-        if (!BN_rshift1(&r->Y, n0)) goto end;
-        /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
-
-        ret = 1;
-
- end:
-        if (ctx) /* otherwise we already called BN_CTX_end */
-                BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-        {
-        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-        const BIGNUM *p;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *n0, *n1, *n2, *n3;
-        int ret = 0;
-        
-        if (EC_POINT_is_at_infinity(group, a))
-                {
-                if (!BN_zero(&r->Z)) return 0;
-                r->Z_is_one = 0;
-                return 1;
-                }
-
-        field_mul = group->meth->field_mul;
-        field_sqr = group->meth->field_sqr;
-        p = &group->field;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        n0 = BN_CTX_get(ctx);
-        n1 = BN_CTX_get(ctx);
-        n2 = BN_CTX_get(ctx);
-        n3 = BN_CTX_get(ctx);
-        if (n3 == NULL) goto err;
-
-        /* Note that in this function we must not read components of 'a'
-         * once we have written the corresponding components of 'r'.
-         * ('r' might the same as 'a'.)
-         */
-
-        /* n1 */
-        if (a->Z_is_one)
-                {
-                if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-                if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-                if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-                if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
-                /* n1 = 3 * X_a^2 + a_curve */
-                }
-        else if (group->a_is_minus3)
-                {
-                if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-                if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
-                if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
-                if (!field_mul(group, n1, n0, n2, ctx)) goto err;
-                if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
-                if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-                /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
-                 *    = 3 * X_a^2 - 3 * Z_a^4 */
-                }
-        else
-                {
-                if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-                if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-                if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-                if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-                if (!field_sqr(group, n1, n1, ctx)) goto err;
-                if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
-                if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
-                /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
-                }
-
-        /* Z_r */
-        if (a->Z_is_one)
-                {
-                if (!BN_copy(n0, &a->Y)) goto err;
-                }
-        else
-                {
-                if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
-                }
-        if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
-        r->Z_is_one = 0;
-        /* Z_r = 2 * Y_a * Z_a */
-
-        /* n2 */
-        if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
-        if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
-        if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
-        /* n2 = 4 * X_a * Y_a^2 */
-
-        /* X_r */
-        if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
-        if (!field_sqr(group, &r->X, n1, ctx)) goto err;
-        if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
-        /* X_r = n1^2 - 2 * n2 */
-        
-        /* n3 */
-        if (!field_sqr(group, n0, n3, ctx)) goto err;
-        if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
-        /* n3 = 8 * Y_a^4 */
-        
-        /* Y_r */
-        if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
-        if (!field_mul(group, n0, n1, n0, ctx)) goto err;
-        if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
-        /* Y_r = n1 * (n2 - X_r) - n3 */
-
-        ret = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-        {
-        if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
-                /* point is its own inverse */
-                return 1;
-        
-        return BN_usub(&point->Y, &group->field, &point->Y);
-        }
-
-
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-        {
-        return BN_is_zero(&point->Z);
-        }
-
-
-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-        {
-        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-        const BIGNUM *p;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
-        int ret = -1;
-
-        if (EC_POINT_is_at_infinity(group, point))
-                return 1;
-        
-        field_mul = group->meth->field_mul;
-        field_sqr = group->meth->field_sqr;
-        p = &group->field;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return -1;
-                }
-
-        BN_CTX_start(ctx);
-        rh = BN_CTX_get(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        tmp2 = BN_CTX_get(ctx);
-        Z4 = BN_CTX_get(ctx);
-        Z6 = BN_CTX_get(ctx);
-        if (Z6 == NULL) goto err;
-
-        /* We have a curve defined by a Weierstrass equation
-         *      y^2 = x^3 + a*x + b.
-         * The point to consider is given in Jacobian projective coordinates
-         * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
-         * Substituting this and multiplying by  Z^6  transforms the above equation into
-         *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
-         * To test this, we add up the right-hand side in 'rh'.
-         */
-
-        /* rh := X^3 */
-        if (!field_sqr(group, rh, &point->X, ctx)) goto err;
-        if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-
-        if (!point->Z_is_one)
-                {
-                if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
-                if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
-                if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
-
-                /* rh := rh + a*X*Z^4 */
-                if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
-                if (group->a_is_minus3)
-                        {
-                        if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
-                        if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
-                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
-                        }
-                else
-                        {
-                        if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
-                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
-                        }
-
-                /* rh := rh + b*Z^6 */
-                if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
-                if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
-                }
-        else
-                {
-                /* point->Z_is_one */
-
-                /* rh := rh + a*X */
-                if (group->a_is_minus3)
-                        {
-                        if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
-                        if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
-                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
-                        }
-                else
-                        {
-                        if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
-                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
-                        }
-
-                /* rh := rh + b */
-                if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
-                }
-
-        /* 'lh' := Y^2 */
-        if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
-
-        ret = (0 == BN_cmp(tmp1, rh));
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-        {
-        /* return values:
-         *  -1   error
-         *   0   equal (in affine coordinates)
-         *   1   not equal
-         */
-
-        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
-        const BIGNUM *tmp1_, *tmp2_;
-        int ret = -1;
-        
-        if (EC_POINT_is_at_infinity(group, a))
-                {
-                return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
-                }
-        
-        if (a->Z_is_one && b->Z_is_one)
-                {
-                return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-                }
-
-        field_mul = group->meth->field_mul;
-        field_sqr = group->meth->field_sqr;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return -1;
-                }
-
-        BN_CTX_start(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        tmp2 = BN_CTX_get(ctx);
-        Za23 = BN_CTX_get(ctx);
-        Zb23 = BN_CTX_get(ctx);
-        if (Zb23 == NULL) goto end;
-
-        /* We have to decide whether
-         *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
-         * or equivalently, whether
-         *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
-         */
-
-        if (!b->Z_is_one)
-                {
-                if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
-                if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
-                tmp1_ = tmp1;
-                }
-        else
-                tmp1_ = &a->X;
-        if (!a->Z_is_one)
-                {
-                if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
-                if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
-                tmp2_ = tmp2;
-                }
-        else
-                tmp2_ = &b->X;
-        
-        /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
-        if (BN_cmp(tmp1_, tmp2_) != 0)
-                {
-                ret = 1; /* points differ */
-                goto end;
-                }
-
-
-        if (!b->Z_is_one)
-                {
-                if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
-                if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
-                /* tmp1_ = tmp1 */
-                }
-        else
-                tmp1_ = &a->Y;
-        if (!a->Z_is_one)
-                {
-                if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
-                if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
-                /* tmp2_ = tmp2 */
-                }
-        else
-                tmp2_ = &b->Y;
-
-        /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
-        if (BN_cmp(tmp1_, tmp2_) != 0)
-                {
-                ret = 1; /* points differ */
-                goto end;
-                }
-
-        /* points are equal */
-        ret = 0;
-
- end:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *x, *y;
-        int ret = 0;
-
-        if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
-                return 1;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL) goto err;
-
-        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-        if (!point->Z_is_one)
-                {
-                ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-        
-        ret = 1;
-
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
-
-
-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *tmp0, *tmp1;
-        size_t pow2 = 0;
-        BIGNUM **heap = NULL;
-        size_t i;
-        int ret = 0;
-
-        if (num == 0)
-                return 1;
-
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-
-        BN_CTX_start(ctx);
-        tmp0 = BN_CTX_get(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        if (tmp0  == NULL || tmp1 == NULL) goto err;
-
-        /* Before converting the individual points, compute inverses of all Z values.
-         * Modular inversion is rather slow, but luckily we can do with a single
-         * explicit inversion, plus about 3 multiplications per input value.
-         */
-
-        pow2 = 1;
-        while (num > pow2)
-                pow2 <<= 1;
-        /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
-         * We need twice that. */
-        pow2 <<= 1;
-
-        heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
-        if (heap == NULL) goto err;
-        
-        /* The array is used as a binary tree, exactly as in heapsort:
-         *
-         *                               heap[1]
-         *                 heap[2]                     heap[3]
-         *          heap[4]       heap[5]       heap[6]       heap[7]
-         *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
-         *
-         * We put the Z's in the last line;
-         * then we set each other node to the product of its two child-nodes (where
-         * empty or 0 entries are treated as ones);
-         * then we invert heap[1];
-         * then we invert each other node by replacing it by the product of its
-         * parent (after inversion) and its sibling (before inversion).
-         */
-        heap[0] = NULL;
-        for (i = pow2/2 - 1; i > 0; i--)
-                heap[i] = NULL;
-        for (i = 0; i < num; i++)
-                heap[pow2/2 + i] = &points[i]->Z;
-        for (i = pow2/2 + num; i < pow2; i++)
-                heap[i] = NULL;
-        
-        /* set each node to the product of its children */
-        for (i = pow2/2 - 1; i > 0; i--)
-                {
-                heap[i] = BN_new();
-                if (heap[i] == NULL) goto err;
-                
-                if (heap[2*i] != NULL)
-                        {
-                        if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
-                                {
-                                if (!BN_copy(heap[i], heap[2*i])) goto err;
-                                }
-                        else
-                                {
-                                if (BN_is_zero(heap[2*i]))
-                                        {
-                                        if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
-                                        }
-                                else
-                                        {
-                                        if (!group->meth->field_mul(group, heap[i],
-                                                heap[2*i], heap[2*i + 1], ctx)) goto err;
-                                        }
-                                }
-                        }
-                }
-
-        /* invert heap[1] */
-        if (!BN_is_zero(heap[1]))
-                {
-                if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
-                        goto err;
-                        }
-                }
-        if (group->meth->field_encode != 0)
-                {
-                /* in the Montgomery case, we just turned  R*H  (representing H)
-                 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
-                 * i.e. we have need to multiply by the Montgomery factor twice */
-                if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
-                if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
-                }
-
-        /* set other heap[i]'s to their inverses */
-        for (i = 2; i < pow2/2 + num; i += 2)
-                {
-                /* i is even */
-                if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
-                        {
-                        if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
-                        if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
-                        if (!BN_copy(heap[i], tmp0)) goto err;
-                        if (!BN_copy(heap[i + 1], tmp1)) goto err;
-                        }
-                else
-                        {
-                        if (!BN_copy(heap[i], heap[i/2])) goto err;
-                        }
-                }
-
-        /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
-        for (i = 0; i < num; i++)
-                {
-                EC_POINT *p = points[i];
-                
-                if (!BN_is_zero(&p->Z))
-                        {
-                        /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
-
-                        if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
-                        if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
-
-                        if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
-                        if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
-                
-                        if (group->meth->field_set_to_one != 0)
-                                {
-                                if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
-                                }
-                        else
-                                {
-                                if (!BN_one(&p->Z)) goto err;
-                                }
-                        p->Z_is_one = 1;
-                        }
-                }
-
-        ret = 1;
-                
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        if (heap != NULL)
-                {
-                /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
-                for (i = pow2/2 - 1; i > 0; i--)
-                        {
-                        if (heap[i] != NULL)
-                                BN_clear_free(heap[i]);
-                        }
-                OPENSSL_free(heap);
-                }
-        return ret;
-        }
-
-
-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        return BN_mod_mul(r, a, b, &group->field, ctx);
-        }
-
-
-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-        {
-        return BN_mod_sqr(r, a, &group->field, ctx);
-        }
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
deleted file mode 100644
index 6b69b70f57..0000000000
--- a/src/lib/libcrypto/engine/README
+++ /dev/null
@@ -1,211 +0,0 @@
-Notes: 2001-09-24
------------------
-
-This "description" (if one chooses to call it that) needed some major updating
-so here goes. This update addresses a change being made at the same time to
-OpenSSL, and it pretty much completely restructures the underlying mechanics of
-the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
-for masochists" document *and* a rather extensive commit log message. (I'd get
-lynched for sticking all this in CHANGES or the commit mails :-).
-
-ENGINE_TABLE underlies this restructuring, as described in the internal header
-"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
-tb_rsa.c, tb_dsa.c, etc.
-
-However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
-I'll mention a bit about that first. EVP_CIPHER (and most of this applies
-equally to EVP_MD for digests) is both a "method" and a algorithm/mode
-identifier that, in the current API, "lingers". These cipher description +
-implementation structures can be defined or obtained directly by applications,
-or can be loaded "en masse" into EVP storage so that they can be catalogued and
-searched in various ways, ie. two ways of encrypting with the "des_cbc"
-algorithm/mode pair are;
-
-(i) directly;
-     const EVP_CIPHER *cipher = EVP_des_cbc();
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
-
-(ii) indirectly; 
-     OpenSSL_add_all_ciphers();
-     cipher = EVP_get_cipherbyname("des_cbc");
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... etc ... ]
-
-The latter is more generally used because it also allows ciphers/digests to be
-looked up based on other identifiers which can be useful for automatic cipher
-selection, eg. in SSL/TLS, or by user-controllable configuration.
-
-The important point about this is that EVP_CIPHER definitions and structures are
-passed around with impunity and there is no safe way, without requiring massive
-rewrites of many applications, to assume that EVP_CIPHERs can be reference
-counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
-comes from can "safely" be destroyed. Unless of course the way of getting to
-such ciphers is via entirely distinct API calls that didn't exist before.
-However existing API usage cannot be made to understand when an EVP_CIPHER
-pointer, that has been passed to the caller, is no longer being used.
-
-The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
-into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
-ciphers simultaneously registers cipher *types* and cipher *implementations* -
-they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
-hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
-solution is necessarily that ENGINE-provided ciphers simply are not registered,
-stored, or exposed to the caller in the same manner as existing ciphers. This is
-especially necessary considering the fact ENGINE uses reference counts to allow
-for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
-callers in the current API, support no such controls.
-
-Another sticking point for integrating cipher support into ENGINE is linkage.
-Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
-they are available *because* they're part of a giant ENGINE called "openssl".
-Ie. all implementations *have* to come from an ENGINE, but we get round that by
-having a giant ENGINE with all the software support encapsulated. This creates
-linker hassles if nothing else - linking a 1-line application that calls 2 basic
-RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
-ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
-continue with this approach for EVP_CIPHER support (even if it *was* possible)
-we would lose our ability to link selectively by selectively loading certain
-implementations of certain functionality. Touching any part of any kind of
-crypto would result in massive static linkage of everything else. So the
-solution is to change the way ENGINE feeds existing "classes", ie. how the
-hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
-for EVP_CIPHER, and EVP_MD.
-
-The way this is now being done is by mostly reverting back to how things used to
-work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
-was previously replaced by an "ENGINE" pointer and all RSA code that required
-the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
-temporarily get and use the ENGINE's RSA implementation. Apart from being more
-efficient, switching back to each RSA having an RSA_METHOD pointer also allows
-us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
-for a fallback ENGINE that encapsulates default implementations - we can simply
-have our RSA structure pointing its RSA_METHOD pointer to the software
-implementation and have its ENGINE pointer set to NULL.
-
-A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
-turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
-and the existing EVP API functions that return "software" implementations and
-descriptions remain untouched. However, the storage takes more meaning in terms
-of "cipher description" and less meaning in terms of "implementation". When an
-EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
-begin en/decryption, the hooking to ENGINE comes into play. What happens is that
-cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
-reference) for any ENGINE that is registered to perform the algo/mode that the
-provided EVP_CIPHER structure represents. Under normal circumstances, that
-ENGINE code will return NULL because no ENGINEs will have had any cipher
-implementations *registered*. As such, a NULL ENGINE pointer is stored in the
-EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
-context and so is used as the implementation. Pretty much how things work now
-except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
-
-Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
-combination represented by the provided EVP_CIPHER, then a functional reference
-to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
-That functional reference will be stored in the context (and released on
-cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
-definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
-application will actually be replaced by an EVP_CIPHER from the registered
-ENGINE - it will support the same algorithm/mode as the original but will be a
-completely different implementation. Because this EVP_CIPHER isn't stored in the
-EVP storage, nor is it returned to applications from traditional API functions,
-there is no associated problem with it not having reference counts. And of
-course, when one of these "private" cipher implementations is hooked into
-EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
-reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
-safe.
-
-The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
-in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
-EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
-use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
-ENGINE_TABLE essentially provide linker-separation of the classes so that even
-if ENGINEs implement *all* possible algorithms, an application using only
-EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independant of class, and of course the ENGINE
-implementation that the application loaded. It will *not* however link any
-class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
-other APIs, such as the RSA/DSA/etc library code.
-
-ENGINE_TABLE is a little more complicated than may seem necessary but this is
-mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
-DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
-to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
-example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
-These nids provide the uniquenness of an algorithm/mode - and each nid will hash
-to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
-pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
-caching tricks such that requests on that 'nid' will be cached and all future
-requests will return immediately (well, at least with minimal operation) unless
-a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
-that an application could have support for 10 ENGINEs statically linked
-in, and the machine in question may not have any of the hardware those 10
-ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
-want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
-each of those 10 ENGINEs. Instead, the first such request will try to do that
-and will either return (and cache) a NULL ENGINE pointer or will return a
-functional reference to the first that successfully initialised. In the latter
-case it will also cache an extra functional reference to the ENGINE as a
-"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
-that is unset only if un/registration takes place on that pile. Ie. if
-implementations of "des_cbc" are added or removed. This behaviour can be
-tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
-ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
-try to initialise from the "pile" will be those that are already initialised
-(ie. it's simply an increment of the functional reference count, and no real
-"initialisation" will take place).
-
-RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
-difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
-actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
-not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
-necessarily interoperable and don't have different flavours, only different
-implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
-or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
-represents ENGINEs that implement the single "type" of RSA there is.
-
-Cleanup - the registration and unregistration may pose questions about how
-cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
-application or EVP_CIPHER code releases its last reference to an ENGINE, the
-ENGINE_PILE code may still have references and thus those ENGINEs will stay
-hooked in forever). The way this is handled is via "unregistration". With these
-new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
-is an algorithm-agnostic process. Even if initialised, it will not have
-registered any of its implementations (to do so would link all class "table"
-code despite the fact the application may use only ciphers, for example). This
-is deliberately a distinct step. Moreover, registration and unregistration has
-nothing to do with whether an ENGINE is *functional* or not (ie. you can even
-register an ENGINE and its implementations without it being operational, you may
-not even have the drivers to make it operate). What actually happens with
-respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
-functions. These functions are internal-only and each part of ENGINE code that
-could require cleanup will, upon performing its first allocation, register a
-callback with the "engine_cleanup" code. The other part of this that makes it
-tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
-initialised state. So if RSA code asks for an ENGINE and no ENGINE has
-registered an implementation, the code will simply return NULL and the tb_rsa.c
-state will be unchanged. Thus, no cleanup is required unless registration takes
-place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
-callbacks calling each in turn, and will then internally delete its own storage
-(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
-part of a gracefull restart and the application wants to cleanup all state then
-start again), the internal STACK storage will be freshly allocated. This is much
-the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
-initialised state, so only modification operations (not queries) will cause that
-code to have to register a cleanup.
-
-What else? The bignum callbacks and associated ENGINE functions have been
-removed for two obvious reasons; (i) there was no way to generalise them to the
-mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
-method, and (ii) because of (i), there was no meaningful way for library or
-application code to automatically hook and use ENGINE supplied bignum functions
-anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
-exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
-one and now certainly doesn't make sense in any generalised way. Some of the
-RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
-changes have now, as a consequence, been reverted back. This is because the
-hooking of ENGINE is now automatic (and passive, it can interally use a NULL
-ENGINE pointer to simply ignore ENGINE from then on).
-
-Hell, that should be enough for now ... comments welcome: geoff@openssl.org
-
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
deleted file mode 100644
index 0f6992a40d..0000000000
--- a/src/lib/libcrypto/engine/eng_all.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-void ENGINE_load_builtin_engines(void)
-        {
-        /* There's no longer any need for an "openssl" ENGINE unless, one day,
-         * it is the *only* way for standard builtin implementations to be be
-         * accessed (ie. it would be possible to statically link binaries with
-         * *no* builtin implementations). */
-#if 0
-        ENGINE_load_openssl();
-#endif
-        ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-        ENGINE_load_cswift();
-#endif
-#ifndef OPENSSL_NO_HW_NCIPHER
-        ENGINE_load_chil();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
-        ENGINE_load_atalla();
-#endif
-#ifndef OPENSSL_NO_HW_NURON
-        ENGINE_load_nuron();
-#endif
-#ifndef OPENSSL_NO_HW_UBSEC
-        ENGINE_load_ubsec();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
-        ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_SUREWARE
-        ENGINE_load_sureware();
-#endif
-#ifndef OPENSSL_NO_HW_4758_CCA
-        ENGINE_load_4758cca();
-#endif
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-        ENGINE_load_cryptodev();
-#endif
-#endif
-        }
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void) {
-        static int bsd_cryptodev_default_loaded = 0;
-        if (!bsd_cryptodev_default_loaded) {
-                ENGINE_load_cryptodev();
-                ENGINE_register_all_complete();
-        }
-        bsd_cryptodev_default_loaded=1;
-}
-#endif
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
deleted file mode 100644
index 4225760af1..0000000000
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* eng_cnf.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/engine.h>
-
-/* #define ENGINE_CONF_DEBUG */
-
-/* ENGINE config module */
-
-static char *skip_dot(char *name)
-        {
-        char *p;
-        p = strchr(name, '.');
-        if (p)
-                return p + 1;
-        return name;
-        }
-
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-
-static int int_engine_init(ENGINE *e)
-        {
-        if (!ENGINE_init(e))
-                return 0;
-        if (!initialized_engines)
-                initialized_engines = sk_ENGINE_new_null();
-        if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
-                {
-                ENGINE_finish(e);
-                return 0;
-                }
-        return 1;
-        }
-        
-
-static int int_engine_configure(char *name, char *value, const CONF *cnf)
-        {
-        int i;
-        int ret = 0;
-        long do_init = -1;
-        STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd;
-        char *ctrlname, *ctrlvalue;
-        ENGINE *e = NULL;
-        name = skip_dot(name);
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Configuring engine %s\n", name);
-#endif
-        /* Value is a section containing ENGINE commands */
-        ecmds = NCONF_get_section(cnf, value);
-
-        if (!ecmds)
-                {
-                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
-                return 0;
-                }
-
-        for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
-                {
-                ecmd = sk_CONF_VALUE_value(ecmds, i);
-                ctrlname = skip_dot(ecmd->name);
-                ctrlvalue = ecmd->value;
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
-#endif
-
-                /* First handle some special pseudo ctrls */
-
-                /* Override engine name to use */
-                if (!strcmp(ctrlname, "engine_id"))
-                        name = ctrlvalue;
-                /* Load a dynamic ENGINE */
-                else if (!strcmp(ctrlname, "dynamic_path"))
-                        {
-                        e = ENGINE_by_id("dynamic");
-                        if (!e)
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-                                goto err;
-                        }
-                /* ... add other pseudos here ... */
-                else
-                        {
-                        /* At this point we need an ENGINE structural reference
-                         * if we don't already have one.
-                         */
-                        if (!e)
-                                {
-                                e = ENGINE_by_id(name);
-                                if (!e)
-                                        return 0;
-                                }
-                        /* Allow "EMPTY" to mean no value: this allows a valid
-                         * "value" to be passed to ctrls of type NO_INPUT
-                         */
-                        if (!strcmp(ctrlvalue, "EMPTY"))
-                                ctrlvalue = NULL;
-                        if (!strcmp(ctrlname, "init"))
-                                {
-                                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
-                                        goto err;
-                                if (do_init == 1)
-                                        {
-                                        if (!int_engine_init(e))
-                                                goto err;
-                                        }
-                                else if (do_init != 0)
-                                        {
-                                        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
-                                        goto err;
-                                        }
-                                }
-                        else if (!strcmp(ctrlname, "default_algorithms"))
-                                {
-                                if (!ENGINE_set_default_string(e, ctrlvalue))
-                                        goto err;
-                                }
-                        else if (!ENGINE_ctrl_cmd_string(e,
-                                        ctrlname, ctrlvalue, 0))
-                                return 0;
-                        }
-
-
-
-                }
-        if (e && (do_init == -1) && !int_engine_init(e))
-                goto err;
-        ret = 1;
-        err:
-        if (e)
-                ENGINE_free(e);
-        return ret;
-        }
-
-
-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-        {
-        STACK_OF(CONF_VALUE) *elist;
-        CONF_VALUE *cval;
-        int i;
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Called engine module: name %s, value %s\n",
-                        CONF_imodule_get_name(md), CONF_imodule_get_value(md));
-#endif
-        /* Value is a section containing ENGINEs to configure */
-        elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-
-        if (!elist)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
-                return 0;
-                }
-
-        for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
-                {
-                cval = sk_CONF_VALUE_value(elist, i);
-                if (!int_engine_configure(cval->name, cval->value, cnf))
-                        return 0;
-                }
-
-        return 1;
-        }
-
-static void int_engine_module_finish(CONF_IMODULE *md)
-        {
-        ENGINE *e;
-        while ((e = sk_ENGINE_pop(initialized_engines)))
-                ENGINE_finish(e);
-        sk_ENGINE_free(initialized_engines);
-        initialized_engines = NULL;
-        }
-        
-
-void ENGINE_add_conf_module(void)
-        {
-        CONF_module_add("engines",
-                        int_engine_module_init,
-                        int_engine_module_finish);
-        }
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
deleted file mode 100644
index 412c73fb0f..0000000000
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ /dev/null
@@ -1,391 +0,0 @@
-/* crypto/engine/eng_ctrl.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
-static const char *int_no_description = "";
-
-/* These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
-
-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
-        {
-        if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
-                return 1;
-        return 0;
-        }
-
-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
-        {
-        int idx = 0;
-        while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
-                {
-                idx++;
-                defn++;
-                }
-        if(int_ctrl_cmd_is_null(defn))
-                /* The given name wasn't found */
-                return -1;
-        return idx;
-        }
-
-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
-        {
-        int idx = 0;
-        /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
-         * our searches don't need to take any longer than necessary. */
-        while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
-                {
-                idx++;
-                defn++;
-                }
-        if(defn->cmd_num == num)
-                return idx;
-        /* The given cmd_num wasn't found */
-        return -1;
-        }
-
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
-        {
-        int idx;
-        char *s = (char *)p;
-        /* Take care of the easy one first (eg. it requires no searches) */
-        if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
-                {
-                if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
-                        return 0;
-                return e->cmd_defns->cmd_num;
-                }
-        /* One or two commands require that "p" be a valid string buffer */
-        if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
-                        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
-                        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
-                {
-                if(s == NULL)
-                        {
-                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                                ERR_R_PASSED_NULL_PARAMETER);
-                        return -1;
-                        }
-                }
-        /* Now handle cmd_name -> cmd_num conversion */
-        if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
-                {
-                if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
-                                                e->cmd_defns, s)) < 0))
-                        {
-                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                                ENGINE_R_INVALID_CMD_NAME);
-                        return -1;
-                        }
-                return e->cmd_defns[idx].cmd_num;
-                }
-        /* For the rest of the commands, the 'long' argument must specify a
-         * valie command number - so we need to conduct a search. */
-        if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-                                        (unsigned int)i)) < 0))
-                {
-                ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                        ENGINE_R_INVALID_CMD_NUMBER);
-                return -1;
-                }
-        /* Now the logic splits depending on command type */
-        switch(cmd)
-                {
-        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-                idx++;
-                if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
-                        /* end-of-list */
-                        return 0;
-                else
-                        return e->cmd_defns[idx].cmd_num;
-        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-                return strlen(e->cmd_defns[idx].cmd_name);
-        case ENGINE_CTRL_GET_NAME_FROM_CMD:
-                return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
-                                    "%s", e->cmd_defns[idx].cmd_name);
-        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-                if(e->cmd_defns[idx].cmd_desc)
-                        return strlen(e->cmd_defns[idx].cmd_desc);
-                return strlen(int_no_description);
-        case ENGINE_CTRL_GET_DESC_FROM_CMD:
-                if(e->cmd_defns[idx].cmd_desc)
-                        return BIO_snprintf(s,
-                                            strlen(e->cmd_defns[idx].cmd_desc) + 1,
-                                            "%s", e->cmd_defns[idx].cmd_desc);
-                return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
-                                    int_no_description);
-        case ENGINE_CTRL_GET_CMD_FLAGS:
-                return e->cmd_defns[idx].cmd_flags;
-                }
-        /* Shouldn't really be here ... */
-        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
-        return -1;
-        }
-
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
-        {
-        int ctrl_exists, ref_exists;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-        if(!ref_exists)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
-                return 0;
-                }
-        /* Intercept any "root-level" commands before trying to hand them on to
-         * ctrl() handlers. */
-        switch(cmd)
-                {
-        case ENGINE_CTRL_HAS_CTRL_FUNCTION:
-                return ctrl_exists;
-        case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
-        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-        case ENGINE_CTRL_GET_CMD_FROM_NAME:
-        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-        case ENGINE_CTRL_GET_NAME_FROM_CMD:
-        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-        case ENGINE_CTRL_GET_DESC_FROM_CMD:
-        case ENGINE_CTRL_GET_CMD_FLAGS:
-                if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
-                        return int_ctrl_helper(e,cmd,i,p,f);
-                if(!ctrl_exists)
-                        {
-                        ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-                        /* For these cmd-related functions, failure is indicated
-                         * by a -1 return value (because 0 is used as a valid
-                         * return in some places). */
-                        return -1;
-                        }
-        default:
-                break;
-                }
-        /* Anything else requires a ctrl() handler to exist. */
-        if(!ctrl_exists)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-                return 0;
-                }
-        return e->ctrl(e, cmd, i, p, f);
-        }
-
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
-        {
-        int flags;
-        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
-                        ENGINE_R_INVALID_CMD_NUMBER);
-                return 0;
-                }
-        if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
-                        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
-                        !(flags & ENGINE_CMD_FLAG_STRING))
-                return 0;
-        return 1;
-        }
-
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(), int cmd_optional)
-        {
-        int num;
-
-        if((e == NULL) || (cmd_name == NULL))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                        0, (void *)cmd_name, NULL)) <= 0))
-                {
-                /* If the command didn't *have* to be supported, we fake
-                 * success. This allows certain settings to be specified for
-                 * multiple ENGINEs and only require a change of ENGINE id
-                 * (without having to selectively apply settings). Eg. changing
-                 * from a hardware device back to the regular software ENGINE
-                 * without editing the config file, etc. */
-                if(cmd_optional)
-                        {
-                        ERR_clear_error();
-                        return 1;
-                        }
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-                        ENGINE_R_INVALID_CMD_NAME);
-                return 0;
-                }
-        /* Force the result of the control command to 0 or 1, for the reasons
-         * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
-                return 1;
-        return 0;
-        }
-
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-                                int cmd_optional)
-        {
-        int num, flags;
-        long l;
-        char *ptr;
-        if((e == NULL) || (cmd_name == NULL))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                        0, (void *)cmd_name, NULL)) <= 0))
-                {
-                /* If the command didn't *have* to be supported, we fake
-                 * success. This allows certain settings to be specified for
-                 * multiple ENGINEs and only require a change of ENGINE id
-                 * (without having to selectively apply settings). Eg. changing
-                 * from a hardware device back to the regular software ENGINE
-                 * without editing the config file, etc. */
-                if(cmd_optional)
-                        {
-                        ERR_clear_error();
-                        return 1;
-                        }
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_INVALID_CMD_NAME);
-                return 0;
-                }
-        if(!ENGINE_cmd_is_executable(e, num))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_CMD_NOT_EXECUTABLE);
-                return 0;
-                }
-        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
-                {
-                /* Shouldn't happen, given that ENGINE_cmd_is_executable()
-                 * returned success. */
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_INTERNAL_LIST_ERROR);
-                return 0;
-                }
-        /* If the command takes no input, there must be no input. And vice
-         * versa. */
-        if(flags & ENGINE_CMD_FLAG_NO_INPUT)
-                {
-                if(arg != NULL)
-                        {
-                        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                                ENGINE_R_COMMAND_TAKES_NO_INPUT);
-                        return 0;
-                        }
-                /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
-                 * rather than returning it as "return data". This is to ensure
-                 * usage of these commands is consistent across applications and
-                 * that certain applications don't understand it one way, and
-                 * others another. */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
-                        return 1;
-                return 0;
-                }
-        /* So, we require input */
-        if(arg == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_COMMAND_TAKES_INPUT);
-                return 0;
-                }
-        /* If it takes string input, that's easy */
-        if(flags & ENGINE_CMD_FLAG_STRING)
-                {
-                /* Same explanation as above */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
-                        return 1;
-                return 0;
-                }
-        /* If it doesn't take numeric either, then it is unsupported for use in
-         * a config-setting situation, which is what this function is for. This
-         * should never happen though, because ENGINE_cmd_is_executable() was
-         * used. */
-        if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_INTERNAL_LIST_ERROR);
-                return 0;
-                }
-        l = strtol(arg, &ptr, 10);
-        if((arg == ptr) || (*ptr != '\0'))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                        ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
-                return 0;
-                }
-        /* Force the result of the control command to 0 or 1, for the reasons
-         * mentioned before. */
-        if(ENGINE_ctrl(e, num, l, NULL, NULL))
-                return 1;
-        return 0;
-        }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
deleted file mode 100644
index 4139a16e76..0000000000
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/* crypto/engine/eng_dyn.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
-
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
-
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-
-#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 4)
-
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-        {DYNAMIC_CMD_SO_PATH,
-                "SO_PATH",
-                "Specifies the path to the new ENGINE shared library",
-                ENGINE_CMD_FLAG_STRING},
-        {DYNAMIC_CMD_NO_VCHECK,
-                "NO_VCHECK",
-                "Specifies to continue even if version checking fails (boolean)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {DYNAMIC_CMD_ID,
-                "ID",
-                "Specifies an ENGINE id name for loading",
-                ENGINE_CMD_FLAG_STRING},
-        {DYNAMIC_CMD_LIST_ADD,
-                "LIST_ADD",
-                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {DYNAMIC_CMD_LOAD,
-                "LOAD",
-                "Load up the ENGINE specified by other settings",
-                ENGINE_CMD_FLAG_NO_INPUT},
-        {0, NULL, NULL, 0}
-        };
-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
-        {0, NULL, NULL, 0}
-        };
-
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx
-        {
-        /* The DSO object we load that supplies the ENGINE code */
-        DSO *dynamic_dso;
-        /* The function pointer to the version checking shared library function */
-        dynamic_v_check_fn v_check;
-        /* The function pointer to the engine-binding shared library function */
-        dynamic_bind_engine bind_engine;
-        /* The default name/path for loading the shared library */
-        const char *DYNAMIC_LIBNAME;
-        /* Whether to continue loading on a version check failure */
-        int no_vcheck;
-        /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-        const char *engine_id;
-        /* If non-zero, a successfully loaded ENGINE should be added to the internal
-         * ENGINE list. If 2, the add must succeed or the entire load should fail. */
-        int list_add_value;
-        /* The symbol name for the version checking function */
-        const char *DYNAMIC_F1;
-        /* The symbol name for the "initialise ENGINE structure" function */
-        const char *DYNAMIC_F2;
-        };
-
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
-static int dynamic_ex_data_idx = -1;
-
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
-static void dynamic_data_ctx_free_func(void *parent, void *ptr,
-                        CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
-        {
-        if(ptr)
-                {
-                dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-                if(ctx->dynamic_dso)
-                        DSO_free(ctx->dynamic_dso);
-                if(ctx->DYNAMIC_LIBNAME)
-                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-                if(ctx->engine_id)
-                        OPENSSL_free((void*)ctx->engine_id);
-                OPENSSL_free(ctx);
-                }
-        }
-
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-        {
-        dynamic_data_ctx *c;
-        c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
-        if(!c)
-                {
-                ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        memset(c, 0, sizeof(dynamic_data_ctx));
-        c->dynamic_dso = NULL;
-        c->v_check = NULL;
-        c->bind_engine = NULL;
-        c->DYNAMIC_LIBNAME = NULL;
-        c->no_vcheck = 0;
-        c->engine_id = NULL;
-        c->list_add_value = 0;
-        c->DYNAMIC_F1 = "v_check";
-        c->DYNAMIC_F2 = "bind_engine";
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-                                dynamic_ex_data_idx)) == NULL)
-                {
-                /* Good, we're the first */
-                ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-                *ctx = c;
-                c = NULL;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* If we lost the race to set the context, c is non-NULL and *ctx is the
-         * context of the thread that won. */
-        if(c)
-                OPENSSL_free(c);
-        return 1;
-        }
-
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
-        {
-        dynamic_data_ctx *ctx;
-        if(dynamic_ex_data_idx < 0)
-                {
-                /* Create and register the ENGINE ex_data, and associate our
-                 * "free" function with it to ensure any allocated contexts get
-                 * freed when an ENGINE goes underground. */
-                int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-                                        dynamic_data_ctx_free_func);
-                if(new_idx == -1)
-                        {
-                        ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
-                        return NULL;
-                        }
-                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-                /* Avoid a race by checking again inside this lock */
-                if(dynamic_ex_data_idx < 0)
-                        {
-                        /* Good, someone didn't beat us to it */
-                        dynamic_ex_data_idx = new_idx;
-                        new_idx = -1;
-                        }
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                /* In theory we could "give back" the index here if
-                 * (new_idx>-1), but it's not possible and wouldn't gain us much
-                 * if it were. */
-                }
-        ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-        /* Check if the context needs to be created */
-        if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-                /* "set_data" will set errors if necessary */
-                return NULL;
-        return ctx;
-        }
-
-static ENGINE *engine_dynamic(void)
-        {
-        ENGINE *ret = ENGINE_new();
-        if(!ret)
-                return NULL;
-        if(!ENGINE_set_id(ret, engine_dynamic_id) ||
-                        !ENGINE_set_name(ret, engine_dynamic_name) ||
-                        !ENGINE_set_init_function(ret, dynamic_init) ||
-                        !ENGINE_set_finish_function(ret, dynamic_finish) ||
-                        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-                        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-                        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
-                {
-                ENGINE_free(ret);
-                return NULL;
-                }
-        return ret;
-        }
-
-void ENGINE_load_dynamic(void)
-        {
-        ENGINE *toadd = engine_dynamic();
-        if(!toadd) return;
-        ENGINE_add(toadd);
-        /* If the "add" worked, it gets a structural reference. So either way,
-         * we release our just-created reference. */
-        ENGINE_free(toadd);
-        /* If the "add" didn't work, it was probably a conflict because it was
-         * already added (eg. someone calling ENGINE_load_blah then calling
-         * ENGINE_load_builtin_engines() perhaps). */
-        ERR_clear_error();
-        }
-
-static int dynamic_init(ENGINE *e)
-        {
-        /* We always return failure - the "dyanamic" engine itself can't be used
-         * for anything. */
-        return 0;
-        }
-
-static int dynamic_finish(ENGINE *e)
-        {
-        /* This should never be called on account of "dynamic_init" always
-         * failing. */
-        return 0;
-        }
-
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
-        {
-        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-        int initialised;
-        
-        if(!ctx)
-                {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
-                return 0;
-                }
-        initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-        /* All our control commands require the ENGINE to be uninitialised */
-        if(initialised)
-                {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                        ENGINE_R_ALREADY_LOADED);
-                return 0;
-                }
-        switch(cmd)
-                {
-        case DYNAMIC_CMD_SO_PATH:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if(p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                if(ctx->DYNAMIC_LIBNAME)
-                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-                if(p)
-                        ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
-                else
-                        ctx->DYNAMIC_LIBNAME = NULL;
-                return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-        case DYNAMIC_CMD_NO_VCHECK:
-                ctx->no_vcheck = ((i == 0) ? 0 : 1);
-                return 1;
-        case DYNAMIC_CMD_ID:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if(p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                if(ctx->engine_id)
-                        OPENSSL_free((void*)ctx->engine_id);
-                if(p)
-                        ctx->engine_id = BUF_strdup(p);
-                else
-                        ctx->engine_id = NULL;
-                return (ctx->engine_id ? 1 : 0);
-        case DYNAMIC_CMD_LIST_ADD:
-                if((i < 0) || (i > 2))
-                        {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                        }
-                ctx->list_add_value = (int)i;
-                return 1;
-        case DYNAMIC_CMD_LOAD:
-                return dynamic_load(e, ctx);
-        default:
-                break;
-                }
-        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        return 0;
-        }
-
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-        {
-        ENGINE cpy;
-        dynamic_fns fns;
-
-        if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
-                                ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
-                {
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                        ENGINE_R_DSO_NOT_FOUND);
-                return 0;
-                }
-        /* We have to find a bind function otherwise it'll always end badly */
-        if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
-                                        ctx->dynamic_dso, ctx->DYNAMIC_F2)))
-                {
-                ctx->bind_engine = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                        ENGINE_R_DSO_FAILURE);
-                return 0;
-                }
-        /* Do we perform version checking? */
-        if(!ctx->no_vcheck)
-                {
-                unsigned long vcheck_res = 0;
-                /* Now we try to find a version checking function and decide how
-                 * to cope with failure if/when it fails. */
-                ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
-                                ctx->dynamic_dso, ctx->DYNAMIC_F1);
-                if(ctx->v_check)
-                        vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-                /* We fail if the version checker veto'd the load *or* if it is
-                 * deferring to us (by returning its version) and we think it is
-                 * too old. */
-                if(vcheck_res < OSSL_DYNAMIC_OLDEST)
-                        {
-                        /* Fail */
-                        ctx->bind_engine = NULL;
-                        ctx->v_check = NULL;
-                        DSO_free(ctx->dynamic_dso);
-                        ctx->dynamic_dso = NULL;
-                        ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                                ENGINE_R_VERSION_INCOMPATIBILITY);
-                        return 0;
-                        }
-                }
-        /* First binary copy the ENGINE structure so that we can roll back if
-         * the hand-over fails */
-        memcpy(&cpy, e, sizeof(ENGINE));
-        /* Provide the ERR, "ex_data", memory, and locking callbacks so the
-         * loaded library uses our state rather than its own. FIXME: As noted in
-         * engine.h, much of this would be simplified if each area of code
-         * provided its own "summary" structure of all related callbacks. It
-         * would also increase opaqueness. */
-        fns.err_fns = ERR_get_implementation();
-        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-                                &fns.mem_fns.realloc_cb,
-                                &fns.mem_fns.free_cb);
-        fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-        fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-        /* Now that we've loaded the dynamic engine, make sure no "dynamic"
-         * ENGINE elements will show through. */
-        engine_set_all_null(e);
-
-        /* Try to bind the ENGINE onto our own ENGINE structure */
-        if(!ctx->bind_engine(e, ctx->engine_id, &fns))
-                {
-                ctx->bind_engine = NULL;
-                ctx->v_check = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
-                /* Copy the original ENGINE structure back */
-                memcpy(e, &cpy, sizeof(ENGINE));
-                return 0;
-                }
-        /* Do we try to add this ENGINE to the internal list too? */
-        if(ctx->list_add_value > 0)
-                {
-                if(!ENGINE_add(e))
-                        {
-                        /* Do we tolerate this or fail? */
-                        if(ctx->list_add_value > 1)
-                                {
-                                /* Fail - NB: By this time, it's too late to
-                                 * rollback, and trying to do so allows the
-                                 * bind_engine() code to have created leaks. We
-                                 * just have to fail where we are, after the
-                                 * ENGINE has changed. */
-                                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                                        ENGINE_R_CONFLICTING_ENGINE_ID);
-                                return 0;
-                                }
-                        /* Tolerate */
-                        ERR_clear_error();
-                        }
-                }
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
deleted file mode 100644
index fdc0e7be0f..0000000000
--- a/src/lib/libcrypto/engine/eng_err.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* crypto/engine/eng_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
-static ERR_STRING_DATA ENGINE_str_functs[]=
-        {
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),       "DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),       "DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),       "DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),       "ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),   "ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL),        "ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),    "ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),     "ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH),      "ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE),        "ENGINE_free"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),  "ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),    "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),      "ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),    "ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),      "ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),  "ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),      "ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),    "INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),       "INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE),        "LOG_MESSAGE"},
-{ERR_FUNC(ENGINE_F_SET_DATA_CTX),       "SET_DATA_CTX"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA ENGINE_str_reasons[]=
-        {
-{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_ENGINE_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,ENGINE_str_functs);
-                ERR_load_strings(0,ENGINE_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
deleted file mode 100644
index 7ccf7022ee..0000000000
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* crypto/engine/eng_fat.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-#include <openssl/conf.h>
-
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
-        {
-        if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
-                return 0;
-        if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
-                return 0;
-#ifndef OPENSSL_NO_RSA
-        if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
-        if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_DH
-        if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
-                return 0;
-#endif
-        if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
-                return 0;
-        return 1;
-        }
-
-/* Set default algorithms using a string */
-
-static int int_def_cb(const char *alg, int len, void *arg)
-        {
-        unsigned int *pflags = arg;
-        if (!strncmp(alg, "ALL", len))
-                *pflags |= ENGINE_METHOD_ALL;
-        else if (!strncmp(alg, "RSA", len))
-                *pflags |= ENGINE_METHOD_RSA;
-        else if (!strncmp(alg, "DSA", len))
-                *pflags |= ENGINE_METHOD_DSA;
-        else if (!strncmp(alg, "DH", len))
-                *pflags |= ENGINE_METHOD_DH;
-        else if (!strncmp(alg, "RAND", len))
-                *pflags |= ENGINE_METHOD_RAND;
-        else if (!strncmp(alg, "CIPHERS", len))
-                *pflags |= ENGINE_METHOD_CIPHERS;
-        else if (!strncmp(alg, "DIGESTS", len))
-                *pflags |= ENGINE_METHOD_DIGESTS;
-        else
-                return 0;
-        return 1;
-        }
-
-
-int ENGINE_set_default_string(ENGINE *e, const char *def_list)
-        {
-        unsigned int flags = 0;
-        if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
-                                        ENGINE_R_INVALID_STRING);
-                ERR_add_error_data(2, "str=",def_list);
-                return 0;
-                }
-        return ENGINE_set_default(e, flags);
-        }
-
-int ENGINE_register_complete(ENGINE *e)
-        {
-        ENGINE_register_ciphers(e);
-        ENGINE_register_digests(e);
-#ifndef OPENSSL_NO_RSA
-        ENGINE_register_RSA(e);
-#endif
-#ifndef OPENSSL_NO_DSA
-        ENGINE_register_DSA(e);
-#endif
-#ifndef OPENSSL_NO_DH
-        ENGINE_register_DH(e);
-#endif
-        ENGINE_register_RAND(e);
-        return 1;
-        }
-
-int ENGINE_register_all_complete(void)
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_complete(e);
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
deleted file mode 100644
index 170c1791b3..0000000000
--- a/src/lib/libcrypto/engine/eng_init.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/* crypto/engine/eng_init.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
-int engine_unlocked_init(ENGINE *e)
-        {
-        int to_return = 1;
-
-        if((e->funct_ref == 0) && e->init)
-                /* This is the first functional reference and the engine
-                 * requires initialisation so we do it now. */
-                to_return = e->init(e);
-        if(to_return)
-                {
-                /* OK, we return a functional reference which is also a
-                 * structural reference. */
-                e->struct_ref++;
-                e->funct_ref++;
-                engine_ref_debug(e, 0, 1)
-                engine_ref_debug(e, 1, 1)
-                }
-        return to_return;
-        }
-
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
-        {
-        int to_return = 1;
-
-        /* Reduce the functional reference count here so if it's the terminating
-         * case, we can release the lock safely and call the finish() handler
-         * without risk of a race. We get a race if we leave the count until
-         * after and something else is calling "finish" at the same time -
-         * there's a chance that both threads will together take the count from
-         * 2 to 0 without either calling finish(). */
-        e->funct_ref--;
-        engine_ref_debug(e, 1, -1);
-        if((e->funct_ref == 0) && e->finish)
-                {
-                if(unlock_for_handlers)
-                        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                to_return = e->finish(e);
-                if(unlock_for_handlers)
-                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-                if(!to_return)
-                        return 0;
-                }
-#ifdef REF_CHECK
-        if(e->funct_ref < 0)
-                {
-                fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
-                abort();
-                }
-#endif
-        /* Release the structural reference too */
-        if(!engine_free_util(e, 0))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-                return 0;
-                }
-        return to_return;
-        }
-
-/* The API (locked) version of "init" */
-int ENGINE_init(ENGINE *e)
-        {
-        int ret;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_unlocked_init(e);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-        }
-
-/* The API (locked) version of "finish" */
-int ENGINE_finish(ENGINE *e)
-        {
-        int to_return = 1;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        to_return = engine_unlocked_finish(e, 1);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if(!to_return)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-                return 0;
-                }
-        return to_return;
-        }
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
deleted file mode 100644
index 38335f99cd..0000000000
--- a/src/lib/libcrypto/engine/eng_int.h
+++ /dev/null
@@ -1,185 +0,0 @@
-/* crypto/engine/eng_int.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
-
-/* Take public definitions from engine.h */
-#include <openssl/engine.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* If we compile with this symbol defined, then both reference counts in the
- * ENGINE structure will be monitored with a line of output on stderr for each
- * change. This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change. */
-#ifdef ENGINE_REF_COUNT_DEBUG
-
-#define engine_ref_debug(e, isfunct, diff) \
-        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
-                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
-                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
-                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-                (__FILE__), (__LINE__));
-
-#else
-
-#define engine_ref_debug(e, isfunct, diff)
-
-#endif
-
-/* Any code that will need cleanup operations should use these functions to
- * register callbacks. ENGINE_cleanup() will call all registered callbacks in
- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode). */
-typedef void (ENGINE_CLEANUP_CB)(void);
-typedef struct st_engine_cleanup_item
-        {
-        ENGINE_CLEANUP_CB *cb;
-        } ENGINE_CLEANUP_ITEM;
-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
-
-/* We need stacks of ENGINEs for use in eng_table.c */
-DECLARE_STACK_OF(ENGINE)
-
-/* If this symbol is defined then engine_table_select(), the function that is
- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
- * functional references (etc), will display debugging summaries to stderr. */
-/* #define ENGINE_TABLE_DEBUG */
-
-/* This represents an implementation table. Dependent code should instantiate it
- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
-typedef struct st_engine_table ENGINE_TABLE;
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-                ENGINE *e, const int *nids, int num_nids, int setdefault);
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
-void engine_table_cleanup(ENGINE_TABLE **table);
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-#endif
-
-/* Internal versions of API functions that have control over locking. These are
- * used between C files when functionality needs to be shared but the caller may
- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
-int engine_unlocked_init(ENGINE *e);
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
-
-/* This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all the
- * ENGINE_set_***() functions with a NULL value. */
-void engine_set_all_null(ENGINE *e);
-
-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
- * in engine.h. */
-
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-struct engine_st
-        {
-        const char *id;
-        const char *name;
-        const RSA_METHOD *rsa_meth;
-        const DSA_METHOD *dsa_meth;
-        const DH_METHOD *dh_meth;
-        const RAND_METHOD *rand_meth;
-        /* Cipher handling is via this callback */
-        ENGINE_CIPHERS_PTR ciphers;
-        /* Digest handling is via this callback */
-        ENGINE_DIGESTS_PTR digests;
-
-
-        ENGINE_GEN_INT_FUNC_PTR destroy;
-
-        ENGINE_GEN_INT_FUNC_PTR init;
-        ENGINE_GEN_INT_FUNC_PTR finish;
-        ENGINE_CTRL_FUNC_PTR ctrl;
-        ENGINE_LOAD_KEY_PTR load_privkey;
-        ENGINE_LOAD_KEY_PTR load_pubkey;
-
-        const ENGINE_CMD_DEFN *cmd_defns;
-        int flags;
-        /* reference count on the structure itself */
-        int struct_ref;
-        /* reference count on usability of the engine type. NB: This
-         * controls the loading and initialisation of any functionlity
-         * required by this engine, whereas the previous count is
-         * simply to cope with (de)allocation of this structure. Hence,
-         * running_ref <= struct_ref at all times. */
-        int funct_ref;
-        /* A place to store per-ENGINE data */
-        CRYPTO_EX_DATA ex_data;
-        /* Used to maintain the linked-list of engines. */
-        struct engine_st *prev;
-        struct engine_st *next;
-        };
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
deleted file mode 100644
index a66d0f08af..0000000000
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/* crypto/engine/eng_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
-#include <openssl/engine.h>
-
-/* The "new"/"free" stuff first */
-
-ENGINE *ENGINE_new(void)
-        {
-        ENGINE *ret;
-
-        ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-        if(ret == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-        memset(ret, 0, sizeof(ENGINE));
-        ret->struct_ref = 1;
-        engine_ref_debug(ret, 0, 1)
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-        return ret;
-        }
-
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
- * elements of the ENGINE structure are more likely to be caught and changed
- * here. */
-void engine_set_all_null(ENGINE *e)
-        {
-        e->id = NULL;
-        e->name = NULL;
-        e->rsa_meth = NULL;
-        e->dsa_meth = NULL;
-        e->dh_meth = NULL;
-        e->rand_meth = NULL;
-        e->ciphers = NULL;
-        e->digests = NULL;
-        e->destroy = NULL;
-        e->init = NULL;
-        e->finish = NULL;
-        e->ctrl = NULL;
-        e->load_privkey = NULL;
-        e->load_pubkey = NULL;
-        e->cmd_defns = NULL;
-        e->flags = 0;
-        }
-
-int engine_free_util(ENGINE *e, int locked)
-        {
-        int i;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_FREE,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        if(locked)
-                i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
-        else
-                i = --e->struct_ref;
-        engine_ref_debug(e, 0, -1)
-        if (i > 0) return 1;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"ENGINE_free, bad structural reference count\n");
-                abort();
-                }
-#endif
-        /* Give the ENGINE a chance to do any structural cleanup corresponding
-         * to allocation it did in its constructor (eg. unload error strings) */
-        if(e->destroy)
-                e->destroy(e);
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
-        OPENSSL_free(e);
-        return 1;
-        }
-
-int ENGINE_free(ENGINE *e)
-        {
-        return engine_free_util(e, 1);
-        }
-
-/* Cleanup stuff */
-
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
-static int int_cleanup_check(int create)
-        {
-        if(cleanup_stack) return 1;
-        if(!create) return 0;
-        cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
-        return (cleanup_stack ? 1 : 0);
-        }
-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
-        {
-        ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
-                                        ENGINE_CLEANUP_ITEM));
-        if(!item) return NULL;
-        item->cb = cb;
-        return item;
-        }
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
-        {
-        ENGINE_CLEANUP_ITEM *item;
-        if(!int_cleanup_check(1)) return;
-        item = int_cleanup_item(cb);
-        if(item)
-                sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
-        }
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
-        {
-        ENGINE_CLEANUP_ITEM *item;
-        if(!int_cleanup_check(1)) return;
-        item = int_cleanup_item(cb);
-        if(item)
-                sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
-        }
-/* The API function that performs all cleanup */
-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
-        {
-        (*(item->cb))();
-        OPENSSL_free(item);
-        }
-void ENGINE_cleanup(void)
-        {
-        if(int_cleanup_check(0))
-                {
-                sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
-                        engine_cleanup_cb_free);
-                cleanup_stack = NULL;
-                }
-        /* FIXME: This should be handled (somehow) through RAND, eg. by it
-         * registering a cleanup callback. */
-        RAND_set_rand_method(NULL);
-        }
-
-/* Now the "ex_data" support */
-
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-                        new_func, dup_func, free_func);
-        }
-
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
-        }
-
-void *ENGINE_get_ex_data(const ENGINE *e, int idx)
-        {
-        return(CRYPTO_get_ex_data(&e->ex_data, idx));
-        }
-
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
-
-int ENGINE_set_id(ENGINE *e, const char *id)
-        {
-        if(id == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        e->id = id;
-        return 1;
-        }
-
-int ENGINE_set_name(ENGINE *e, const char *name)
-        {
-        if(name == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        e->name = name;
-        return 1;
-        }
-
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-        {
-        e->destroy = destroy_f;
-        return 1;
-        }
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-        {
-        e->init = init_f;
-        return 1;
-        }
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-        {
-        e->finish = finish_f;
-        return 1;
-        }
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-        {
-        e->ctrl = ctrl_f;
-        return 1;
-        }
-
-int ENGINE_set_flags(ENGINE *e, int flags)
-        {
-        e->flags = flags;
-        return 1;
-        }
-
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-        {
-        e->cmd_defns = defns;
-        return 1;
-        }
-
-const char *ENGINE_get_id(const ENGINE *e)
-        {
-        return e->id;
-        }
-
-const char *ENGINE_get_name(const ENGINE *e)
-        {
-        return e->name;
-        }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
-        {
-        return e->destroy;
-        }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
-        {
-        return e->init;
-        }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
-        {
-        return e->finish;
-        }
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
-        {
-        return e->ctrl;
-        }
-
-int ENGINE_get_flags(const ENGINE *e)
-        {
-        return e->flags;
-        }
-
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
-        {
-        return e->cmd_defns;
-        }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
deleted file mode 100644
index 1cc3217f4c..0000000000
--- a/src/lib/libcrypto/engine/eng_list.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/* crypto/engine/eng_list.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
-
-static void engine_list_cleanup(void)
-        {
-        ENGINE *iterator = engine_list_head;
-
-        while(iterator != NULL)
-                {
-                ENGINE_remove(iterator);
-                iterator = engine_list_head;
-                }
-        return;
-        }
-
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
-static int engine_list_add(ENGINE *e)
-        {
-        int conflict = 0;
-        ENGINE *iterator = NULL;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        iterator = engine_list_head;
-        while(iterator && !conflict)
-                {
-                conflict = (strcmp(iterator->id, e->id) == 0);
-                iterator = iterator->next;
-                }
-        if(conflict)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                        ENGINE_R_CONFLICTING_ENGINE_ID);
-                return 0;
-                }
-        if(engine_list_head == NULL)
-                {
-                /* We are adding to an empty list. */
-                if(engine_list_tail)
-                        {
-                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                                ENGINE_R_INTERNAL_LIST_ERROR);
-                        return 0;
-                        }
-                engine_list_head = e;
-                e->prev = NULL;
-                /* The first time the list allocates, we should register the
-                 * cleanup. */
-                engine_cleanup_add_last(engine_list_cleanup);
-                }
-        else
-                {
-                /* We are adding to the tail of an existing list. */
-                if((engine_list_tail == NULL) ||
-                                (engine_list_tail->next != NULL))
-                        {
-                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-                                ENGINE_R_INTERNAL_LIST_ERROR);
-                        return 0;
-                        }
-                engine_list_tail->next = e;
-                e->prev = engine_list_tail;
-                }
-        /* Having the engine in the list assumes a structural
-         * reference. */
-        e->struct_ref++;
-        engine_ref_debug(e, 0, 1)
-        /* However it came to be, e is the last item in the list. */
-        engine_list_tail = e;
-        e->next = NULL;
-        return 1;
-        }
-
-static int engine_list_remove(ENGINE *e)
-        {
-        ENGINE *iterator;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        /* We need to check that e is in our linked list! */
-        iterator = engine_list_head;
-        while(iterator && (iterator != e))
-                iterator = iterator->next;
-        if(iterator == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-                        ENGINE_R_ENGINE_IS_NOT_IN_LIST);
-                return 0;
-                }
-        /* un-link e from the chain. */
-        if(e->next)
-                e->next->prev = e->prev;
-        if(e->prev)
-                e->prev->next = e->next;
-        /* Correct our head/tail if necessary. */
-        if(engine_list_head == e)
-                engine_list_head = e->next;
-        if(engine_list_tail == e)
-                engine_list_tail = e->prev;
-        engine_free_util(e, 0);
-        return 1;
-        }
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void)
-        {
-        ENGINE *ret;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_list_head;
-        if(ret)
-                {
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-        }
-
-ENGINE *ENGINE_get_last(void)
-        {
-        ENGINE *ret;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_list_tail;
-        if(ret)
-                {
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-        }
-
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e)
-        {
-        ENGINE *ret = NULL;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = e->next;
-        if(ret)
-                {
-                /* Return a valid structural refernce to the next ENGINE */
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Release the structural reference to the previous ENGINE */
-        ENGINE_free(e);
-        return ret;
-        }
-
-ENGINE *ENGINE_get_prev(ENGINE *e)
-        {
-        ENGINE *ret = NULL;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = e->prev;
-        if(ret)
-                {
-                /* Return a valid structural reference to the next ENGINE */
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Release the structural reference to the previous ENGINE */
-        ENGINE_free(e);
-        return ret;
-        }
-
-/* Add another "ENGINE" type into the list. */
-int ENGINE_add(ENGINE *e)
-        {
-        int to_return = 1;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        if((e->id == NULL) || (e->name == NULL))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                        ENGINE_R_ID_OR_NAME_MISSING);
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(!engine_list_add(e))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_ADD,
-                        ENGINE_R_INTERNAL_LIST_ERROR);
-                to_return = 0;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return to_return;
-        }
-
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e)
-        {
-        int to_return = 1;
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(!engine_list_remove(e))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-                        ENGINE_R_INTERNAL_LIST_ERROR);
-                to_return = 0;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return to_return;
-        }
-
-static void engine_cpy(ENGINE *dest, const ENGINE *src)
-        {
-        dest->id = src->id;
-        dest->name = src->name;
-#ifndef OPENSSL_NO_RSA
-        dest->rsa_meth = src->rsa_meth;
-#endif
-#ifndef OPENSSL_NO_DSA
-        dest->dsa_meth = src->dsa_meth;
-#endif
-#ifndef OPENSSL_NO_DH
-        dest->dh_meth = src->dh_meth;
-#endif
-        dest->rand_meth = src->rand_meth;
-        dest->ciphers = src->ciphers;
-        dest->digests = src->digests;
-        dest->destroy = src->destroy;
-        dest->init = src->init;
-        dest->finish = src->finish;
-        dest->ctrl = src->ctrl;
-        dest->load_privkey = src->load_privkey;
-        dest->load_pubkey = src->load_pubkey;
-        dest->cmd_defns = src->cmd_defns;
-        dest->flags = src->flags;
-        }
-
-ENGINE *ENGINE_by_id(const char *id)
-        {
-        ENGINE *iterator;
-        if(id == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return NULL;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        iterator = engine_list_head;
-        while(iterator && (strcmp(id, iterator->id) != 0))
-                iterator = iterator->next;
-        if(iterator)
-                {
-                /* We need to return a structural reference. If this is an
-                 * ENGINE type that returns copies, make a duplicate - otherwise
-                 * increment the existing ENGINE's reference count. */
-                if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
-                        {
-                        ENGINE *cp = ENGINE_new();
-                        if(!cp)
-                                iterator = NULL;
-                        else
-                                {
-                                engine_cpy(cp, iterator);
-                                iterator = cp;
-                                }
-                        }
-                else
-                        {
-                        iterator->struct_ref++;
-                        engine_ref_debug(iterator, 0, 1)
-                        }
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if(iterator == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-                        ENGINE_R_NO_SUCH_ENGINE);
-                ERR_add_error_data(2, "id=", id);
-                }
-        return iterator;
-        }
-
-int ENGINE_up_ref(ENGINE *e)
-        {
-        if (e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
deleted file mode 100644
index 54579eea2e..0000000000
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/* crypto/engine/eng_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
-#define TEST_ENG_OPENSSL_RC4
-#define TEST_ENG_OPENSSL_PKEY
-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
-#define TEST_ENG_OPENSSL_RC4_P_INIT
-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-#define TEST_ENG_OPENSSL_SHA
-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
-
-/* Now check what of those algorithms are actually enabled */
-#ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
-#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
-#endif
-
-#ifdef TEST_ENG_OPENSSL_RC4
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                                const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-                                const int **nids, int nid);
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data);
-#endif
-
-/* The constants used when creating the ENGINE */
-static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software engine support";
-
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
-        {
-        if(!ENGINE_set_id(e, engine_openssl_id)
-                        || !ENGINE_set_name(e, engine_openssl_name)
-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
-                        || !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
-                        || !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DH
-                        || !ENGINE_set_DH(e, DH_get_default_method())
-#endif
-                        || !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
-                        || !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-                        || !ENGINE_set_digests(e, openssl_digests)
-#endif
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
-                        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
-#endif
-                        )
-                return 0;
-        /* If we add errors to this ENGINE, ensure the error handling is setup here */
-        /* openssl_load_error_strings(); */
-        return 1;
-        }
-
-static ENGINE *engine_openssl(void)
-        {
-        ENGINE *ret = ENGINE_new();
-        if(!ret)
-                return NULL;
-        if(!bind_helper(ret))
-                {
-                ENGINE_free(ret);
-                return NULL;
-                }
-        return ret;
-        }
-
-void ENGINE_load_openssl(void)
-        {
-        ENGINE *toadd = engine_openssl();
-        if(!toadd) return;
-        ENGINE_add(toadd);
-        /* If the "add" worked, it gets a structural reference. So either way,
-         * we release our just-created reference. */
-        ENGINE_free(toadd);
-        ERR_clear_error();
-        }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
-        {
-        if(id && (strcmp(id, engine_openssl_id) != 0))
-                return 0;
-        if(!bind_helper(e))
-                return 0;
-        return 1;
-        }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
- * should under normal circumstances go via this support rather than the default
- * EVP support. There are other symbols to tweak the testing;
- *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
- *        we're asked for a cipher we don't support (should not happen).
- *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
- *        the "init_key" handler is called.
- *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
- */
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE               16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
-static int test_cipher_nids_number = 2;
-typedef struct {
-        unsigned char key[TEST_RC4_KEY_SIZE];
-        RC4_KEY ks;
-        } TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-        {
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
-        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
-        memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
-        RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-                test(ctx)->key);
-        return 1;
-        }
-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
-        {
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
-        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
-        RC4(&test(ctx)->ks,inl,in,out);
-        return 1;
-        }
-static const EVP_CIPHER test_r4_cipher=
-        {
-        NID_rc4,
-        1,TEST_RC4_KEY_SIZE,0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        test_rc4_init_key,
-        test_rc4_cipher,
-        NULL,
-        sizeof(TEST_RC4_KEY),
-        NULL,
-        NULL,
-        NULL
-        };
-static const EVP_CIPHER test_r4_40_cipher=
-        {
-        NID_rc4_40,
-        1,5 /* 40 bit */,0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        test_rc4_init_key,
-        test_rc4_cipher,
-        NULL,
-        sizeof(TEST_RC4_KEY),
-        NULL, 
-        NULL,
-        NULL
-        };
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-                        const int **nids, int nid)
-        {
-        if(!cipher)
-                {
-                /* We are returning a list of supported nids */
-                *nids = test_cipher_nids;
-                return test_cipher_nids_number;
-                }
-        /* We are being asked for a specific cipher */
-        if(nid == NID_rc4)
-                *cipher = &test_r4_cipher;
-        else if(nid == NID_rc4_40)
-                *cipher = &test_r4_40_cipher;
-        else
-                {
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
-                fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
-                                "nid %d\n", nid);
-#endif
-                *cipher = NULL;
-                return 0;
-                }
-        return 1;
-        }
-#endif
-
-#ifdef TEST_ENG_OPENSSL_SHA
-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
-static int test_digest_nids_number = 1;
-static int test_sha1_init(EVP_MD_CTX *ctx)
-        {
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
-        return SHA1_Init(ctx->md_data);
-        }
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        {
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
-        return SHA1_Update(ctx->md_data,data,count);
-        }
-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
-        {
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
-        return SHA1_Final(md,ctx->md_data);
-        }
-static const EVP_MD test_sha_md=
-        {
-        NID_sha1,
-        NID_sha1WithRSAEncryption,
-        SHA_DIGEST_LENGTH,
-        0,
-        test_sha1_init,
-        test_sha1_update,
-        test_sha1_final,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA_CTX),
-        };
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-                        const int **nids, int nid)
-        {
-        if(!digest)
-                {
-                /* We are returning a list of supported nids */
-                *nids = test_digest_nids;
-                return test_digest_nids_number;
-                }
-        /* We are being asked for a specific digest */
-        if(nid == NID_sha1)
-                *digest = &test_sha_md;
-        else
-                {
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
-                fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
-                                "nid %d\n", nid);
-#endif
-                *digest = NULL;
-                return 0;
-                }
-        return 1;
-        }
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data)
-        {
-        BIO *in;
-        EVP_PKEY *key;
-        fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
-        in = BIO_new_file(key_id, "r");
-        if (!in)
-                return NULL;
-        key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
-        BIO_free(in);
-        return key;
-        }
-#endif
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
deleted file mode 100644
index 8c69171511..0000000000
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/* crypto/engine/eng_pkey.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-#include <openssl/engine.h>
-
-/* Basic get/set stuff */
-
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
-        {
-        e->load_privkey = loadpriv_f;
-        return 1;
-        }
-
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-        {
-        e->load_pubkey = loadpub_f;
-        return 1;
-        }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
-        {
-        return e->load_privkey;
-        }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
-        {
-        return e->load_pubkey;
-        }
-
-/* API functions to load public/private keys */
-
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data)
-        {
-        EVP_PKEY *pkey;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(e->funct_ref == 0)
-                {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                        ENGINE_R_NOT_INITIALISED);
-                return 0;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!e->load_privkey)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                        ENGINE_R_NO_LOAD_FUNCTION);
-                return 0;
-                }
-        pkey = e->load_privkey(e, key_id, ui_method, callback_data);
-        if (!pkey)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                        ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-                return 0;
-                }
-        return pkey;
-        }
-
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data)
-        {
-        EVP_PKEY *pkey;
-
-        if(e == NULL)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                        ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(e->funct_ref == 0)
-                {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                        ENGINE_R_NOT_INITIALISED);
-                return 0;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!e->load_pubkey)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                        ENGINE_R_NO_LOAD_FUNCTION);
-                return 0;
-                }
-        pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
-        if (!pkey)
-                {
-                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-                return 0;
-                }
-        return pkey;
-        }
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
deleted file mode 100644
index c69a84a8bf..0000000000
--- a/src/lib/libcrypto/engine/eng_table.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
- * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
- * pointers. These pointers aren't references, because they're inserted and
- * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
- * that *exist* (ie. have a structural reference count greater than zero) rather
- * than ENGINEs that are *functional*. Each pointer in those stacks are to
- * ENGINEs that implements the algorithm corresponding to each 'nid'. */
-
-/* The type of the items in the table */
-typedef struct st_engine_pile
-        {
-        /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
-         * */
-        int nid;
-        /* A stack of ENGINE pointers for ENGINEs that support this
-         * algorithm/mode. In the event that 'funct' is NULL, the first entry in
-         * this stack that initialises will be set as 'funct' and assumed as the
-         * default for operations of this type. */
-        STACK_OF(ENGINE) *sk;
-        /* The default ENGINE to perform this algorithm/mode. */
-        ENGINE *funct;
-        /* This value optimises engine_table_select(). If it is called it sets
-         * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
-         * As such, no ENGINE_init() thrashing is done unless ENGINEs
-         * continually register (and/or unregister). */
-        int uptodate;
-        } ENGINE_PILE;
-
-/* The type of the hash table of ENGINE_PILE structures such that each are
- * unique and keyed by the 'nid' value. */
-struct st_engine_table
-        {
-        LHASH piles;
-        }; /* ENGINE_TABLE */
-
-/* This value stores global options controlling behaviour of (mostly) the
- * engine_table_select() function. It's a bitmask of flag values of the form
- * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
- * ENGINE_[get|set]_table_flags() function. */
-static unsigned int table_flags = 0;
-
-/* API function manipulating 'table_flags' */
-unsigned int ENGINE_get_table_flags(void)
-        {
-        return table_flags;
-        }
-void ENGINE_set_table_flags(unsigned int flags)
-        {
-        table_flags = flags;
-        }
-
-/* Internal functions for the "piles" hash table */
-static unsigned long engine_pile_hash(const ENGINE_PILE *c)
-        {
-        return c->nid;
-        }
-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
-        {
-        return a->nid - b->nid;
-        }
-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
-static int int_table_check(ENGINE_TABLE **t, int create)
-        {
-        LHASH *lh;
-        if(*t)
-                return 1;
-        if(!create)
-                return 0;
-        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
-                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
-                return 0;
-        *t = (ENGINE_TABLE *)lh;
-        return 1;
-        }
-
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-                ENGINE *e, const int *nids, int num_nids, int setdefault)
-        {
-        int ret = 0, added = 0;
-        ENGINE_PILE tmplate, *fnd;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(!(*table))
-                added = 1;
-        if(!int_table_check(table, 1))
-                goto end;
-        if(added)
-                /* The cleanup callback needs to be added */
-                engine_cleanup_add_first(cleanup);
-        while(num_nids--)
-                {
-                tmplate.nid = *nids;
-                fnd = lh_retrieve(&(*table)->piles, &tmplate);
-                if(!fnd)
-                        {
-                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
-                        if(!fnd)
-                                goto end;
-                        fnd->uptodate = 1;
-                        fnd->nid = *nids;
-                        fnd->sk = sk_ENGINE_new_null();
-                        if(!fnd->sk)
-                                {
-                                OPENSSL_free(fnd);
-                                goto end;
-                                }
-                        fnd->funct= NULL;
-                        lh_insert(&(*table)->piles, fnd);
-                        }
-                /* A registration shouldn't add duplciate entries */
-                sk_ENGINE_delete_ptr(fnd->sk, e);
-                /* if 'setdefault', this ENGINE goes to the head of the list */
-                if(!sk_ENGINE_push(fnd->sk, e))
-                        goto end;
-                /* "touch" this ENGINE_PILE */
-                fnd->uptodate = 0;
-                if(setdefault)
-                        {
-                        if(!engine_unlocked_init(e))
-                                {
-                                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
-                                                ENGINE_R_INIT_FAILED);
-                                goto end;
-                                }
-                        if(fnd->funct)
-                                engine_unlocked_finish(fnd->funct, 0);
-                        fnd->funct = e;
-                        }
-                nids++;
-                }
-        ret = 1;
-end:
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-        }
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
-        {
-        int n;
-        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
-        while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
-                {
-                sk_ENGINE_delete(pile->sk, n);
-                /* "touch" this ENGINE_CIPHER */
-                pile->uptodate = 0;
-                }
-        if(pile->funct == e)
-                {
-                engine_unlocked_finish(e, 0);
-                pile->funct = NULL;
-                }
-        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(int_table_check(table, 0))
-                lh_doall_arg(&(*table)->piles,
-                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        }
-
-static void int_cleanup_cb(ENGINE_PILE *p)
-        {
-        sk_ENGINE_free(p->sk);
-        if(p->funct)
-                engine_unlocked_finish(p->funct, 0);
-        OPENSSL_free(p);
-        }
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
-void engine_table_cleanup(ENGINE_TABLE **table)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if(*table)
-                {
-                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
-                lh_free(&(*table)->piles);
-                *table = NULL;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
-#endif
-        {
-        ENGINE *ret = NULL;
-        ENGINE_PILE tmplate, *fnd=NULL;
-        int initres, loop = 0;
-
-        /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
-         * ENGINEs have registered any implementations! */
-        if(!(*table))
-                {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-                        "registered for anything!\n", f, l, nid);
-#endif
-                return NULL;
-                }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        /* Check again inside the lock otherwise we could race against cleanup
-         * operations. But don't worry about a fprintf(stderr). */
-        if(!int_table_check(table, 0))
-                goto end;
-        tmplate.nid = nid;
-        fnd = lh_retrieve(&(*table)->piles, &tmplate);
-        if(!fnd)
-                goto end;
-        if(fnd->funct && engine_unlocked_init(fnd->funct))
-                {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-                        "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
-#endif
-                ret = fnd->funct;
-                goto end;
-                }
-        if(fnd->uptodate)
-                {
-                ret = fnd->funct;
-                goto end;
-                }
-trynext:
-        ret = sk_ENGINE_value(fnd->sk, loop++);
-        if(!ret)
-                {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-                                "registered implementations would initialise\n",
-                                f, l, nid);
-#endif
-                goto end;
-                }
-#if 0
-        /* Don't need to get a reference if we hold the lock. If the locking has
-         * to change in future, that would be different ... */
-        ret->struct_ref++; engine_ref_debug(ret, 0, 1)
-#endif
-        /* Try and initialise the ENGINE if it's already functional *or* if the
-         * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
-        if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
-                initres = engine_unlocked_init(ret);
-        else
-                initres = 0;
-#if 0
-        /* Release the structural reference */
-        ret->struct_ref--; engine_ref_debug(ret, 0, -1);
-#endif
-        if(initres)
-                {
-                /* If we didn't have a default (functional reference) for this
-                 * 'nid' (or we had one but for whatever reason we're now
-                 * initialising a different one), use this opportunity to set
-                 * 'funct'. */
-                if((fnd->funct != ret) && engine_unlocked_init(ret))
-                        {
-                        /* If there was a previous default we release it. */
-                        if(fnd->funct)
-                                engine_unlocked_finish(fnd->funct, 0);
-                        /* We got an extra functional reference for the
-                         * per-'nid' default */
-                        fnd->funct = ret;
-#ifdef ENGINE_TABLE_DEBUG
-                        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
-                                "setting default to '%s'\n", f, l, nid, ret->id);
-#endif
-                        }
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-                                "newly initialised '%s'\n", f, l, nid, ret->id);
-#endif
-                goto end;
-                }
-        goto trynext;
-end:
-        /* Whatever happened - we should "untouch" our uptodate file seeing as
-         * we have tried our best to find a functional reference for 'nid'. If
-         * it failed, it is unlikely to succeed again until some future
-         * registrations (or unregistrations) have taken place that affect that
-         * 'nid'. */
-        if(fnd)
-                fnd->uptodate = 1;
-#ifdef ENGINE_TABLE_DEBUG
-        if(ret)
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-                                "ENGINE '%s'\n", f, l, nid, ret->id);
-        else
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-                                "'no matching ENGINE'\n", f, l, nid);
-#endif
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Whatever happened, any failed init()s are not failures in this
-         * context, so clear our error state. */
-        ERR_clear_error();
-        return ret;
-        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
deleted file mode 100644
index 900f75ce8d..0000000000
--- a/src/lib/libcrypto/engine/engine.h
+++ /dev/null
@@ -1,729 +0,0 @@
-/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
-#include <openssl/ossl_typ.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/ui.h>
-#include <openssl/symhacks.h>
-#include <openssl/err.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Fixups for missing algorithms */
-#ifdef OPENSSL_NO_RSA
-typedef void RSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DSA
-typedef void DSA_METHOD;
-#endif
-#ifdef OPENSSL_NO_DH
-typedef void DH_METHOD;
-#endif
-
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA               (unsigned int)0x0001
-#define ENGINE_METHOD_DSA               (unsigned int)0x0002
-#define ENGINE_METHOD_DH                (unsigned int)0x0004
-#define ENGINE_METHOD_RAND              (unsigned int)0x0008
-#define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
-#define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
-/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE              (unsigned int)0x0000
-
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
-#define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
-
-/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED        0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
-#define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
-#define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
-
-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
-#define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
-#define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
-
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines.  In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM               1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
-#define ENGINE_CTRL_HUP                         3 /* Close and reinitialise any
-                                                     handles/connections etc. */
-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
-                                                     when calling the password
-                                                     callback and the user
-                                                     interface */
-
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
-#define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
-#define ENGINE_CTRL_GET_CMD_FROM_NAME           13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
-#define ENGINE_CTRL_GET_NAME_FROM_CMD           15
-/* The next two are similar but give a "short description" of a command. */
-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
-#define ENGINE_CTRL_GET_DESC_FROM_CMD           17
-/* With this command, the return value is the OR'd combination of
- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
-#define ENGINE_CTRL_GET_CMD_FLAGS               18
-
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE         200
-
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
- * functionality is now available through ENGINE-specific control commands
- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
-
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
-        /* Depending on the value of the (long)i argument, this sets or
-         * unsets the SimpleForkCheck flag in the CHIL API to enable or
-         * disable checking and workarounds for applications that fork().
-         */
-#define ENGINE_CTRL_CHIL_NO_LOCKING             101
-        /* This prevents the initialisation function from providing mutex
-         * callbacks to the nCipher library. */
-
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st
-        {
-        unsigned int cmd_num; /* The command number */
-        const char *cmd_name; /* The command name itself */
-        const char *cmd_desc; /* A short description of the command */
-        unsigned int cmd_flags; /* The input the command expects */
-        } ENGINE_CMD_DEFN;
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)();
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
-/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-        UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
- * These handlers have these prototypes;
- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
- * Looking at how to implement these handlers in the case of cipher support, if
- * the framework wants the EVP_CIPHER for 'nid', it will call;
- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
- * If the framework wants a list of supported 'nid's, it will call;
- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
- */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
-void ENGINE_load_cswift(void);
-void ENGINE_load_chil(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_nuron(void);
-void ENGINE_load_ubsec(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_sureware(void);
-void ENGINE_load_4758cca(void);
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_builtin_engines(void);
-
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
-
-/* Manage registration of ENGINEs per "table". For each type, there are 3
- * functions;
- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
-
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-                                int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions (and the "get" function lower down) allow control over any
- * per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
-void ENGINE_cleanup(void);
-
-/* These return values from within the ENGINE structure. These can be useful
- * with functional references as well as structural references - it depends
- * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine.  The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-        UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
- * function, this function can result in unnecessary static linkage. If your
- * application requires only specific functionality, consider using more
- * selective functions. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
-
-/* Deprecated functions ... */
-/* int ENGINE_clear_defaults(void); */
-
-/**************************/
-/* DYNAMIC ENGINE SUPPORT */
-/**************************/
-
-/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010200
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010200
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
-typedef struct st_dynamic_MEM_fns {
-        dyn_MEM_malloc_cb                       malloc_cb;
-        dyn_MEM_realloc_cb                      realloc_cb;
-        dyn_MEM_free_cb                         free_cb;
-        } dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependant code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
-                                                const char *,int);
-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
-                                                const char *,int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
-                                                const char *,int);
-typedef struct st_dynamic_LOCK_fns {
-        dyn_lock_locking_cb                     lock_locking_cb;
-        dyn_lock_add_lock_cb                    lock_add_lock_cb;
-        dyn_dynlock_create_cb                   dynlock_create_cb;
-        dyn_dynlock_lock_cb                     dynlock_lock_cb;
-        dyn_dynlock_destroy_cb                  dynlock_destroy_cb;
-        } dynamic_LOCK_fns;
-/* The top-level structure */
-typedef struct st_dynamic_fns {
-        const ERR_FNS                           *err_fns;
-        const CRYPTO_EX_DATA_IMPL               *ex_data_fns;
-        dynamic_MEM_fns                         mem_fns;
-        dynamic_LOCK_fns                        lock_fns;
-        } dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
- * incompatibility and the loaded library doesn't believe it can proceed.
- * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
-        unsigned long v_check(unsigned long v) { \
-                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-                return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
- * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- *    [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-                                const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-                if (ERR_get_implementation() != fns->err_fns) \
-                        { \
-                        if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-                                fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-                                return 0; \
-                        CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-                        CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-                        CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-                        CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-                        CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-                        if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-                                return 0; \
-                        if(!ERR_set_implementation(fns->err_fns)) return 0; \
-                        } \
-                if(!fn(e,id)) return 0; \
-                return 1; }
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ENGINE_strings(void);
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-#define ENGINE_F_DYNAMIC_CTRL                            180
-#define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
-#define ENGINE_F_DYNAMIC_LOAD                            182
-#define ENGINE_F_ENGINE_ADD                              105
-#define ENGINE_F_ENGINE_BY_ID                            106
-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
-#define ENGINE_F_ENGINE_CTRL                             142
-#define ENGINE_F_ENGINE_CTRL_CMD                         178
-#define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
-#define ENGINE_F_ENGINE_FINISH                           107
-#define ENGINE_F_ENGINE_FREE                             108
-#define ENGINE_F_ENGINE_GET_CIPHER                       185
-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
-#define ENGINE_F_ENGINE_GET_DIGEST                       186
-#define ENGINE_F_ENGINE_GET_NEXT                         115
-#define ENGINE_F_ENGINE_GET_PREV                         116
-#define ENGINE_F_ENGINE_INIT                             119
-#define ENGINE_F_ENGINE_LIST_ADD                         120
-#define ENGINE_F_ENGINE_LIST_REMOVE                      121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#define ENGINE_F_ENGINE_MODULE_INIT                      187
-#define ENGINE_F_ENGINE_NEW                              122
-#define ENGINE_F_ENGINE_REMOVE                           123
-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
-#define ENGINE_F_ENGINE_SET_ID                           129
-#define ENGINE_F_ENGINE_SET_NAME                         130
-#define ENGINE_F_ENGINE_TABLE_REGISTER                   184
-#define ENGINE_F_ENGINE_UNLOAD_KEY                       152
-#define ENGINE_F_ENGINE_UP_REF                           190
-#define ENGINE_F_INT_CTRL_HELPER                         172
-#define ENGINE_F_INT_ENGINE_CONFIGURE                    188
-#define ENGINE_F_LOG_MESSAGE                             141
-#define ENGINE_F_SET_DATA_CTX                            183
-
-/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED                          100
-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
-#define ENGINE_R_CMD_NOT_EXECUTABLE                      134
-#define ENGINE_R_COMMAND_TAKES_INPUT                     135
-#define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
-#define ENGINE_R_CONFLICTING_ENGINE_ID                   103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
-#define ENGINE_R_DH_NOT_IMPLEMENTED                      139
-#define ENGINE_R_DSA_NOT_IMPLEMENTED                     140
-#define ENGINE_R_DSO_FAILURE                             104
-#define ENGINE_R_DSO_NOT_FOUND                           132
-#define ENGINE_R_ENGINES_SECTION_ERROR                   148
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
-#define ENGINE_R_ENGINE_SECTION_ERROR                    149
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
-#define ENGINE_R_FINISH_FAILED                           106
-#define ENGINE_R_GET_HANDLE_FAILED                       107
-#define ENGINE_R_ID_OR_NAME_MISSING                      108
-#define ENGINE_R_INIT_FAILED                             109
-#define ENGINE_R_INTERNAL_LIST_ERROR                     110
-#define ENGINE_R_INVALID_ARGUMENT                        143
-#define ENGINE_R_INVALID_CMD_NAME                        137
-#define ENGINE_R_INVALID_CMD_NUMBER                      138
-#define ENGINE_R_INVALID_INIT_VALUE                      151
-#define ENGINE_R_INVALID_STRING                          150
-#define ENGINE_R_NOT_INITIALISED                         117
-#define ENGINE_R_NOT_LOADED                              112
-#define ENGINE_R_NO_CONTROL_FUNCTION                     120
-#define ENGINE_R_NO_INDEX                                144
-#define ENGINE_R_NO_LOAD_FUNCTION                        125
-#define ENGINE_R_NO_REFERENCE                            130
-#define ENGINE_R_NO_SUCH_ENGINE                          116
-#define ENGINE_R_NO_UNLOAD_FUNCTION                      126
-#define ENGINE_R_PROVIDE_PARAMETERS                      113
-#define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
-#define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
-#define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
-#define ENGINE_R_VERSION_INCOMPATIBILITY                 145
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
deleted file mode 100644
index 50b3cec1fa..0000000000
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_CIPHER_DEBUG */
-
-static ENGINE_TABLE *cipher_table = NULL;
-
-void ENGINE_unregister_ciphers(ENGINE *e)
-        {
-        engine_table_unregister(&cipher_table, e);
-        }
-
-static void engine_unregister_all_ciphers(void)
-        {
-        engine_table_cleanup(&cipher_table);
-        }
-
-int ENGINE_register_ciphers(ENGINE *e)
-        {
-        if(e->ciphers)
-                {
-                const int *nids;
-                int num_nids = e->ciphers(e, NULL, &nids, 0);
-                if(num_nids > 0)
-                        return engine_table_register(&cipher_table,
-                                        engine_unregister_all_ciphers, e, nids,
-                                        num_nids, 0);
-                }
-        return 1;
-        }
-
-void ENGINE_register_all_ciphers()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_ciphers(e);
-        }
-
-int ENGINE_set_default_ciphers(ENGINE *e)
-        {
-        if(e->ciphers)
-                {
-                const int *nids;
-                int num_nids = e->ciphers(e, NULL, &nids, 0);
-                if(num_nids > 0)
-                        return engine_table_register(&cipher_table,
-                                        engine_unregister_all_ciphers, e, nids,
-                                        num_nids, 1);
-                }
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
-ENGINE *ENGINE_get_cipher_engine(int nid)
-        {
-        return engine_table_select(&cipher_table, nid);
-        }
-
-/* Obtains a cipher implementation from an ENGINE functional reference */
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
-        {
-        const EVP_CIPHER *ret;
-        ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
-        if(!fn || !fn(e, &ret, NULL, nid))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
-                                ENGINE_R_UNIMPLEMENTED_CIPHER);
-                return NULL;
-                }
-        return ret;
-        }
-
-/* Gets the cipher callback from an ENGINE structure */
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
-        {
-        return e->ciphers;
-        }
-
-/* Sets the cipher callback in an ENGINE structure */
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
-        {
-        e->ciphers = f;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
deleted file mode 100644
index e290e1702b..0000000000
--- a/src/lib/libcrypto/engine/tb_dh.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DH_DEBUG */
-
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DH(ENGINE *e)
-        {
-        engine_table_unregister(&dh_table, e);
-        }
-
-static void engine_unregister_all_DH(void)
-        {
-        engine_table_cleanup(&dh_table);
-        }
-
-int ENGINE_register_DH(ENGINE *e)
-        {
-        if(e->dh_meth)
-                return engine_table_register(&dh_table,
-                                engine_unregister_all_DH, e, &dummy_nid, 1, 0);
-        return 1;
-        }
-
-void ENGINE_register_all_DH()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_DH(e);
-        }
-
-int ENGINE_set_default_DH(ENGINE *e)
-        {
-        if(e->dh_meth)
-                return engine_table_register(&dh_table,
-                                engine_unregister_all_DH, e, &dummy_nid, 1, 1);
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DH(void)
-        {
-        return engine_table_select(&dh_table, dummy_nid);
-        }
-
-/* Obtains an DH implementation from an ENGINE functional reference */
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
-        {
-        return e->dh_meth;
-        }
-
-/* Sets an DH implementation in an ENGINE structure */
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-        {
-        e->dh_meth = dh_meth;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
deleted file mode 100644
index e82d2a17c9..0000000000
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DIGEST_DEBUG */
-
-static ENGINE_TABLE *digest_table = NULL;
-
-void ENGINE_unregister_digests(ENGINE *e)
-        {
-        engine_table_unregister(&digest_table, e);
-        }
-
-static void engine_unregister_all_digests(void)
-        {
-        engine_table_cleanup(&digest_table);
-        }
-
-int ENGINE_register_digests(ENGINE *e)
-        {
-        if(e->digests)
-                {
-                const int *nids;
-                int num_nids = e->digests(e, NULL, &nids, 0);
-                if(num_nids > 0)
-                        return engine_table_register(&digest_table,
-                                        engine_unregister_all_digests, e, nids,
-                                        num_nids, 0);
-                }
-        return 1;
-        }
-
-void ENGINE_register_all_digests()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_digests(e);
-        }
-
-int ENGINE_set_default_digests(ENGINE *e)
-        {
-        if(e->digests)
-                {
-                const int *nids;
-                int num_nids = e->digests(e, NULL, &nids, 0);
-                if(num_nids > 0)
-                        return engine_table_register(&digest_table,
-                                        engine_unregister_all_digests, e, nids,
-                                        num_nids, 1);
-                }
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
-ENGINE *ENGINE_get_digest_engine(int nid)
-        {
-        return engine_table_select(&digest_table, nid);
-        }
-
-/* Obtains a digest implementation from an ENGINE functional reference */
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
-        {
-        const EVP_MD *ret;
-        ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
-        if(!fn || !fn(e, &ret, NULL, nid))
-                {
-                ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
-                                ENGINE_R_UNIMPLEMENTED_DIGEST);
-                return NULL;
-                }
-        return ret;
-        }
-
-/* Gets the digest callback from an ENGINE structure */
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
-        {
-        return e->digests;
-        }
-
-/* Sets the digest callback in an ENGINE structure */
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
-        {
-        e->digests = f;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
deleted file mode 100644
index 7efe181927..0000000000
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DSA_DEBUG */
-
-static ENGINE_TABLE *dsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DSA(ENGINE *e)
-        {
-        engine_table_unregister(&dsa_table, e);
-        }
-
-static void engine_unregister_all_DSA(void)
-        {
-        engine_table_cleanup(&dsa_table);
-        }
-
-int ENGINE_register_DSA(ENGINE *e)
-        {
-        if(e->dsa_meth)
-                return engine_table_register(&dsa_table,
-                                engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
-        return 1;
-        }
-
-void ENGINE_register_all_DSA()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_DSA(e);
-        }
-
-int ENGINE_set_default_DSA(ENGINE *e)
-        {
-        if(e->dsa_meth)
-                return engine_table_register(&dsa_table,
-                                engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DSA(void)
-        {
-        return engine_table_select(&dsa_table, dummy_nid);
-        }
-
-/* Obtains an DSA implementation from an ENGINE functional reference */
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
-        {
-        return e->dsa_meth;
-        }
-
-/* Sets an DSA implementation in an ENGINE structure */
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-        {
-        e->dsa_meth = dsa_meth;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
deleted file mode 100644
index 69b67111bc..0000000000
--- a/src/lib/libcrypto/engine/tb_rand.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RAND_DEBUG */
-
-static ENGINE_TABLE *rand_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RAND(ENGINE *e)
-        {
-        engine_table_unregister(&rand_table, e);
-        }
-
-static void engine_unregister_all_RAND(void)
-        {
-        engine_table_cleanup(&rand_table);
-        }
-
-int ENGINE_register_RAND(ENGINE *e)
-        {
-        if(e->rand_meth)
-                return engine_table_register(&rand_table,
-                                engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
-        return 1;
-        }
-
-void ENGINE_register_all_RAND()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_RAND(e);
-        }
-
-int ENGINE_set_default_RAND(ENGINE *e)
-        {
-        if(e->rand_meth)
-                return engine_table_register(&rand_table,
-                                engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RAND(void)
-        {
-        return engine_table_select(&rand_table, dummy_nid);
-        }
-
-/* Obtains an RAND implementation from an ENGINE functional reference */
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
-        {
-        return e->rand_meth;
-        }
-
-/* Sets an RAND implementation in an ENGINE structure */
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-        {
-        e->rand_meth = rand_meth;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
deleted file mode 100644
index fee4867f52..0000000000
--- a/src/lib/libcrypto/engine/tb_rsa.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RSA_DEBUG */
-
-static ENGINE_TABLE *rsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RSA(ENGINE *e)
-        {
-        engine_table_unregister(&rsa_table, e);
-        }
-
-static void engine_unregister_all_RSA(void)
-        {
-        engine_table_cleanup(&rsa_table);
-        }
-
-int ENGINE_register_RSA(ENGINE *e)
-        {
-        if(e->rsa_meth)
-                return engine_table_register(&rsa_table,
-                                engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
-        return 1;
-        }
-
-void ENGINE_register_all_RSA()
-        {
-        ENGINE *e;
-
-        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_RSA(e);
-        }
-
-int ENGINE_set_default_RSA(ENGINE *e)
-        {
-        if(e->rsa_meth)
-                return engine_table_register(&rsa_table,
-                                engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
-        return 1;
-        }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RSA(void)
-        {
-        return engine_table_select(&rsa_table, dummy_nid);
-        }
-
-/* Obtains an RSA implementation from an ENGINE functional reference */
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
-        {
-        return e->rsa_meth;
-        }
-
-/* Sets an RSA implementation in an ENGINE structure */
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-        {
-        e->rsa_meth = rsa_meth;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
deleted file mode 100644
index 53687d79ab..0000000000
--- a/src/lib/libcrypto/err/err.c
+++ /dev/null
@@ -1,1079 +0,0 @@
-/* crypto/err/err.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
-
-static void ERR_STATE_free(ERR_STATE *s);
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ERR_str_libraries[]=
-        {
-{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
-{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
-{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
-{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
-{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
-{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
-{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
-{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
-{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
-{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
-{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
-{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
-{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
-{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
-{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
-{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
-{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
-{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
-{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
-{0,NULL},
-        };
-
-static ERR_STRING_DATA ERR_str_functs[]=
-        {
-        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
-        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
-        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
-        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
-        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
-        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
-        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
-        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
-#ifdef OPENSSL_SYS_WINDOWS
-        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
-#endif
-        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
-        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
-        {ERR_PACK(0,SYS_F_GETADDRINFO,0),       "getaddrinfo"},
-        {0,NULL},
-        };
-
-static ERR_STRING_DATA ERR_str_reasons[]=
-        {
-{ERR_R_SYS_LIB                          ,"system lib"},
-{ERR_R_BN_LIB                           ,"BN lib"},
-{ERR_R_RSA_LIB                          ,"RSA lib"},
-{ERR_R_DH_LIB                           ,"DH lib"},
-{ERR_R_EVP_LIB                          ,"EVP lib"},
-{ERR_R_BUF_LIB                          ,"BUF lib"},
-{ERR_R_OBJ_LIB                          ,"OBJ lib"},
-{ERR_R_PEM_LIB                          ,"PEM lib"},
-{ERR_R_DSA_LIB                          ,"DSA lib"},
-{ERR_R_X509_LIB                         ,"X509 lib"},
-{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
-{ERR_R_CONF_LIB                         ,"CONF lib"},
-{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
-{ERR_R_EC_LIB                           ,"EC lib"},
-{ERR_R_SSL_LIB                          ,"SSL lib"},
-{ERR_R_BIO_LIB                          ,"BIO lib"},
-{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
-{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
-{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
-{ERR_R_RAND_LIB                         ,"RAND lib"},
-{ERR_R_DSO_LIB                          ,"DSO lib"},
-{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
-{ERR_R_OCSP_LIB                         ,"OCSP lib"},
-
-{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
-{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
-{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
-{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
-{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
-
-{ERR_R_FATAL                            ,"fatal"},
-{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
-{ERR_R_INTERNAL_ERROR                   ,"internal error"},
-
-{0,NULL},
-        };
-#endif
-
-
-/* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS
-        {
-        /* Works on the "error_hash" string table */
-        LHASH *(*cb_err_get)(int create);
-        void (*cb_err_del)(void);
-        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
-        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
-        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
-        /* Works on the "thread_hash" error-state table */
-        LHASH *(*cb_thread_get)(int create);
-        void (*cb_thread_release)(LHASH **hash);
-        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
-        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
-        void (*cb_thread_del_item)(const ERR_STATE *);
-        /* Returns the next available error "library" numbers */
-        int (*cb_get_next_lib)(void);
-        };
-
-/* Predeclarations of the "err_defaults" functions */
-static LHASH *int_err_get(int create);
-static void int_err_del(void);
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
-static LHASH *int_thread_get(int create);
-static void int_thread_release(LHASH **hash);
-static ERR_STATE *int_thread_get_item(const ERR_STATE *);
-static ERR_STATE *int_thread_set_item(ERR_STATE *);
-static void int_thread_del_item(const ERR_STATE *);
-static int int_err_get_next_lib(void);
-/* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults =
-        {
-        int_err_get,
-        int_err_del,
-        int_err_get_item,
-        int_err_set_item,
-        int_err_del_item,
-        int_thread_get,
-        int_thread_release,
-        int_thread_get_item,
-        int_thread_set_item,
-        int_thread_del_item,
-        int_err_get_next_lib
-        };
-
-/* The replacable table of ERR_FNS functions we use at run-time */
-static const ERR_FNS *err_fns = NULL;
-
-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
-#define ERRFN(a) err_fns->cb_##a
-
-/* The internal state used by "err_defaults" - as such, the setting, reading,
- * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer all
- * ERR state operation (together with requisite locking) to the implementations
- * and state in the loading application. */
-static LHASH *int_error_hash = NULL;
-static LHASH *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
-static int int_err_library_number= ERR_LIB_USER;
-
-/* Internal function that checks whether "err_fns" is set and if not, sets it to
- * the defaults. */
-static void err_fns_check(void)
-        {
-        if (err_fns) return;
-        
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        if (!err_fns)
-                err_fns = &err_defaults;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-        }
-
-/* API functions to get or set the underlying ERR functions. */
-
-const ERR_FNS *ERR_get_implementation(void)
-        {
-        err_fns_check();
-        return err_fns;
-        }
-
-int ERR_set_implementation(const ERR_FNS *fns)
-        {
-        int ret = 0;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
-         * an error is there?! */
-        if (!err_fns)
-                {
-                err_fns = fns;
-                ret = 1;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-        return ret;
-        }
-
-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
- * internal to the "err_defaults" implementation. */
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a); */
-static unsigned long err_hash(const void *a_void);
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
-static int err_cmp(const void *a_void, const void *b_void);
-/* static unsigned long pid_hash(ERR_STATE *pid); */
-static unsigned long pid_hash(const void *pid_void);
-/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
-static int pid_cmp(const void *a_void,const void *pid_void);
-static unsigned long get_error_values(int inc,int top,const char **file,int *line,
-                                      const char **data,int *flags);
-
-/* The internal functions used in the "err_defaults" implementation */
-
-static LHASH *int_err_get(int create)
-        {
-        LHASH *ret = NULL;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        if (!int_error_hash && create)
-                {
-                CRYPTO_push_info("int_err_get (err.c)");
-                int_error_hash = lh_new(err_hash, err_cmp);
-                CRYPTO_pop_info();
-                }
-        if (int_error_hash)
-                ret = int_error_hash;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        return ret;
-        }
-
-static void int_err_del(void)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        if (int_error_hash)
-                {
-                lh_free(int_error_hash);
-                int_error_hash = NULL;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-        }
-
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
-        {
-        ERR_STRING_DATA *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(err_get)(0);
-        if (!hash)
-                return NULL;
-
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
-        return p;
-        }
-
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
-        {
-        ERR_STRING_DATA *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(err_get)(1);
-        if (!hash)
-                return NULL;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STRING_DATA *)lh_insert(hash, d);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        return p;
-        }
-
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
-        {
-        ERR_STRING_DATA *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(err_get)(0);
-        if (!hash)
-                return NULL;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STRING_DATA *)lh_delete(hash, d);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        return p;
-        }
-
-static LHASH *int_thread_get(int create)
-        {
-        LHASH *ret = NULL;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        if (!int_thread_hash && create)
-                {
-                CRYPTO_push_info("int_thread_get (err.c)");
-                int_thread_hash = lh_new(pid_hash, pid_cmp);
-                CRYPTO_pop_info();
-                }
-        if (int_thread_hash)
-                {
-                int_thread_hash_references++;
-                ret = int_thread_hash;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-        return ret;
-        }
-
-static void int_thread_release(LHASH **hash)
-        {
-        int i;
-
-        if (hash == NULL || *hash == NULL)
-                return;
-
-        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
-        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"int_thread_release, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-        *hash = NULL;
-        }
-
-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
-        {
-        ERR_STATE *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(thread_get)(0);
-        if (!hash)
-                return NULL;
-
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STATE *)lh_retrieve(hash, d);
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
-        ERRFN(thread_release)(&hash);
-        return p;
-        }
-
-static ERR_STATE *int_thread_set_item(ERR_STATE *d)
-        {
-        ERR_STATE *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(thread_get)(1);
-        if (!hash)
-                return NULL;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STATE *)lh_insert(hash, d);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        ERRFN(thread_release)(&hash);
-        return p;
-        }
-
-static void int_thread_del_item(const ERR_STATE *d)
-        {
-        ERR_STATE *p;
-        LHASH *hash;
-
-        err_fns_check();
-        hash = ERRFN(thread_get)(0);
-        if (!hash)
-                return;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        p = (ERR_STATE *)lh_delete(hash, d);
-        /* make sure we don't leak memory */
-        if (int_thread_hash_references == 1
-                && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
-                {
-                lh_free(int_thread_hash);
-                int_thread_hash = NULL;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        ERRFN(thread_release)(&hash);
-        if (p)
-                ERR_STATE_free(p);
-        }
-
-static int int_err_get_next_lib(void)
-        {
-        int ret;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        ret = int_err_library_number++;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-        return ret;
-        }
-
-
-#ifndef OPENSSL_NO_ERR
-#define NUM_SYS_STR_REASONS 127
-#define LEN_SYS_STR_REASON 32
-
-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-/* SYS_str_reasons is filled with copies of strerror() results at
- * initialization.
- * 'errno' values up to 127 should cover all usual errors,
- * others will be displayed numerically by ERR_error_string.
- * It is crucial that we have something for each reason code
- * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr(), which always gets an errno
- * value and never one of those 'standard' reason codes. */
-
-static void build_SYS_str_reasons()
-        {
-        /* OPENSSL_malloc cannot be used here, use static storage instead */
-        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
-        int i;
-        static int init = 1;
-
-        if (!init) return;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-
-        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
-                {
-                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
-
-                str->error = (unsigned long)i;
-                if (str->string == NULL)
-                        {
-                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-                        char *src = strerror(i);
-                        if (src != NULL)
-                                {
-                                strncpy(*dest, src, sizeof *dest);
-                                (*dest)[sizeof *dest - 1] = '\0';
-                                str->string = *dest;
-                                }
-                        }
-                if (str->string == NULL)
-                        str->string = "unknown";
-                }
-
-        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
-         * as required by ERR_load_strings. */
-
-        init = 0;
-        
-        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-        }
-#endif
-
-#define err_clear_data(p,i) \
-        if (((p)->err_data[i] != NULL) && \
-                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-                {  \
-                OPENSSL_free((p)->err_data[i]); \
-                (p)->err_data[i]=NULL; \
-                } \
-        (p)->err_data_flags[i]=0;
-
-static void ERR_STATE_free(ERR_STATE *s)
-        {
-        int i;
-
-        if (s == NULL)
-            return;
-
-        for (i=0; i<ERR_NUM_ERRORS; i++)
-                {
-                err_clear_data(s,i);
-                }
-        OPENSSL_free(s);
-        }
-
-void ERR_load_ERR_strings(void)
-        {
-        err_fns_check();
-#ifndef OPENSSL_NO_ERR
-        err_load_strings(0,ERR_str_libraries);
-        err_load_strings(0,ERR_str_reasons);
-        err_load_strings(ERR_LIB_SYS,ERR_str_functs);
-        build_SYS_str_reasons();
-        err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
-#endif
-        }
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
-        {
-        while (str->error)
-                {
-                if (lib)
-                        str->error|=ERR_PACK(lib,0,0);
-                ERRFN(err_set_item)(str);
-                str++;
-                }
-        }
-
-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
-        {
-        ERR_load_ERR_strings();
-        err_load_strings(lib, str);
-        }
-
-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
-        {
-        while (str->error)
-                {
-                if (lib)
-                        str->error|=ERR_PACK(lib,0,0);
-                ERRFN(err_del_item)(str);
-                str++;
-                }
-        }
-
-void ERR_free_strings(void)
-        {
-        err_fns_check();
-        ERRFN(err_del)();
-        }
-
-/********************************************************/
-
-void ERR_put_error(int lib, int func, int reason, const char *file,
-             int line)
-        {
-        ERR_STATE *es;
-
-#ifdef _OSD_POSIX
-        /* In the BS2000-OSD POSIX subsystem, the compiler generates
-         * path names in the form "*POSIX(/etc/passwd)".
-         * This dirty hack strips them to something sensible.
-         * @@@ We shouldn't modify a const string, though.
-         */
-        if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
-                char *end;
-
-                /* Skip the "*POSIX(" prefix */
-                file += sizeof("*POSIX(")-1;
-                end = &file[strlen(file)-1];
-                if (*end == ')')
-                        *end = '\0';
-                /* Optional: use the basename of the path only. */
-                if ((end = strrchr(file, '/')) != NULL)
-                        file = &end[1];
-        }
-#endif
-        es=ERR_get_state();
-
-        es->top=(es->top+1)%ERR_NUM_ERRORS;
-        if (es->top == es->bottom)
-                es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
-        es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
-        es->err_file[es->top]=file;
-        es->err_line[es->top]=line;
-        err_clear_data(es,es->top);
-        }
-
-void ERR_clear_error(void)
-        {
-        int i;
-        ERR_STATE *es;
-
-        es=ERR_get_state();
-
-        for (i=0; i<ERR_NUM_ERRORS; i++)
-                {
-                es->err_buffer[i]=0;
-                err_clear_data(es,i);
-                es->err_file[i]=NULL;
-                es->err_line[i]= -1;
-                }
-        es->top=es->bottom=0;
-        }
-
-
-unsigned long ERR_get_error(void)
-        { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_get_error_line(const char **file,
-             int *line)
-        { return(get_error_values(1,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_get_error_line_data(const char **file, int *line,
-             const char **data, int *flags)
-        { return(get_error_values(1,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_error(void)
-        { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line(const char **file, int *line)
-        { return(get_error_values(0,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line_data(const char **file, int *line,
-             const char **data, int *flags)
-        { return(get_error_values(0,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_last_error(void)
-        { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line(const char **file, int *line)
-        { return(get_error_values(0,1,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
-             const char **data, int *flags)
-        { return(get_error_values(0,1,file,line,data,flags)); }
-
-
-static unsigned long get_error_values(int inc, int top, const char **file, int *line,
-             const char **data, int *flags)
-        {       
-        int i=0;
-        ERR_STATE *es;
-        unsigned long ret;
-
-        es=ERR_get_state();
-
-        if (inc && top)
-                {
-                if (file) *file = "";
-                if (line) *line = 0;
-                if (data) *data = "";
-                if (flags) *flags = 0;
-                        
-                return ERR_R_INTERNAL_ERROR;
-                }
-
-        if (es->bottom == es->top) return 0;
-        if (top)
-                i=es->top;                       /* last error */
-        else
-                i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
-
-        ret=es->err_buffer[i];
-        if (inc)
-                {
-                es->bottom=i;
-                es->err_buffer[i]=0;
-                }
-
-        if ((file != NULL) && (line != NULL))
-                {
-                if (es->err_file[i] == NULL)
-                        {
-                        *file="NA";
-                        if (line != NULL) *line=0;
-                        }
-                else
-                        {
-                        *file=es->err_file[i];
-                        if (line != NULL) *line=es->err_line[i];
-                        }
-                }
-
-        if (data == NULL)
-                {
-                if (inc)
-                        {
-                        err_clear_data(es, i);
-                        }
-                }
-        else
-                {
-                if (es->err_data[i] == NULL)
-                        {
-                        *data="";
-                        if (flags != NULL) *flags=0;
-                        }
-                else
-                        {
-                        *data=es->err_data[i];
-                        if (flags != NULL) *flags=es->err_data_flags[i];
-                        }
-                }
-        return ret;
-        }
-
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
-        {
-        char lsbuf[64], fsbuf[64], rsbuf[64];
-        const char *ls,*fs,*rs;
-        unsigned long l,f,r;
-
-        l=ERR_GET_LIB(e);
-        f=ERR_GET_FUNC(e);
-        r=ERR_GET_REASON(e);
-
-        ls=ERR_lib_error_string(e);
-        fs=ERR_func_error_string(e);
-        rs=ERR_reason_error_string(e);
-
-        if (ls == NULL) 
-                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-        if (fs == NULL)
-                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-        if (rs == NULL)
-                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-
-        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
-                fs?fs:fsbuf, rs?rs:rsbuf);
-        if (strlen(buf) == len-1)
-                {
-                /* output may be truncated; make sure we always have 5 
-                 * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
-                if (len > NUM_COLONS) /* ... if possible */
-                        {
-                        int i;
-                        char *s = buf;
-                        
-                        for (i = 0; i < NUM_COLONS; i++)
-                                {
-                                char *colon = strchr(s, ':');
-                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
-                                        {
-                                        /* set colon no. i at last possible position
-                                         * (buf[len-1] is the terminating 0)*/
-                                        colon = &buf[len-1] - NUM_COLONS + i;
-                                        *colon = ':';
-                                        }
-                                s = colon + 1;
-                                }
-                        }
-                }
-        }
-
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
-        {
-        static char buf[256];
-
-        if (ret == NULL) ret=buf;
-        ERR_error_string_n(e, ret, 256);
-
-        return ret;
-        }
-
-LHASH *ERR_get_string_table(void)
-        {
-        err_fns_check();
-        return ERRFN(err_get)(0);
-        }
-
-LHASH *ERR_get_err_state_table(void)
-        {
-        err_fns_check();
-        return ERRFN(thread_get)(0);
-        }
-
-void ERR_release_err_state_table(LHASH **hash)
-        {
-        err_fns_check();
-        ERRFN(thread_release)(hash);
-        }
-
-const char *ERR_lib_error_string(unsigned long e)
-        {
-        ERR_STRING_DATA d,*p;
-        unsigned long l;
-
-        err_fns_check();
-        l=ERR_GET_LIB(e);
-        d.error=ERR_PACK(l,0,0);
-        p=ERRFN(err_get_item)(&d);
-        return((p == NULL)?NULL:p->string);
-        }
-
-const char *ERR_func_error_string(unsigned long e)
-        {
-        ERR_STRING_DATA d,*p;
-        unsigned long l,f;
-
-        err_fns_check();
-        l=ERR_GET_LIB(e);
-        f=ERR_GET_FUNC(e);
-        d.error=ERR_PACK(l,f,0);
-        p=ERRFN(err_get_item)(&d);
-        return((p == NULL)?NULL:p->string);
-        }
-
-const char *ERR_reason_error_string(unsigned long e)
-        {
-        ERR_STRING_DATA d,*p=NULL;
-        unsigned long l,r;
-
-        err_fns_check();
-        l=ERR_GET_LIB(e);
-        r=ERR_GET_REASON(e);
-        d.error=ERR_PACK(l,0,r);
-        p=ERRFN(err_get_item)(&d);
-        if (!p)
-                {
-                d.error=ERR_PACK(0,0,r);
-                p=ERRFN(err_get_item)(&d);
-                }
-        return((p == NULL)?NULL:p->string);
-        }
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a) */
-static unsigned long err_hash(const void *a_void)
-        {
-        unsigned long ret,l;
-
-        l=((ERR_STRING_DATA *)a_void)->error;
-        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
-        return(ret^ret%19*13);
-        }
-
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
-static int err_cmp(const void *a_void, const void *b_void)
-        {
-        return((int)(((ERR_STRING_DATA *)a_void)->error -
-                        ((ERR_STRING_DATA *)b_void)->error));
-        }
-
-/* static unsigned long pid_hash(ERR_STATE *a) */
-static unsigned long pid_hash(const void *a_void)
-        {
-        return(((ERR_STATE *)a_void)->pid*13);
-        }
-
-/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
-static int pid_cmp(const void *a_void, const void *b_void)
-        {
-        return((int)((long)((ERR_STATE *)a_void)->pid -
-                        (long)((ERR_STATE *)b_void)->pid));
-        }
-
-void ERR_remove_state(unsigned long pid)
-        {
-        ERR_STATE tmp;
-
-        err_fns_check();
-        if (pid == 0)
-                pid=(unsigned long)CRYPTO_thread_id();
-        tmp.pid=pid;
-        /* thread_del_item automatically destroys the LHASH if the number of
-         * items reaches zero. */
-        ERRFN(thread_del_item)(&tmp);
-        }
-
-ERR_STATE *ERR_get_state(void)
-        {
-        static ERR_STATE fallback;
-        ERR_STATE *ret,tmp,*tmpp=NULL;
-        int i;
-        unsigned long pid;
-
-        err_fns_check();
-        pid=(unsigned long)CRYPTO_thread_id();
-        tmp.pid=pid;
-        ret=ERRFN(thread_get_item)(&tmp);
-
-        /* ret == the error state, if NULL, make a new one */
-        if (ret == NULL)
-                {
-                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
-                if (ret == NULL) return(&fallback);
-                ret->pid=pid;
-                ret->top=0;
-                ret->bottom=0;
-                for (i=0; i<ERR_NUM_ERRORS; i++)
-                        {
-                        ret->err_data[i]=NULL;
-                        ret->err_data_flags[i]=0;
-                        }
-                tmpp = ERRFN(thread_set_item)(ret);
-                /* To check if insertion failed, do a get. */
-                if (ERRFN(thread_get_item)(ret) != ret)
-                        {
-                        ERR_STATE_free(ret); /* could not insert it */
-                        return(&fallback);
-                        }
-                /* If a race occured in this function and we came second, tmpp
-                 * is the first one that we just replaced. */
-                if (tmpp)
-                        ERR_STATE_free(tmpp);
-                }
-        return ret;
-        }
-
-int ERR_get_next_error_library(void)
-        {
-        err_fns_check();
-        return ERRFN(get_next_lib)();
-        }
-
-void ERR_set_error_data(char *data, int flags)
-        {
-        ERR_STATE *es;
-        int i;
-
-        es=ERR_get_state();
-
-        i=es->top;
-        if (i == 0)
-                i=ERR_NUM_ERRORS-1;
-
-        err_clear_data(es,i);
-        es->err_data[i]=data;
-        es->err_data_flags[i]=flags;
-        }
-
-void ERR_add_error_data(int num, ...)
-        {
-        va_list args;
-        int i,n,s;
-        char *str,*p,*a;
-
-        s=80;
-        str=OPENSSL_malloc(s+1);
-        if (str == NULL) return;
-        str[0]='\0';
-
-        va_start(args, num);
-        n=0;
-        for (i=0; i<num; i++)
-                {
-                a=va_arg(args, char*);
-                /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
-                if (a != NULL)
-                        {
-                        n+=strlen(a);
-                        if (n > s)
-                                {
-                                s=n+20;
-                                p=OPENSSL_realloc(str,s+1);
-                                if (p == NULL)
-                                        {
-                                        OPENSSL_free(str);
-                                        goto err;
-                                        }
-                                else
-                                        str=p;
-                                }
-                        BUF_strlcat(str,a,s+1);
-                        }
-                }
-        ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
-
-err:
-        va_end(args);
-        }
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
deleted file mode 100644
index 2efa18866a..0000000000
--- a/src/lib/libcrypto/err/err.h
+++ /dev/null
@@ -1,302 +0,0 @@
-/* crypto/err/err.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ERR_H
-#define HEADER_ERR_H
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#include <stdlib.h>
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_NO_ERR
-#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
-#else
-#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
-#endif
-
-#include <errno.h>
-
-#define ERR_TXT_MALLOCED        0x01
-#define ERR_TXT_STRING          0x02
-
-#define ERR_NUM_ERRORS  16
-typedef struct err_state_st
-        {
-        unsigned long pid;
-        unsigned long err_buffer[ERR_NUM_ERRORS];
-        char *err_data[ERR_NUM_ERRORS];
-        int err_data_flags[ERR_NUM_ERRORS];
-        const char *err_file[ERR_NUM_ERRORS];
-        int err_line[ERR_NUM_ERRORS];
-        int top,bottom;
-        } ERR_STATE;
-
-/* library */
-#define ERR_LIB_NONE            1
-#define ERR_LIB_SYS             2
-#define ERR_LIB_BN              3
-#define ERR_LIB_RSA             4
-#define ERR_LIB_DH              5
-#define ERR_LIB_EVP             6
-#define ERR_LIB_BUF             7
-#define ERR_LIB_OBJ             8
-#define ERR_LIB_PEM             9
-#define ERR_LIB_DSA             10
-#define ERR_LIB_X509            11
-/* #define ERR_LIB_METH         12 */
-#define ERR_LIB_ASN1            13
-#define ERR_LIB_CONF            14
-#define ERR_LIB_CRYPTO          15
-#define ERR_LIB_EC              16
-#define ERR_LIB_SSL             20
-/* #define ERR_LIB_SSL23        21 */
-/* #define ERR_LIB_SSL2         22 */
-/* #define ERR_LIB_SSL3         23 */
-/* #define ERR_LIB_RSAREF       30 */
-/* #define ERR_LIB_PROXY        31 */
-#define ERR_LIB_BIO             32
-#define ERR_LIB_PKCS7           33
-#define ERR_LIB_X509V3          34
-#define ERR_LIB_PKCS12          35
-#define ERR_LIB_RAND            36
-#define ERR_LIB_DSO             37
-#define ERR_LIB_ENGINE          38
-#define ERR_LIB_OCSP            39
-#define ERR_LIB_UI              40
-#define ERR_LIB_COMP            41
-#define ERR_LIB_FIPS            42
-
-#define ERR_LIB_USER            128
-
-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-
-/* Borland C seems too stupid to be able to shift and do longs in
- * the pre-processor :-( */
-#define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)*0x1000000)| \
-                                ((((unsigned long)f)&0xfffL)*0x1000)| \
-                                ((((unsigned long)r)&0xfffL)))
-#define ERR_GET_LIB(l)          (int)((((unsigned long)l)>>24L)&0xffL)
-#define ERR_GET_FUNC(l)         (int)((((unsigned long)l)>>12L)&0xfffL)
-#define ERR_GET_REASON(l)       (int)((l)&0xfffL)
-#define ERR_FATAL_ERROR(l)      (int)((l)&ERR_R_FATAL)
-
-
-/* OS functions */
-#define SYS_F_FOPEN             1
-#define SYS_F_CONNECT           2
-#define SYS_F_GETSERVBYNAME     3
-#define SYS_F_SOCKET            4
-#define SYS_F_IOCTLSOCKET       5
-#define SYS_F_BIND              6
-#define SYS_F_LISTEN            7
-#define SYS_F_ACCEPT            8
-#define SYS_F_WSASTARTUP        9 /* Winsock stuff */
-#define SYS_F_OPENDIR           10
-#define SYS_F_FREAD             11
-#define SYS_F_GETADDRINFO       12
-
-
-/* reasons */
-#define ERR_R_SYS_LIB   ERR_LIB_SYS       /* 2 */
-#define ERR_R_BN_LIB    ERR_LIB_BN        /* 3 */
-#define ERR_R_RSA_LIB   ERR_LIB_RSA       /* 4 */
-#define ERR_R_DH_LIB    ERR_LIB_DH        /* 5 */
-#define ERR_R_EVP_LIB   ERR_LIB_EVP       /* 6 */
-#define ERR_R_BUF_LIB   ERR_LIB_BUF       /* 7 */
-#define ERR_R_OBJ_LIB   ERR_LIB_OBJ       /* 8 */
-#define ERR_R_PEM_LIB   ERR_LIB_PEM       /* 9 */
-#define ERR_R_DSA_LIB   ERR_LIB_DSA      /* 10 */
-#define ERR_R_X509_LIB  ERR_LIB_X509     /* 11 */
-#define ERR_R_ASN1_LIB  ERR_LIB_ASN1     /* 13 */
-#define ERR_R_CONF_LIB  ERR_LIB_CONF     /* 14 */
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
-#define ERR_R_EC_LIB    ERR_LIB_EC       /* 16 */
-#define ERR_R_SSL_LIB   ERR_LIB_SSL      /* 20 */
-#define ERR_R_BIO_LIB   ERR_LIB_BIO      /* 32 */
-#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7    /* 33 */
-#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
-#define ERR_R_RAND_LIB  ERR_LIB_RAND     /* 36 */
-#define ERR_R_DSO_LIB   ERR_LIB_DSO      /* 37 */
-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
-#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
-#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
-#define ERR_R_COMP_LIB  ERR_LIB_COMP     /* 41 */
-
-#define ERR_R_NESTED_ASN1_ERROR                 58
-#define ERR_R_BAD_ASN1_OBJECT_HEADER            59
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL          60
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE        61
-#define ERR_R_ASN1_LENGTH_MISMATCH              62
-#define ERR_R_MISSING_ASN1_EOS                  63
-
-/* fatal error */
-#define ERR_R_FATAL                             64
-#define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
-#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
-#define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
-#define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
-
-/* 99 is the maximum possible ERR_R_... code, higher values
- * are reserved for the individual libraries */
-
-
-typedef struct ERR_string_data_st
-        {
-        unsigned long error;
-        const char *string;
-        } ERR_STRING_DATA;
-
-void ERR_put_error(int lib, int func,int reason,const char *file,int line);
-void ERR_set_error_data(char *data,int flags);
-
-unsigned long ERR_get_error(void);
-unsigned long ERR_get_error_line(const char **file,int *line);
-unsigned long ERR_get_error_line_data(const char **file,int *line,
-                                      const char **data, int *flags);
-unsigned long ERR_peek_error(void);
-unsigned long ERR_peek_error_line(const char **file,int *line);
-unsigned long ERR_peek_error_line_data(const char **file,int *line,
-                                       const char **data,int *flags);
-unsigned long ERR_peek_last_error(void);
-unsigned long ERR_peek_last_error_line(const char **file,int *line);
-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
-                                       const char **data,int *flags);
-void ERR_clear_error(void );
-char *ERR_error_string(unsigned long e,char *buf);
-void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
-const char *ERR_reason_error_string(unsigned long e);
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-                         void *u);
-#ifndef OPENSSL_NO_FP_API
-void ERR_print_errors_fp(FILE *fp);
-#endif
-#ifndef OPENSSL_NO_BIO
-void ERR_print_errors(BIO *bp);
-void ERR_add_error_data(int num, ...);
-#endif
-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void);
-void ERR_load_crypto_strings(void);
-void ERR_free_strings(void);
-
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-ERR_STATE *ERR_get_state(void);
-
-#ifndef OPENSSL_NO_LHASH
-LHASH *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
-#endif
-
-int ERR_get_next_error_library(void);
-
-/* This opaque type encapsulates the low-level error-state functions */
-typedef struct st_ERR_FNS ERR_FNS;
-/* An application can use this function and provide the return value to loaded
- * modules that should use the application's ERR state/functionality */
-const ERR_FNS *ERR_get_implementation(void);
-/* A loaded module should call this function prior to any ERR operations using
- * the application's "ERR_FNS". */
-int ERR_set_implementation(const ERR_FNS *fns);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
deleted file mode 100644
index 4dc9300892..0000000000
--- a/src/lib/libcrypto/err/err_all.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* crypto/err/err_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem2.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/conf.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
-#include <openssl/dso.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-void ERR_load_crypto_strings(void)
-        {
-        static int done=0;
-
-        if (done) return;
-        done=1;
-#ifndef OPENSSL_NO_ERR
-        ERR_load_ERR_strings(); /* include error strings for SYSerr */
-        ERR_load_BN_strings();
-#ifndef OPENSSL_NO_RSA
-        ERR_load_RSA_strings();
-#endif
-#ifndef OPENSSL_NO_DH
-        ERR_load_DH_strings();
-#endif
-        ERR_load_EVP_strings();
-        ERR_load_BUF_strings();
-        ERR_load_OBJ_strings();
-        ERR_load_PEM_strings();
-#ifndef OPENSSL_NO_DSA
-        ERR_load_DSA_strings();
-#endif
-        ERR_load_X509_strings();
-        ERR_load_ASN1_strings();
-        ERR_load_CONF_strings();
-        ERR_load_CRYPTO_strings();
-#ifndef OPENSSL_NO_EC
-        ERR_load_EC_strings();
-#endif
-        /* skip ERR_load_SSL_strings() because it is not in this library */
-        ERR_load_BIO_strings();
-        ERR_load_PKCS7_strings();       
-        ERR_load_X509V3_strings();
-        ERR_load_PKCS12_strings();
-        ERR_load_RAND_strings();
-        ERR_load_DSO_strings();
-#ifndef OPENSSL_NO_ENGINE
-        ERR_load_ENGINE_strings();
-#endif
-        ERR_load_OCSP_strings();
-        ERR_load_UI_strings();
-#endif
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
-        }
diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c
deleted file mode 100644
index 81e34bd6ce..0000000000
--- a/src/lib/libcrypto/err/err_prn.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-                         void *u)
-        {
-        unsigned long l;
-        char buf[256];
-        char buf2[4096];
-        const char *file,*data;
-        int line,flags;
-        unsigned long es;
-
-        es=CRYPTO_thread_id();
-        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
-                {
-                ERR_error_string_n(l, buf, sizeof buf);
-                BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
-                        file, line, (flags & ERR_TXT_STRING) ? data : "");
-                cb(buf2, strlen(buf2), u);
-                }
-        }
-
-#ifndef OPENSSL_NO_FP_API
-static int print_fp(const char *str, size_t len, void *fp)
-        {
-        return fprintf((FILE *)fp, "%s", str);
-        }
-void ERR_print_errors_fp(FILE *fp)
-        {
-        ERR_print_errors_cb(print_fp, fp);
-        }
-#endif
-
-static int print_bio(const char *str, size_t len, void *bp)
-        {
-        return BIO_write((BIO *)bp, str, len);
-        }
-void ERR_print_errors(BIO *bp)
-        {
-        ERR_print_errors_cb(print_bio, bp);
-        }
-
-        
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
deleted file mode 100644
index f8cd6937e7..0000000000
--- a/src/lib/libcrypto/err/openssl.ec
+++ /dev/null
@@ -1,82 +0,0 @@
-# crypto/err/openssl.ec
-
-# configuration file for util/mkerr.pl
-
-# files that may have to be rewritten by util/mkerr.pl
-L ERR           NONE                            NONE
-L BN            crypto/bn/bn.h                  crypto/bn/bn_err.c
-L RSA           crypto/rsa/rsa.h                crypto/rsa/rsa_err.c
-L DH            crypto/dh/dh.h                  crypto/dh/dh_err.c
-L EVP           crypto/evp/evp.h                crypto/evp/evp_err.c
-L BUF           crypto/buffer/buffer.h          crypto/buffer/buf_err.c
-L OBJ           crypto/objects/objects.h        crypto/objects/obj_err.c
-L PEM           crypto/pem/pem.h                crypto/pem/pem_err.c
-L DSA           crypto/dsa/dsa.h                crypto/dsa/dsa_err.c
-L X509          crypto/x509/x509.h              crypto/x509/x509_err.c
-L ASN1          crypto/asn1/asn1.h              crypto/asn1/asn1_err.c
-L CONF          crypto/conf/conf.h              crypto/conf/conf_err.c
-L CRYPTO        crypto/crypto.h                 crypto/cpt_err.c
-L EC            crypto/ec/ec.h                  crypto/ec/ec_err.c
-L SSL           ssl/ssl.h                       ssl/ssl_err.c
-L BIO           crypto/bio/bio.h                crypto/bio/bio_err.c
-L PKCS7         crypto/pkcs7/pkcs7.h            crypto/pkcs7/pkcs7err.c
-L X509V3        crypto/x509v3/x509v3.h          crypto/x509v3/v3err.c
-L PKCS12        crypto/pkcs12/pkcs12.h          crypto/pkcs12/pk12err.c
-L RAND          crypto/rand/rand.h              crypto/rand/rand_err.c
-L DSO           crypto/dso/dso.h                crypto/dso/dso_err.c
-L ENGINE        crypto/engine/engine.h          crypto/engine/eng_err.c
-L OCSP          crypto/ocsp/ocsp.h              crypto/ocsp/ocsp_err.c
-L UI            crypto/ui/ui.h                  crypto/ui/ui_err.c
-L FIPS          fips-1.0/fips.h                 fips-1.0/fips_err.h
-
-# additional header files to be scanned for function names
-L NONE          crypto/x509/x509_vfy.h          NONE
-L NONE          crypto/ec/ec_lcl.h              NONE
-
-
-F RSAREF_F_RSA_BN2BIN
-F RSAREF_F_RSA_PRIVATE_DECRYPT
-F RSAREF_F_RSA_PRIVATE_ENCRYPT
-F RSAREF_F_RSA_PUBLIC_DECRYPT
-F RSAREF_F_RSA_PUBLIC_ENCRYPT
-#F SSL_F_CLIENT_CERTIFICATE
-
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE          1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC              1020
-R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED           1021
-R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW             1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE       1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE           1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE              1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE             1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE     1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED         1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED         1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN         1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER           1047
-R SSL_R_TLSV1_ALERT_UNKNOWN_CA                  1048
-R SSL_R_TLSV1_ALERT_ACCESS_DENIED               1049
-R SSL_R_TLSV1_ALERT_DECODE_ERROR                1050
-R SSL_R_TLSV1_ALERT_DECRYPT_ERROR               1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION          1060
-R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION            1070
-R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY       1071
-R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
-R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
-R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
-
-R RSAREF_R_CONTENT_ENCODING                     0x0400
-R RSAREF_R_DATA                                 0x0401
-R RSAREF_R_DIGEST_ALGORITHM                     0x0402
-R RSAREF_R_ENCODING                             0x0403
-R RSAREF_R_KEY                                  0x0404
-R RSAREF_R_KEY_ENCODING                         0x0405
-R RSAREF_R_LEN                                  0x0406
-R RSAREF_R_MODULUS_LEN                          0x0407
-R RSAREF_R_NEED_RANDOM                          0x0408
-R RSAREF_R_PRIVATE_KEY                          0x0409
-R RSAREF_R_PUBLIC_KEY                           0x040a
-R RSAREF_R_SIGNATURE                            0x040b
-R RSAREF_R_SIGNATURE_ENCODING                   0x040c
-R RSAREF_R_ENCRYPTION_ALGORITHM                 0x040d
-
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
deleted file mode 100644
index 33349c2f98..0000000000
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int b64_write(BIO *h, const char *buf, int num);
-static int b64_read(BIO *h, char *buf, int size);
-/*static int b64_puts(BIO *h, const char *str); */
-/*static int b64_gets(BIO *h, char *str, int size); */
-static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int b64_new(BIO *h);
-static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-#define B64_BLOCK_SIZE  1024
-#define B64_BLOCK_SIZE2 768
-#define B64_NONE        0
-#define B64_ENCODE      1
-#define B64_DECODE      2
-
-typedef struct b64_struct
-        {
-        /*BIO *bio; moved to the BIO structure */
-        int buf_len;
-        int buf_off;
-        int tmp_len;            /* used to find the start when decoding */
-        int tmp_nl;             /* If true, scan until '\n' */
-        int encode;
-        int start;              /* have we started decoding yet? */
-        int cont;               /* <= 0 when finished */
-        EVP_ENCODE_CTX base64;
-        char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
-        char tmp[B64_BLOCK_SIZE];
-        } BIO_B64_CTX;
-
-static BIO_METHOD methods_b64=
-        {
-        BIO_TYPE_BASE64,"base64 encoding",
-        b64_write,
-        b64_read,
-        NULL, /* b64_puts, */
-        NULL, /* b64_gets, */
-        b64_ctrl,
-        b64_new,
-        b64_free,
-        b64_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_base64(void)
-        {
-        return(&methods_b64);
-        }
-
-static int b64_new(BIO *bi)
-        {
-        BIO_B64_CTX *ctx;
-
-        ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
-        if (ctx == NULL) return(0);
-
-        ctx->buf_len=0;
-        ctx->tmp_len=0;
-        ctx->tmp_nl=0;
-        ctx->buf_off=0;
-        ctx->cont=1;
-        ctx->start=1;
-        ctx->encode=0;
-
-        bi->init=1;
-        bi->ptr=(char *)ctx;
-        bi->flags=0;
-        return(1);
-        }
-
-static int b64_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        OPENSSL_free(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int b64_read(BIO *b, char *out, int outl)
-        {
-        int ret=0,i,ii,j,k,x,n,num,ret_code=0;
-        BIO_B64_CTX *ctx;
-        unsigned char *p,*q;
-
-        if (out == NULL) return(0);
-        ctx=(BIO_B64_CTX *)b->ptr;
-
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-        if (ctx->encode != B64_DECODE)
-                {
-                ctx->encode=B64_DECODE;
-                ctx->buf_len=0;
-                ctx->buf_off=0;
-                ctx->tmp_len=0;
-                EVP_DecodeInit(&(ctx->base64));
-                }
-
-        /* First check if there are bytes decoded/encoded */
-        if (ctx->buf_len > 0)
-                {
-                i=ctx->buf_len-ctx->buf_off;
-                if (i > outl) i=outl;
-                OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
-                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-                ret=i;
-                out+=i;
-                outl-=i;
-                ctx->buf_off+=i;
-                if (ctx->buf_len == ctx->buf_off)
-                        {
-                        ctx->buf_len=0;
-                        ctx->buf_off=0;
-                        }
-                }
-
-        /* At this point, we have room of outl bytes and an empty
-         * buffer, so we should read in some more. */
-
-        ret_code=0;
-        while (outl > 0)
-                {
-
-                if (ctx->cont <= 0)
-                        break;
-
-                i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
-                        B64_BLOCK_SIZE-ctx->tmp_len);
-
-                if (i <= 0)
-                        {
-                        ret_code=i;
-
-                        /* Should be continue next time we are called? */
-                        if (!BIO_should_retry(b->next_bio))
-                                {
-                                ctx->cont=i;
-                                /* If buffer empty break */
-                                if(ctx->tmp_len == 0)
-                                        break;
-                                /* Fall through and process what we have */
-                                else
-                                        i = 0;
-                                }
-                        /* else we retry and add more data to buffer */
-                        else
-                                break;
-                        }
-                i+=ctx->tmp_len;
-                ctx->tmp_len = i;
-
-                /* We need to scan, a line at a time until we
-                 * have a valid line if we are starting. */
-                if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
-                        {
-                        /* ctx->start=1; */
-                        ctx->tmp_len=0;
-                        }
-                else if (ctx->start)
-                        {
-                        q=p=(unsigned char *)ctx->tmp;
-                        for (j=0; j<i; j++)
-                                {
-                                if (*(q++) != '\n') continue;
-
-                                /* due to a previous very long line,
-                                 * we need to keep on scanning for a '\n'
-                                 * before we even start looking for
-                                 * base64 encoded stuff. */
-                                if (ctx->tmp_nl)
-                                        {
-                                        p=q;
-                                        ctx->tmp_nl=0;
-                                        continue;
-                                        }
-
-                                k=EVP_DecodeUpdate(&(ctx->base64),
-                                        (unsigned char *)ctx->buf,
-                                        &num,p,q-p);
-                                if ((k <= 0) && (num == 0) && (ctx->start))
-                                        EVP_DecodeInit(&ctx->base64);
-                                else 
-                                        {
-                                        if (p != (unsigned char *)
-                                                &(ctx->tmp[0]))
-                                                {
-                                                i-=(p- (unsigned char *)
-                                                        &(ctx->tmp[0]));
-                                                for (x=0; x < i; x++)
-                                                        ctx->tmp[x]=p[x];
-                                                }
-                                        EVP_DecodeInit(&ctx->base64);
-                                        ctx->start=0;
-                                        break;
-                                        }
-                                p=q;
-                                }
-
-                        /* we fell off the end without starting */
-                        if (j == i)
-                                {
-                                /* Is this is one long chunk?, if so, keep on
-                                 * reading until a new line. */
-                                if (p == (unsigned char *)&(ctx->tmp[0]))
-                                        {
-                                        /* Check buffer full */
-                                        if (i == B64_BLOCK_SIZE)
-                                                {
-                                                ctx->tmp_nl=1;
-                                                ctx->tmp_len=0;
-                                                }
-                                        }
-                                else if (p != q) /* finished on a '\n' */
-                                        {
-                                        n=q-p;
-                                        for (ii=0; ii<n; ii++)
-                                                ctx->tmp[ii]=p[ii];
-                                        ctx->tmp_len=n;
-                                        }
-                                /* else finished on a '\n' */
-                                continue;
-                                }
-                        else
-                                ctx->tmp_len=0;
-                        }
-                /* If buffer isn't full and we can retry then
-                 * restart to read in more data.
-                 */
-                else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
-                        continue;
-
-                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-                        {
-                        int z,jj;
-
-                        jj=(i>>2)<<2;
-                        z=EVP_DecodeBlock((unsigned char *)ctx->buf,
-                                (unsigned char *)ctx->tmp,jj);
-                        if (jj > 2)
-                                {
-                                if (ctx->tmp[jj-1] == '=')
-                                        {
-                                        z--;
-                                        if (ctx->tmp[jj-2] == '=')
-                                                z--;
-                                        }
-                                }
-                        /* z is now number of output bytes and jj is the
-                         * number consumed */
-                        if (jj != i)
-                                {
-                                memcpy((unsigned char *)ctx->tmp,
-                                        (unsigned char *)&(ctx->tmp[jj]),i-jj);
-                                ctx->tmp_len=i-jj;
-                                }
-                        ctx->buf_len=0;
-                        if (z > 0)
-                                {
-                                ctx->buf_len=z;
-                                i=1;
-                                }
-                        else
-                                i=z;
-                        }
-                else
-                        {
-                        i=EVP_DecodeUpdate(&(ctx->base64),
-                                (unsigned char *)ctx->buf,&ctx->buf_len,
-                                (unsigned char *)ctx->tmp,i);
-                        ctx->tmp_len = 0;
-                        }
-                ctx->buf_off=0;
-                if (i < 0)
-                        {
-                        ret_code=0;
-                        ctx->buf_len=0;
-                        break;
-                        }
-
-                if (ctx->buf_len <= outl)
-                        i=ctx->buf_len;
-                else
-                        i=outl;
-
-                memcpy(out,ctx->buf,i);
-                ret+=i;
-                ctx->buf_off=i;
-                if (ctx->buf_off == ctx->buf_len)
-                        {
-                        ctx->buf_len=0;
-                        ctx->buf_off=0;
-                        }
-                outl-=i;
-                out+=i;
-                }
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return((ret == 0)?ret_code:ret);
-        }
-
-static int b64_write(BIO *b, const char *in, int inl)
-        {
-        int ret=inl,n,i;
-        BIO_B64_CTX *ctx;
-
-        ctx=(BIO_B64_CTX *)b->ptr;
-        BIO_clear_retry_flags(b);
-
-        if (ctx->encode != B64_ENCODE)
-                {
-                ctx->encode=B64_ENCODE;
-                ctx->buf_len=0;
-                ctx->buf_off=0;
-                ctx->tmp_len=0;
-                EVP_EncodeInit(&(ctx->base64));
-                }
-
-        n=ctx->buf_len-ctx->buf_off;
-        while (n > 0)
-                {
-                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-                if (i <= 0)
-                        {
-                        BIO_copy_next_retry(b);
-                        return(i);
-                        }
-                ctx->buf_off+=i;
-                n-=i;
-                }
-        /* at this point all pending data has been written */
-        ctx->buf_off=0;
-        ctx->buf_len=0;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-
-        while (inl > 0)
-                {
-                n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
-
-                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-                        {
-                        if (ctx->tmp_len > 0)
-                                {
-                                n=3-ctx->tmp_len;
-                                /* There's a teoretical possibility for this */
-                                if (n > inl) 
-                                        n=inl;
-                                memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
-                                ctx->tmp_len+=n;
-                                if (ctx->tmp_len < 3)
-                                        break;
-                                ctx->buf_len=EVP_EncodeBlock(
-                                        (unsigned char *)ctx->buf,
-                                        (unsigned char *)ctx->tmp,
-                                        ctx->tmp_len);
-                                /* Since we're now done using the temporary
-                                   buffer, the length should be 0'd */
-                                ctx->tmp_len=0;
-                                }
-                        else
-                                {
-                                if (n < 3)
-                                        {
-                                        memcpy(&(ctx->tmp[0]),in,n);
-                                        ctx->tmp_len=n;
-                                        break;
-                                        }
-                                n-=n%3;
-                                ctx->buf_len=EVP_EncodeBlock(
-                                        (unsigned char *)ctx->buf,
-                                        (unsigned char *)in,n);
-                                }
-                        }
-                else
-                        {
-                        EVP_EncodeUpdate(&(ctx->base64),
-                                (unsigned char *)ctx->buf,&ctx->buf_len,
-                                (unsigned char *)in,n);
-                        }
-                inl-=n;
-                in+=n;
-
-                ctx->buf_off=0;
-                n=ctx->buf_len;
-                while (n > 0)
-                        {
-                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-                                return((ret == 0)?i:ret);
-                                }
-                        n-=i;
-                        ctx->buf_off+=i;
-                        }
-                ctx->buf_len=0;
-                ctx->buf_off=0;
-                }
-        return(ret);
-        }
-
-static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO_B64_CTX *ctx;
-        long ret=1;
-        int i;
-
-        ctx=(BIO_B64_CTX *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ctx->cont=1;
-                ctx->start=1;
-                ctx->encode=B64_NONE;
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_EOF:      /* More to read */
-                if (ctx->cont <= 0)
-                        ret=1;
-                else
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_WPENDING: /* More to write in buffer */
-                ret=ctx->buf_len-ctx->buf_off;
-                if ((ret == 0) && (ctx->encode != B64_NONE)
-                        && (ctx->base64.num != 0))
-                        ret=1;
-                else if (ret <= 0)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_PENDING: /* More to read in buffer */
-                ret=ctx->buf_len-ctx->buf_off;
-                if (ret <= 0)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_FLUSH:
-                /* do a final write */
-again:
-                while (ctx->buf_len != ctx->buf_off)
-                        {
-                        i=b64_write(b,NULL,0);
-                        if (i < 0)
-                                return i;
-                        }
-                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-                        {
-                        if (ctx->tmp_len != 0)
-                                {
-                                ctx->buf_len=EVP_EncodeBlock(
-                                        (unsigned char *)ctx->buf,
-                                        (unsigned char *)ctx->tmp,
-                                        ctx->tmp_len);
-                                ctx->buf_off=0;
-                                ctx->tmp_len=0;
-                                goto again;
-                                }
-                        }
-                else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
-                        {
-                        ctx->buf_off=0;
-                        EVP_EncodeFinal(&(ctx->base64),
-                                (unsigned char *)ctx->buf,
-                                &(ctx->buf_len));
-                        /* push out the bytes */
-                        goto again;
-                        }
-                /* Finally flush the underlying BIO */
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-
-        case BIO_CTRL_DUP:
-                break;
-        case BIO_CTRL_INFO:
-        case BIO_CTRL_GET:
-        case BIO_CTRL_SET:
-        default:
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-        }
-
-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
deleted file mode 100644
index b8cda1a9f0..0000000000
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ /dev/null
@@ -1,426 +0,0 @@
-/* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int enc_write(BIO *h, const char *buf, int num);
-static int enc_read(BIO *h, char *buf, int size);
-/*static int enc_puts(BIO *h, const char *str); */
-/*static int enc_gets(BIO *h, char *str, int size); */
-static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int enc_new(BIO *h);
-static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
-#define ENC_BLOCK_SIZE  (1024*4)
-#define BUF_OFFSET      (EVP_MAX_BLOCK_LENGTH*2)
-
-typedef struct enc_struct
-        {
-        int buf_len;
-        int buf_off;
-        int cont;               /* <= 0 when finished */
-        int finished;
-        int ok;                 /* bad decrypt */
-        EVP_CIPHER_CTX cipher;
-        /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
-         * can return up to a block more data than is presented to it
-         */
-        char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
-        } BIO_ENC_CTX;
-
-static BIO_METHOD methods_enc=
-        {
-        BIO_TYPE_CIPHER,"cipher",
-        enc_write,
-        enc_read,
-        NULL, /* enc_puts, */
-        NULL, /* enc_gets, */
-        enc_ctrl,
-        enc_new,
-        enc_free,
-        enc_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_cipher(void)
-        {
-        return(&methods_enc);
-        }
-
-static int enc_new(BIO *bi)
-        {
-        BIO_ENC_CTX *ctx;
-
-        ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-        if (ctx == NULL) return(0);
-        EVP_CIPHER_CTX_init(&ctx->cipher);
-
-        ctx->buf_len=0;
-        ctx->buf_off=0;
-        ctx->cont=1;
-        ctx->finished=0;
-        ctx->ok=1;
-
-        bi->init=0;
-        bi->ptr=(char *)ctx;
-        bi->flags=0;
-        return(1);
-        }
-
-static int enc_free(BIO *a)
-        {
-        BIO_ENC_CTX *b;
-
-        if (a == NULL) return(0);
-        b=(BIO_ENC_CTX *)a->ptr;
-        EVP_CIPHER_CTX_cleanup(&(b->cipher));
-        OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
-        OPENSSL_free(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int enc_read(BIO *b, char *out, int outl)
-        {
-        int ret=0,i;
-        BIO_ENC_CTX *ctx;
-
-        if (out == NULL) return(0);
-        ctx=(BIO_ENC_CTX *)b->ptr;
-
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-        /* First check if there are bytes decoded/encoded */
-        if (ctx->buf_len > 0)
-                {
-                i=ctx->buf_len-ctx->buf_off;
-                if (i > outl) i=outl;
-                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-                ret=i;
-                out+=i;
-                outl-=i;
-                ctx->buf_off+=i;
-                if (ctx->buf_len == ctx->buf_off)
-                        {
-                        ctx->buf_len=0;
-                        ctx->buf_off=0;
-                        }
-                }
-
-        /* At this point, we have room of outl bytes and an empty
-         * buffer, so we should read in some more. */
-
-        while (outl > 0)
-                {
-                if (ctx->cont <= 0) break;
-
-                /* read in at IV offset, read the EVP_Cipher
-                 * documentation about why */
-                i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
-
-                if (i <= 0)
-                        {
-                        /* Should be continue next time we are called? */
-                        if (!BIO_should_retry(b->next_bio))
-                                {
-                                ctx->cont=i;
-                                i=EVP_CipherFinal_ex(&(ctx->cipher),
-                                        (unsigned char *)ctx->buf,
-                                        &(ctx->buf_len));
-                                ctx->ok=i;
-                                ctx->buf_off=0;
-                                }
-                        else 
-                                {
-                                ret=(ret == 0)?i:ret;
-                                break;
-                                }
-                        }
-                else
-                        {
-                        EVP_CipherUpdate(&(ctx->cipher),
-                                (unsigned char *)ctx->buf,&ctx->buf_len,
-                                (unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
-                        ctx->cont=1;
-                        /* Note: it is possible for EVP_CipherUpdate to
-                         * decrypt zero bytes because this is or looks like
-                         * the final block: if this happens we should retry
-                         * and either read more data or decrypt the final
-                         * block
-                         */
-                        if(ctx->buf_len == 0) continue;
-                        }
-
-                if (ctx->buf_len <= outl)
-                        i=ctx->buf_len;
-                else
-                        i=outl;
-                if (i <= 0) break;
-                memcpy(out,ctx->buf,i);
-                ret+=i;
-                ctx->buf_off=i;
-                outl-=i;
-                out+=i;
-                }
-
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return((ret == 0)?ctx->cont:ret);
-        }
-
-static int enc_write(BIO *b, const char *in, int inl)
-        {
-        int ret=0,n,i;
-        BIO_ENC_CTX *ctx;
-
-        ctx=(BIO_ENC_CTX *)b->ptr;
-        ret=inl;
-
-        BIO_clear_retry_flags(b);
-        n=ctx->buf_len-ctx->buf_off;
-        while (n > 0)
-                {
-                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-                if (i <= 0)
-                        {
-                        BIO_copy_next_retry(b);
-                        return(i);
-                        }
-                ctx->buf_off+=i;
-                n-=i;
-                }
-        /* at this point all pending data has been written */
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-
-        ctx->buf_off=0;
-        while (inl > 0)
-                {
-                n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
-                EVP_CipherUpdate(&(ctx->cipher),
-                        (unsigned char *)ctx->buf,&ctx->buf_len,
-                        (unsigned char *)in,n);
-                inl-=n;
-                in+=n;
-
-                ctx->buf_off=0;
-                n=ctx->buf_len;
-                while (n > 0)
-                        {
-                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-                        if (i <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-                                return (ret == inl) ? i : ret - inl;
-                                }
-                        n-=i;
-                        ctx->buf_off+=i;
-                        }
-                ctx->buf_len=0;
-                ctx->buf_off=0;
-                }
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO *dbio;
-        BIO_ENC_CTX *ctx,*dctx;
-        long ret=1;
-        int i;
-        EVP_CIPHER_CTX **c_ctx;
-
-        ctx=(BIO_ENC_CTX *)b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ctx->ok=1;
-                ctx->finished=0;
-                EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
-                        ctx->cipher.encrypt);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_EOF:      /* More to read */
-                if (ctx->cont <= 0)
-                        ret=1;
-                else
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_WPENDING:
-                ret=ctx->buf_len-ctx->buf_off;
-                if (ret <= 0)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_PENDING: /* More to read in buffer */
-                ret=ctx->buf_len-ctx->buf_off;
-                if (ret <= 0)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_FLUSH:
-                /* do a final write */
-again:
-                while (ctx->buf_len != ctx->buf_off)
-                        {
-                        i=enc_write(b,NULL,0);
-                        if (i < 0)
-                                return i;
-                        }
-
-                if (!ctx->finished)
-                        {
-                        ctx->finished=1;
-                        ctx->buf_off=0;
-                        ret=EVP_CipherFinal_ex(&(ctx->cipher),
-                                (unsigned char *)ctx->buf,
-                                &(ctx->buf_len));
-                        ctx->ok=(int)ret;
-                        if (ret <= 0) break;
-
-                        /* push out the bytes */
-                        goto again;
-                        }
-                
-                /* Finally flush the underlying BIO */
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_C_GET_CIPHER_STATUS:
-                ret=(long)ctx->ok;
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-        case BIO_C_GET_CIPHER_CTX:
-                c_ctx=(EVP_CIPHER_CTX **)ptr;
-                (*c_ctx)= &(ctx->cipher);
-                b->init=1;
-                break;
-        case BIO_CTRL_DUP:
-                dbio=(BIO *)ptr;
-                dctx=(BIO_ENC_CTX *)dbio->ptr;
-                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
-                dbio->init=1;
-                break;
-        default:
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-        }
-
-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-/*
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
-        {
-        if (b == NULL) return;
-
-        if ((b->callback != NULL) &&
-                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-                return;
-
-        b->init=1;
-        ctx=(BIO_ENC_CTX *)b->ptr;
-        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-        
-        if (b->callback != NULL)
-                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-        }
-*/
-
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
-             unsigned char *i, int e)
-        {
-        BIO_ENC_CTX *ctx;
-
-        if (b == NULL) return;
-
-        if ((b->callback != NULL) &&
-                (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
-                return;
-
-        b->init=1;
-        ctx=(BIO_ENC_CTX *)b->ptr;
-        EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
-        
-        if (b->callback != NULL)
-                b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
-        }
-
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
deleted file mode 100644
index f4aa41ac4b..0000000000
--- a/src/lib/libcrypto/evp/bio_md.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int md_write(BIO *h, char const *buf, int num);
-static int md_read(BIO *h, char *buf, int size);
-/*static int md_puts(BIO *h, const char *str); */
-static int md_gets(BIO *h, char *str, int size);
-static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int md_new(BIO *h);
-static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-
-static BIO_METHOD methods_md=
-        {
-        BIO_TYPE_MD,"message digest",
-        md_write,
-        md_read,
-        NULL, /* md_puts, */
-        md_gets,
-        md_ctrl,
-        md_new,
-        md_free,
-        md_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_md(void)
-        {
-        return(&methods_md);
-        }
-
-static int md_new(BIO *bi)
-        {
-        EVP_MD_CTX *ctx;
-
-        ctx=EVP_MD_CTX_create();
-        if (ctx == NULL) return(0);
-
-        bi->init=0;
-        bi->ptr=(char *)ctx;
-        bi->flags=0;
-        return(1);
-        }
-
-static int md_free(BIO *a)
-        {
-        if (a == NULL) return(0);
-        EVP_MD_CTX_destroy(a->ptr);
-        a->ptr=NULL;
-        a->init=0;
-        a->flags=0;
-        return(1);
-        }
-        
-static int md_read(BIO *b, char *out, int outl)
-        {
-        int ret=0;
-        EVP_MD_CTX *ctx;
-
-        if (out == NULL) return(0);
-        ctx=b->ptr;
-
-        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-        ret=BIO_read(b->next_bio,out,outl);
-        if (b->init)
-                {
-                if (ret > 0)
-                        {
-                        EVP_DigestUpdate(ctx,(unsigned char *)out,
-                                (unsigned int)ret);
-                        }
-                }
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static int md_write(BIO *b, const char *in, int inl)
-        {
-        int ret=0;
-        EVP_MD_CTX *ctx;
-
-        if ((in == NULL) || (inl <= 0)) return(0);
-        ctx=b->ptr;
-
-        if ((ctx != NULL) && (b->next_bio != NULL))
-                ret=BIO_write(b->next_bio,in,inl);
-        if (b->init)
-                {
-                if (ret > 0)
-                        {
-                        EVP_DigestUpdate(ctx,(unsigned char *)in,
-                                (unsigned int)ret);
-                        }
-                }
-        BIO_clear_retry_flags(b);
-        BIO_copy_next_retry(b);
-        return(ret);
-        }
-
-static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        EVP_MD_CTX *ctx,*dctx,**pctx;
-        const EVP_MD **ppmd;
-        EVP_MD *md;
-        long ret=1;
-        BIO *dbio;
-
-        ctx=b->ptr;
-
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                if (b->init)
-                        ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
-                else
-                        ret=0;
-                if (ret > 0)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-        case BIO_C_GET_MD:
-                if (b->init)
-                        {
-                        ppmd=ptr;
-                        *ppmd=ctx->digest;
-                        }
-                else
-                        ret=0;
-                break;
-        case BIO_C_GET_MD_CTX:
-                pctx=ptr;
-                *pctx=ctx;
-                break;
-        case BIO_C_SET_MD_CTX:
-                if (b->init)
-                        b->ptr=ptr;
-                else
-                        ret=0;
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-
-        case BIO_C_SET_MD:
-                md=ptr;
-                ret = EVP_DigestInit_ex(ctx,md, NULL);
-                if (ret > 0)
-                        b->init=1;
-                break;
-        case BIO_CTRL_DUP:
-                dbio=ptr;
-                dctx=dbio->ptr;
-                EVP_MD_CTX_copy_ex(dctx,ctx);
-                b->init=1;
-                break;
-        default:
-                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-        }
-
-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        long ret=1;
-
-        if (b->next_bio == NULL) return(0);
-        switch (cmd)
-                {
-        default:
-                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int md_gets(BIO *bp, char *buf, int size)
-        {
-        EVP_MD_CTX *ctx;
-        unsigned int ret;
-
-
-        ctx=bp->ptr;
-        if (size < ctx->digest->md_size)
-                return(0);
-        EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
-        return((int)ret);
-        }
-
-/*
-static int md_puts(bp,str)
-BIO *bp;
-char *str;
-        {
-        return(-1);
-        }
-*/
-
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
deleted file mode 100644
index fa60a73ead..0000000000
--- a/src/lib/libcrypto/evp/c_all.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#if 0
-#undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
-        {
-        OPENSSL_add_all_algorithms_noconf();
-        }
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void)
-        {
-        OpenSSL_add_all_ciphers();
-        OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__)
-        ENGINE_setup_bsd_cryptodev();
-# endif
-#endif
-        }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
deleted file mode 100644
index f21c63842c..0000000000
--- a/src/lib/libcrypto/evp/digest.c
+++ /dev/null
@@ -1,379 +0,0 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-        {
-        memset(ctx,'\0',sizeof *ctx);
-        }
-
-EVP_MD_CTX *EVP_MD_CTX_create(void)
-        {
-        EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-
-        EVP_MD_CTX_init(ctx);
-
-        return ctx;
-        }
-
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
-        {
-        EVP_MD_CTX_init(ctx);
-        return EVP_DigestInit_ex(ctx, type, NULL);
-        }
-
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_MD_CTX *ctx)
-        { FIPS_ERROR_IGNORED("Digest init"); return 0;}
-
-static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { FIPS_ERROR_IGNORED("Digest update"); return 0;}
-
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
-        { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-
-static const EVP_MD bad_md =
-        {
-        0,
-        0,
-        0,
-        0,
-        bad_init,
-        bad_update,
-        bad_final,
-        NULL,
-        NULL,
-        NULL,
-        0,
-        {0,0,0,0},
-        };
-
-#endif
-
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-        {
-        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unecessary. */
-        if (ctx->engine && ctx->digest && (!type ||
-                        (type && (type->type == ctx->digest->type))))
-                goto skip_to_init;
-        if (type)
-                {
-                /* Ensure an ENGINE left lying around from last time is cleared
-                 * (the previous check attempted to avoid this if the same
-                 * ENGINE and EVP_MD could be used). */
-                if(ctx->engine)
-                        ENGINE_finish(ctx->engine);
-                if(impl)
-                        {
-                        if (!ENGINE_init(impl))
-                                {
-                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                                }
-                        }
-                else
-                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_digest_engine(type->type);
-                if(impl)
-                        {
-                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-                        if(!d)
-                                {
-                                /* Same comment from evp_enc.c */
-                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                                }
-                        /* We'll use the ENGINE's private digest definition */
-                        type = d;
-                        /* Store the ENGINE functional reference so we know
-                         * 'type' came from an ENGINE and we need to release
-                         * it when done. */
-                        ctx->engine = impl;
-                        }
-                else
-                        ctx->engine = NULL;
-                }
-        else
-        if(!ctx->digest)
-                {
-                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
-                return 0;
-                }
-#endif
-        if (ctx->digest != type)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        {
-                        if (!(type->flags & EVP_MD_FLAG_FIPS) 
-                         && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
-                                {
-                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
-                                ctx->digest = &bad_md;
-                                return 0;
-                                }
-                        }
-#endif
-                if (ctx->digest && ctx->digest->ctx_size)
-                        OPENSSL_free(ctx->md_data);
-                ctx->digest=type;
-                if (type->ctx_size)
-                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
-                }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
-        return ctx->digest->init(ctx);
-        }
-
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
-             unsigned int count)
-        {
-        return ctx->digest->update(ctx,data,(unsigned long)count);
-        }
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-        {
-        int ret;
-        ret = EVP_DigestFinal_ex(ctx, md, size);
-        EVP_MD_CTX_cleanup(ctx);
-        return ret;
-        }
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-        {
-        int ret;
-
-        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
-        ret=ctx->digest->final(ctx,md);
-        if (size != NULL)
-                *size=ctx->digest->md_size;
-        if (ctx->digest->cleanup)
-                {
-                ctx->digest->cleanup(ctx);
-                EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-                }
-        memset(ctx->md_data,0,ctx->digest->ctx_size);
-        return ret;
-        }
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-        {
-        EVP_MD_CTX_init(out);
-        return EVP_MD_CTX_copy_ex(out, in);
-        }
-
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-        {
-        unsigned char *tmp_buf;
-        if ((in == NULL) || (in->digest == NULL))
-                {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-                return 0;
-                }
-#ifndef OPENSSL_NO_ENGINE
-        /* Make sure it's safe to copy a digest context using an ENGINE */
-        if (in->engine && !ENGINE_init(in->engine))
-                {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
-                return 0;
-                }
-#endif
-
-        if (out->digest == in->digest)
-                {
-                tmp_buf = out->md_data;
-                EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
-                }
-        else tmp_buf = NULL;
-        EVP_MD_CTX_cleanup(out);
-        memcpy(out,in,sizeof *out);
-
-        if (out->digest->ctx_size)
-                {
-                if (tmp_buf) out->md_data = tmp_buf;
-                else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
-                memcpy(out->md_data,in->md_data,out->digest->ctx_size);
-                }
-
-        if (out->digest->copy)
-                return out->digest->copy(out,in);
-        
-        return 1;
-        }
-
-int EVP_Digest(void *data, unsigned int count,
-                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
-        {
-        EVP_MD_CTX ctx;
-        int ret;
-
-        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
-        ret=EVP_DigestInit_ex(&ctx, type, impl)
-          && EVP_DigestUpdate(&ctx, data, count)
-          && EVP_DigestFinal_ex(&ctx, md, size);
-        EVP_MD_CTX_cleanup(&ctx);
-
-        return ret;
-        }
-
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-        {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-        }
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-        {
-        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
-         * because sometimes only copies of the context are ever finalised.
-         */
-        if (ctx->digest && ctx->digest->cleanup
-            && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
-                ctx->digest->cleanup(ctx);
-        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-            && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
-                {
-                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
-                OPENSSL_free(ctx->md_data);
-                }
-#ifndef OPENSSL_NO_ENGINE
-        if(ctx->engine)
-                /* The EVP_MD we used belongs to an ENGINE, release the
-                 * functional reference we held for this reason. */
-                ENGINE_finish(ctx->engine);
-#endif
-        memset(ctx,'\0',sizeof *ctx);
-
-        return 1;
-        }
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
deleted file mode 100644
index 7b67984fa1..0000000000
--- a/src/lib/libcrypto/evp/e_aes.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef OPENSSL_NO_AES
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <openssl/aes.h>
-#include "evp_locl.h"
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                        const unsigned char *iv, int enc);
-
-typedef struct
-        {
-        AES_KEY ks;
-        } EVP_AES_KEY;
-
-#define data(ctx)       EVP_C_DATA(EVP_AES_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
-                       NID_aes_128, 16, 16, 16, 128,
-                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
-                       EVP_CIPHER_set_asn1_iv,
-                       EVP_CIPHER_get_asn1_iv,
-                       NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
-                       NID_aes_192, 16, 24, 16, 128,
-                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
-                       EVP_CIPHER_set_asn1_iv,
-                       EVP_CIPHER_get_asn1_iv,
-                       NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
-                       NID_aes_256, 16, 32, 16, 128,
-                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
-                       EVP_CIPHER_set_asn1_iv,
-                       EVP_CIPHER_get_asn1_iv,
-                       NULL)
-
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-
-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
-
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                   const unsigned char *iv, int enc)
-        {
-        int ret;
-
-        if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
-            || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
-            || enc) 
-                ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
-        else
-                ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
-
-        if(ret < 0)
-                {
-                EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-                return 0;
-                }
-
-        return 1;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
deleted file mode 100644
index e74337567b..0000000000
--- a/src/lib/libcrypto/evp/e_bf.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/evp/e_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_BF
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/blowfish.h>
-
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                       const unsigned char *iv, int enc);
-
-typedef struct
-        {
-        BF_KEY ks;
-        } EVP_BF_KEY;
-
-#define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
-                        EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
-                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-        
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                       const unsigned char *iv, int enc)
-        {
-        BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-        return 1;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
deleted file mode 100644
index 3400fef187..0000000000
--- a/src/lib/libcrypto/evp/e_cast.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/evp/e_cast.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/cast.h>
-
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv,int enc);
-
-typedef struct
-        {
-        CAST_KEY ks;
-        } EVP_CAST_KEY;
-
-#define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
-                        NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
-                        EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
-                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-                        
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv, int enc)
-        {
-        CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-        return 1;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
deleted file mode 100644
index 46e2899825..0000000000
--- a/src/lib/libcrypto/evp/e_des.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/evp/e_des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc);
-
-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
-{
-        BLOCK_CIPHER_ecb_loop()
-                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
-        return 1;
-}
-
-static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
-{
-        DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
-        return 1;
-}
-
-static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
-{
-        DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
-                         (DES_cblock *)ctx->iv, ctx->encrypt);
-        return 1;
-}
-
-static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                            const unsigned char *in, unsigned int inl)
-{
-        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-        return 1;
-}
-
-/* Although we have a CFB-r implementation for DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
-    {
-    unsigned int n;
-    unsigned char c[1],d[1];
-
-    for(n=0 ; n < inl ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
-                        ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-        }
-    return 1;
-    }
-
-static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
-    {
-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
-                    ctx->encrypt);
-    return 1;
-    }
-
-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-                        EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
-                        EVP_CIPHER_set_asn1_iv,
-                        EVP_CIPHER_get_asn1_iv,
-                        NULL)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
-                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
-                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-        {
-        DES_cblock *deskey = (DES_cblock *)key;
-
-        DES_set_key_unchecked(deskey,ctx->cipher_data);
-        return 1;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
deleted file mode 100644
index 677322bf02..0000000000
--- a/src/lib/libcrypto/evp/e_des3.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* crypto/evp/e_des3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                            const unsigned char *iv,int enc);
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv,int enc);
-
-typedef struct
-    {
-    DES_key_schedule ks1;/* key schedule */
-    DES_key_schedule ks2;/* key schedule (for ede) */
-    DES_key_schedule ks3;/* key schedule (for ede3) */
-    } DES_EDE_KEY;
-
-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
-
-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
-{
-        BLOCK_CIPHER_ecb_loop()
-                DES_ecb3_encrypt(in + i,out + i, 
-                                 &data(ctx)->ks1, &data(ctx)->ks2,
-                                 &data(ctx)->ks3,
-                                 ctx->encrypt);
-        return 1;
-}
-
-static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
-{
-        DES_ede3_ofb64_encrypt(in, out, (long)inl,
-                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                               (DES_cblock *)ctx->iv, &ctx->num);
-        return 1;
-}
-
-static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
-{
-#ifdef KSSL_DEBUG
-        {
-        int i;
-        char *cp;
-        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
-        printf("\t iv= ");
-        for(i=0;i<8;i++)
-                printf("%02X",ctx->iv[i]);
-        printf("\n");
-        }
-#endif    /* KSSL_DEBUG */
-        DES_ede3_cbc_encrypt(in, out, (long)inl,
-                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                             (DES_cblock *)ctx->iv, ctx->encrypt);
-        return 1;
-}
-
-static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
-{
-        DES_ede3_cfb64_encrypt(in, out, (long)inl, 
-                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-        return 1;
-}
-
-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
-    {
-    unsigned int n;
-    unsigned char c[1],d[1];
-
-    for(n=0 ; n < inl ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        DES_ede3_cfb_encrypt(c,d,1,1,
-                             &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-                             (DES_cblock *)ctx->iv,ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-        }
-
-    return 1;
-    }
-
-static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
-    {
-    DES_ede3_cfb_encrypt(in,out,8,inl,
-                         &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-                         (DES_cblock *)ctx->iv,ctx->encrypt);
-    return 1;
-    }
-
-BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-                        EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
-                        EVP_CIPHER_set_asn1_iv,
-                        EVP_CIPHER_get_asn1_iv,
-                        NULL)
-
-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
-#define des_ede3_ofb_cipher des_ede_ofb_cipher
-#define des_ede3_cbc_cipher des_ede_cbc_cipher
-#define des_ede3_ecb_cipher des_ede_ecb_cipher
-
-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                        EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
-                        EVP_CIPHER_set_asn1_iv,
-                        EVP_CIPHER_get_asn1_iv,
-                        NULL)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
-                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
-                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                            const unsigned char *iv, int enc)
-        {
-        DES_cblock *deskey = (DES_cblock *)key;
-
-        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-        memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
-               sizeof(data(ctx)->ks1));
-        return 1;
-        }
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv, int enc)
-        {
-        DES_cblock *deskey = (DES_cblock *)key;
-#ifdef KSSL_DEBUG
-        {
-        int i;
-        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
-        printf("\tKEY= ");
-        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
-        printf("\t IV= ");
-        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
-        }
-#endif  /* KSSL_DEBUG */
-
-        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-        DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-
-        return 1;
-        }
-
-const EVP_CIPHER *EVP_des_ede(void)
-{
-        return &des_ede_ecb;
-}
-
-const EVP_CIPHER *EVP_des_ede3(void)
-{
-        return &des_ede3_ecb;
-}
-#endif
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
deleted file mode 100644
index b9efa75ae7..0000000000
--- a/src/lib/libcrypto/evp/e_idea.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/evp/e_idea.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/idea.h>
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv,int enc);
-
-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
- * case 
- */
-
-static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
-{
-        BLOCK_CIPHER_ecb_loop()
-                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
-        return 1;
-}
-
-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
-
-typedef struct
-        {
-        IDEA_KEY_SCHEDULE ks;
-        } EVP_IDEA_KEY;
-
-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
-
-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
-                        0, idea_init_key, NULL, 
-                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv, int enc)
-        {
-        if(!enc) {
-                if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
-                else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
-        }
-        if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
-        else
-                {
-                IDEA_KEY_SCHEDULE tmp;
-
-                idea_set_encrypt_key(key,&tmp);
-                idea_set_decrypt_key(&tmp,ctx->cipher_data);
-                OPENSSL_cleanse((unsigned char *)&tmp,
-                                sizeof(IDEA_KEY_SCHEDULE));
-                }
-        return 1;
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
deleted file mode 100644
index a84b0f14b1..0000000000
--- a/src/lib/libcrypto/evp/e_null.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-        const unsigned char *iv,int enc);
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER n_cipher=
-        {
-        NID_undef,
-        1,0,0,
-        EVP_CIPH_FLAG_FIPS,
-        null_init_key,
-        null_cipher,
-        NULL,
-        0,
-        NULL,
-        NULL,
-        NULL
-        };
-
-const EVP_CIPHER *EVP_enc_null(void)
-        {
-        return(&n_cipher);
-        }
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-             const unsigned char *iv, int enc)
-        {
-        /*      memset(&(ctx->c),0,sizeof(ctx->c));*/
-        return 1;
-        }
-
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             const unsigned char *in, unsigned int inl)
-        {
-        if (in != out)
-                memcpy((char *)out,(char *)in,(int)inl);
-        return 1;
-        }
-
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c
deleted file mode 100644
index 92dc498945..0000000000
--- a/src/lib/libcrypto/evp/e_old.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-
-/* Define some deprecated functions, so older programs
-   don't crash and burn too quickly.  On Windows and VMS,
-   these will never be used, since functions and variables
-   in shared libraries are selected by entry point location,
-   not by name.  */
-
-#ifndef OPENSSL_NO_BF
-#undef EVP_bf_cfb
-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_DES
-#undef EVP_des_cfb
-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
-#undef EVP_des_ede3_cfb
-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
-#undef EVP_des_ede_cfb
-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-#undef EVP_idea_cfb
-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC2
-#undef EVP_rc2_cfb
-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_CAST
-#undef EVP_cast5_cfb
-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC5
-#undef EVP_rc5_32_12_16_cfb
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_AES
-#undef EVP_aes_128_cfb
-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
-#undef EVP_aes_192_cfb
-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
-#undef EVP_aes_256_cfb
-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
-#endif
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
deleted file mode 100644
index d42cbfd17e..0000000000
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* crypto/evp/e_rc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc2.h>
-
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv,int enc);
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
-static int rc2_magic_to_meth(int i);
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
-        {
-        int key_bits;   /* effective key bits */
-        RC2_KEY ks;     /* key schedule */
-        } EVP_RC2_KEY;
-
-#define data(ctx)       ((EVP_RC2_KEY *)(ctx)->cipher_data)
-
-IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
-                        8,
-                        RC2_KEY_LENGTH, 8, 64,
-                        EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-                        rc2_init_key, NULL,
-                        rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
-                        rc2_ctrl)
-
-#define RC2_40_MAGIC    0xa0
-#define RC2_64_MAGIC    0x78
-#define RC2_128_MAGIC   0x3a
-
-static const EVP_CIPHER r2_64_cbc_cipher=
-        {
-        NID_rc2_64_cbc,
-        8,8 /* 64 bit */,8,
-        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-        rc2_init_key,
-        rc2_cbc_cipher,
-        NULL,
-        sizeof(EVP_RC2_KEY),
-        rc2_set_asn1_type_and_iv,
-        rc2_get_asn1_type_and_iv,
-        rc2_ctrl,
-        NULL
-        };
-
-static const EVP_CIPHER r2_40_cbc_cipher=
-        {
-        NID_rc2_40_cbc,
-        8,5 /* 40 bit */,8,
-        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-        rc2_init_key,
-        rc2_cbc_cipher,
-        NULL,
-        sizeof(EVP_RC2_KEY),
-        rc2_set_asn1_type_and_iv,
-        rc2_get_asn1_type_and_iv,
-        rc2_ctrl,
-        NULL
-        };
-
-const EVP_CIPHER *EVP_rc2_64_cbc(void)
-        {
-        return(&r2_64_cbc_cipher);
-        }
-
-const EVP_CIPHER *EVP_rc2_40_cbc(void)
-        {
-        return(&r2_40_cbc_cipher);
-        }
-        
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-        {
-        RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-                    key,data(ctx)->key_bits);
-        return 1;
-        }
-
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
-        {
-        int i;
-
-        EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
-        if      (i == 128) return(RC2_128_MAGIC);
-        else if (i == 64)  return(RC2_64_MAGIC);
-        else if (i == 40)  return(RC2_40_MAGIC);
-        else return(0);
-        }
-
-static int rc2_magic_to_meth(int i)
-        {
-        if      (i == RC2_128_MAGIC) return 128;
-        else if (i == RC2_64_MAGIC)  return 64;
-        else if (i == RC2_40_MAGIC)  return 40;
-        else
-                {
-                EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
-                return(0);
-                }
-        }
-
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        long num=0;
-        int i=0,l;
-        int key_bits;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-
-        if (type != NULL)
-                {
-                l=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(l <= sizeof iv);
-                i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
-                if (i != l)
-                        return(-1);
-                key_bits =rc2_magic_to_meth((int)num);
-                if (!key_bits)
-                        return(-1);
-                if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
-                EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-                EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
-                }
-        return(i);
-        }
-
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        long num;
-        int i=0,j;
-
-        if (type != NULL)
-                {
-                num=rc2_meth_to_magic(c);
-                j=EVP_CIPHER_CTX_iv_length(c);
-                i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
-                }
-        return(i);
-        }
-
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-        {
-        switch(type)
-                {
-        case EVP_CTRL_INIT:
-                data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
-                return 1;
-
-        case EVP_CTRL_GET_RC2_KEY_BITS:
-                *(int *)ptr = data(c)->key_bits;
-                return 1;
-                        
-        case EVP_CTRL_SET_RC2_KEY_BITS:
-                if(arg > 0)
-                        {
-                        data(c)->key_bits = arg;
-                        return 1;
-                        }
-                return 0;
-
-        default:
-                return -1;
-                }
-        }
-
-#endif
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
deleted file mode 100644
index 8aa70585b9..0000000000
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RC4
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc4.h>
-
-/* FIXME: surely this is available elsewhere? */
-#define EVP_RC4_KEY_SIZE                16
-
-typedef struct
-    {
-    RC4_KEY ks; /* working key */
-    } EVP_RC4_KEY;
-
-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv,int enc);
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER r4_cipher=
-        {
-        NID_rc4,
-        1,EVP_RC4_KEY_SIZE,0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        rc4_init_key,
-        rc4_cipher,
-        NULL,
-        sizeof(EVP_RC4_KEY),
-        NULL,
-        NULL,
-        NULL
-        };
-
-static const EVP_CIPHER r4_40_cipher=
-        {
-        NID_rc4_40,
-        1,5 /* 40 bit */,0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        rc4_init_key,
-        rc4_cipher,
-        NULL,
-        sizeof(EVP_RC4_KEY),
-        NULL, 
-        NULL,
-        NULL
-        };
-
-const EVP_CIPHER *EVP_rc4(void)
-        {
-        return(&r4_cipher);
-        }
-
-const EVP_CIPHER *EVP_rc4_40(void)
-        {
-        return(&r4_40_cipher);
-        }
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-        {
-        RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-                    key);
-        return 1;
-        }
-
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
-        {
-        RC4(&data(ctx)->ks,inl,in,out);
-        return 1;
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
deleted file mode 100644
index a6f849e93d..0000000000
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_DES
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/des.h>
-
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv,int enc);
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl);
-
-
-typedef struct
-    {
-    DES_key_schedule ks;/* key schedule */
-    DES_cblock inw;
-    DES_cblock outw;
-    } DESX_CBC_KEY;
-
-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
-
-static const EVP_CIPHER d_xcbc_cipher=
-        {
-        NID_desx_cbc,
-        8,24,8,
-        EVP_CIPH_CBC_MODE,
-        desx_cbc_init_key,
-        desx_cbc_cipher,
-        NULL,
-        sizeof(DESX_CBC_KEY),
-        EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-        NULL
-        };
-
-const EVP_CIPHER *EVP_desx_cbc(void)
-        {
-        return(&d_xcbc_cipher);
-        }
-        
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv, int enc)
-        {
-        DES_cblock *deskey = (DES_cblock *)key;
-
-        DES_set_key_unchecked(deskey,&data(ctx)->ks);
-        memcpy(&data(ctx)->inw[0],&key[8],8);
-        memcpy(&data(ctx)->outw[0],&key[16],8);
-
-        return 1;
-        }
-
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
-        {
-        DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
-                         (DES_cblock *)&(ctx->iv[0]),
-                         &data(ctx)->inw,
-                         &data(ctx)->outw,
-                         ctx->encrypt);
-        return 1;
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
deleted file mode 100644
index 33e540087d..0000000000
--- a/src/lib/libcrypto/evp/encode.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-
-#ifndef CHARSET_EBCDIC
-#define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)       (data_ascii2bin[(a)&0x7f])
-#else
-/* We assume that PEM encoded files are EBCDIC files
- * (i.e., printable text files). Convert them here while decoding.
- * When encoding, output is EBCDIC (text) format again.
- * (No need for conversion in the conv_bin2ascii macro, as the
- * underlying textstring data_bin2ascii[] is already EBCDIC)
- */
-#define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)       (data_ascii2bin[os_toascii[a]&0x7f])
-#endif
-
-/* 64 char lines
- * pad input with 0
- * left over chars are set to =
- * 1 byte  => xx==
- * 2 bytes => xxx=
- * 3 bytes => xxxx
- */
-#define BIN_PER_LINE    (64/4*3)
-#define CHUNKS_PER_LINE (64/4)
-#define CHAR_PER_LINE   (64+1)
-
-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
-
-/* 0xF0 is a EOLN
- * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
- * 0xF2 is EOF
- * 0xE0 is ignore at start of line.
- * 0xFF is error
- */
-
-#define B64_EOLN                0xF0
-#define B64_CR                  0xF1
-#define B64_EOF                 0xF2
-#define B64_WS                  0xE0
-#define B64_ERROR               0xFF
-#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
-
-static unsigned char data_ascii2bin[128]={
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
-        0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
-        0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
-        0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
-        0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
-        0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
-        0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
-        0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
-        0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
-        0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
-        };
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
-        {
-        ctx->length=48;
-        ctx->num=0;
-        ctx->line_num=0;
-        }
-
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-             unsigned char *in, int inl)
-        {
-        int i,j;
-        unsigned int total=0;
-
-        *outl=0;
-        if (inl == 0) return;
-        OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
-        if ((ctx->num+inl) < ctx->length)
-                {
-                memcpy(&(ctx->enc_data[ctx->num]),in,inl);
-                ctx->num+=inl;
-                return;
-                }
-        if (ctx->num != 0)
-                {
-                i=ctx->length-ctx->num;
-                memcpy(&(ctx->enc_data[ctx->num]),in,i);
-                in+=i;
-                inl-=i;
-                j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
-                ctx->num=0;
-                out+=j;
-                *(out++)='\n';
-                *out='\0';
-                total=j+1;
-                }
-        while (inl >= ctx->length)
-                {
-                j=EVP_EncodeBlock(out,in,ctx->length);
-                in+=ctx->length;
-                inl-=ctx->length;
-                out+=j;
-                *(out++)='\n';
-                *out='\0';
-                total+=j+1;
-                }
-        if (inl != 0)
-                memcpy(&(ctx->enc_data[0]),in,inl);
-        ctx->num=inl;
-        *outl=total;
-        }
-
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-        {
-        unsigned int ret=0;
-
-        if (ctx->num != 0)
-                {
-                ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
-                out[ret++]='\n';
-                out[ret]='\0';
-                ctx->num=0;
-                }
-        *outl=ret;
-        }
-
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
-        {
-        int i,ret=0;
-        unsigned long l;
-
-        for (i=dlen; i > 0; i-=3)
-                {
-                if (i >= 3)
-                        {
-                        l=      (((unsigned long)f[0])<<16L)|
-                                (((unsigned long)f[1])<< 8L)|f[2];
-                        *(t++)=conv_bin2ascii(l>>18L);
-                        *(t++)=conv_bin2ascii(l>>12L);
-                        *(t++)=conv_bin2ascii(l>> 6L);
-                        *(t++)=conv_bin2ascii(l     );
-                        }
-                else
-                        {
-                        l=((unsigned long)f[0])<<16L;
-                        if (i == 2) l|=((unsigned long)f[1]<<8L);
-
-                        *(t++)=conv_bin2ascii(l>>18L);
-                        *(t++)=conv_bin2ascii(l>>12L);
-                        *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
-                        *(t++)='=';
-                        }
-                ret+=4;
-                f+=3;
-                }
-
-        *t='\0';
-        return(ret);
-        }
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
-        {
-        ctx->length=30;
-        ctx->num=0;
-        ctx->line_num=0;
-        ctx->expect_nl=0;
-        }
-
-/* -1 for error
- *  0 for last line
- *  1 for full line
- */
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-             unsigned char *in, int inl)
-        {
-        int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
-        unsigned char *d;
-
-        n=ctx->num;
-        d=ctx->enc_data;
-        ln=ctx->line_num;
-        exp_nl=ctx->expect_nl;
-
-        /* last line of input. */
-        if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
-                { rv=0; goto end; }
-                
-        /* We parse the input data */
-        for (i=0; i<inl; i++)
-                {
-                /* If the current line is > 80 characters, scream alot */
-                if (ln >= 80) { rv= -1; goto end; }
-
-                /* Get char and put it into the buffer */
-                tmp= *(in++);
-                v=conv_ascii2bin(tmp);
-                /* only save the good data :-) */
-                if (!B64_NOT_BASE64(v))
-                        {
-                        OPENSSL_assert(n < sizeof ctx->enc_data);
-                        d[n++]=tmp;
-                        ln++;
-                        }
-                else if (v == B64_ERROR)
-                        {
-                        rv= -1;
-                        goto end;
-                        }
-
-                /* have we seen a '=' which is 'definitly' the last
-                 * input line.  seof will point to the character that
-                 * holds it. and eof will hold how many characters to
-                 * chop off. */
-                if (tmp == '=')
-                        {
-                        if (seof == -1) seof=n;
-                        eof++;
-                        }
-
-                if (v == B64_CR)
-                        {
-                        ln = 0;
-                        if (exp_nl)
-                                continue;
-                        }
-
-                /* eoln */
-                if (v == B64_EOLN)
-                        {
-                        ln=0;
-                        if (exp_nl)
-                                {
-                                exp_nl=0;
-                                continue;
-                                }
-                        }
-                exp_nl=0;
-
-                /* If we are at the end of input and it looks like a
-                 * line, process it. */
-                if (((i+1) == inl) && (((n&3) == 0) || eof))
-                        {
-                        v=B64_EOF;
-                        /* In case things were given us in really small
-                           records (so two '=' were given in separate
-                           updates), eof may contain the incorrect number
-                           of ending bytes to skip, so let's redo the count */
-                        eof = 0;
-                        if (d[n-1] == '=') eof++;
-                        if (d[n-2] == '=') eof++;
-                        /* There will never be more than two '=' */
-                        }
-
-                if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
-                        {
-                        /* This is needed to work correctly on 64 byte input
-                         * lines.  We process the line and then need to
-                         * accept the '\n' */
-                        if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
-                        tmp2=v;
-                        if (n > 0)
-                                {
-                                v=EVP_DecodeBlock(out,d,n);
-                                if (v < 0) { rv=0; goto end; }
-                                n=0;
-                                ret+=(v-eof);
-                                }
-                        else
-                                {
-                                eof=1;
-                                v=0;
-                                }
-
-                        /* This is the case where we have had a short
-                         * but valid input line */
-                        if ((v < ctx->length) && eof)
-                                {
-                                rv=0;
-                                goto end;
-                                }
-                        else
-                                ctx->length=v;
-
-                        if (seof >= 0) { rv=0; goto end; }
-                        out+=v;
-                        }
-                }
-        rv=1;
-end:
-        *outl=ret;
-        ctx->num=n;
-        ctx->line_num=ln;
-        ctx->expect_nl=exp_nl;
-        return(rv);
-        }
-
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
-        {
-        int i,ret=0,a,b,c,d;
-        unsigned long l;
-
-        /* trim white space from the start of the line. */
-        while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
-                {
-                f++;
-                n--;
-                }
-
-        /* strip off stuff at the end of the line
-         * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
-        while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
-                n--;
-
-        if (n%4 != 0) return(-1);
-
-        for (i=0; i<n; i+=4)
-                {
-                a=conv_ascii2bin(*(f++));
-                b=conv_ascii2bin(*(f++));
-                c=conv_ascii2bin(*(f++));
-                d=conv_ascii2bin(*(f++));
-                if (    (a & 0x80) || (b & 0x80) ||
-                        (c & 0x80) || (d & 0x80))
-                        return(-1);
-                l=(     (((unsigned long)a)<<18L)|
-                        (((unsigned long)b)<<12L)|
-                        (((unsigned long)c)<< 6L)|
-                        (((unsigned long)d)     ));
-                *(t++)=(unsigned char)(l>>16L)&0xff;
-                *(t++)=(unsigned char)(l>> 8L)&0xff;
-                *(t++)=(unsigned char)(l     )&0xff;
-                ret+=3;
-                }
-        return(ret);
-        }
-
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int i;
-
-        *outl=0;
-        if (ctx->num != 0)
-                {
-                i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
-                if (i < 0) return(-1);
-                ctx->num=0;
-                *outl=i;
-                return(1);
-                }
-        else
-                return(1);
-        }
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
-        {
-        int i,num=0,bad=0;
-
-        if (len == 0) return(-1);
-        while (conv_ascii2bin(*buf) == B64_WS)
-                {
-                buf++;
-                len--;
-                if (len == 0) return(-1);
-                }
-
-        for (i=len; i >= 4; i-=4)
-                {
-                if (    (conv_ascii2bin(buf[0]) >= 0x40) ||
-                        (conv_ascii2bin(buf[1]) >= 0x40) ||
-                        (conv_ascii2bin(buf[2]) >= 0x40) ||
-                        (conv_ascii2bin(buf[3]) >= 0x40))
-                        return(-1);
-                buf+=4;
-                num+=1+(buf[2] != '=')+(buf[3] != '=');
-                }
-        if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
-                return(num);
-        if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
-                (conv_ascii2bin(buf[0]) == B64_EOLN))
-                return(num);
-        return(1);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
deleted file mode 100644
index f29e0ba8f0..0000000000
--- a/src/lib/libcrypto/evp/evp.h
+++ /dev/null
@@ -1,910 +0,0 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ENVELOPE_H
-#define HEADER_ENVELOPE_H
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-#else
-# define OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# undef OPENSSL_ALGORITHM_DEFINES
-#endif
-
-#include <openssl/ossl_typ.h>
-
-#include <openssl/symhacks.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-/*
-#define EVP_RC2_KEY_SIZE                16
-#define EVP_RC4_KEY_SIZE                16
-#define EVP_BLOWFISH_KEY_SIZE           16
-#define EVP_CAST5_KEY_SIZE              16
-#define EVP_RC5_32_12_16_KEY_SIZE       16
-*/
-#define EVP_MAX_MD_SIZE                 64      /* longest known SHA512 */
-#define EVP_MAX_KEY_LENGTH              32
-#define EVP_MAX_IV_LENGTH               16
-#define EVP_MAX_BLOCK_LENGTH            32
-
-#define PKCS5_SALT_LEN                  8
-/* Default PKCS#5 iteration count */
-#define PKCS5_DEFAULT_ITER              2048
-
-#include <openssl/objects.h>
-
-#define EVP_PK_RSA      0x0001
-#define EVP_PK_DSA      0x0002
-#define EVP_PK_DH       0x0004
-#define EVP_PKT_SIGN    0x0010
-#define EVP_PKT_ENC     0x0020
-#define EVP_PKT_EXCH    0x0040
-#define EVP_PKS_RSA     0x0100
-#define EVP_PKS_DSA     0x0200
-#define EVP_PKT_EXP     0x1000 /* <= 512 bit key */
-
-#define EVP_PKEY_NONE   NID_undef
-#define EVP_PKEY_RSA    NID_rsaEncryption
-#define EVP_PKEY_RSA2   NID_rsa
-#define EVP_PKEY_DSA    NID_dsa
-#define EVP_PKEY_DSA1   NID_dsa_2
-#define EVP_PKEY_DSA2   NID_dsaWithSHA
-#define EVP_PKEY_DSA3   NID_dsaWithSHA1
-#define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
-#define EVP_PKEY_DH     NID_dhKeyAgreement
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Type needs to be a bit field
- * Sub-type needs to be for variations on the method, as in, can it do
- * arbitrary encryption.... */
-struct evp_pkey_st
-        {
-        int type;
-        int save_type;
-        int references;
-        union   {
-                char *ptr;
-#ifndef OPENSSL_NO_RSA
-                struct rsa_st *rsa;     /* RSA */
-#endif
-#ifndef OPENSSL_NO_DSA
-                struct dsa_st *dsa;     /* DSA */
-#endif
-#ifndef OPENSSL_NO_DH
-                struct dh_st *dh;       /* DH */
-#endif
-                } pkey;
-        int save_parameters;
-        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-        } /* EVP_PKEY */;
-
-#define EVP_PKEY_MO_SIGN        0x0001
-#define EVP_PKEY_MO_VERIFY      0x0002
-#define EVP_PKEY_MO_ENCRYPT     0x0004
-#define EVP_PKEY_MO_DECRYPT     0x0008
-
-#if 0
-/* This structure is required to tie the message digest and signing together.
- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
- * oid, md and pkey.
- * This is required because for various smart-card perform the digest and
- * signing/verification on-board.  To handle this case, the specific
- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
- * This can either be software or a token to provide the required low level
- * routines.
- */
-typedef struct evp_pkey_md_st
-        {
-        int oid;
-        EVP_MD *md;
-        EVP_PKEY_METHOD *pkey;
-        } EVP_PKEY_MD;
-
-#define EVP_rsa_md2() \
-                EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5() \
-                EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0() \
-                EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1() \
-                EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160() \
-                EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
-                        EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2() \
-                EVP_PKEY_MD_add(NID_mdc2WithRSA,\
-                        EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA,\
-                        EVP_dsa(),EVP_sha())
-#define EVP_dsa_sha1() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
-                        EVP_dsa(),EVP_sha1())
-
-typedef struct evp_pkey_method_st
-        {
-        char *name;
-        int flags;
-        int type;               /* RSA, DSA, an SSLeay specific constant */
-        int oid;                /* For the pub-key type */
-        int encrypt_oid;        /* pub/priv key encryption */
-
-        int (*sign)();
-        int (*verify)();
-        struct  {
-                int (*set)();   /* get and/or set the underlying type */
-                int (*get)();
-                int (*encrypt)();
-                int (*decrypt)();
-                int (*i2d)();
-                int (*d2i)();
-                int (*dup)();
-                } pub,priv;
-        int (*set_asn1_parameters)();
-        int (*get_asn1_parameters)();
-        } EVP_PKEY_METHOD;
-#endif
-
-#ifndef EVP_MD
-struct env_md_st
-        {
-        int type;
-        int pkey_type;
-        int md_size;
-        unsigned long flags;
-        int (*init)(EVP_MD_CTX *ctx);
-        int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
-        int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
-        int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
-        int (*cleanup)(EVP_MD_CTX *ctx);
-
-        /* FIXME: prototype these some day */
-        int (*sign)();
-        int (*verify)();
-        int required_pkey_type[5]; /*EVP_PKEY_xxx */
-        int block_size;
-        int ctx_size; /* how big does the ctx->md_data need to be */
-        } /* EVP_MD */;
-
-#define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
-                                        * block */
-#define EVP_MD_FLAG_FIPS        0x0400 /* Note if suitable for use in FIPS mode */
-
-#define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method     DSA_sign,DSA_verify, \
-                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
-                                        EVP_PKEY_DSA4,0}
-#else
-#define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method     RSA_sign,RSA_verify, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-                                RSA_sign_ASN1_OCTET_STRING, \
-                                RSA_verify_ASN1_OCTET_STRING, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#else
-#define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#endif
-
-#endif /* !EVP_MD */
-
-struct env_md_ctx_st
-        {
-        const EVP_MD *digest;
-        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
-        unsigned long flags;
-        void *md_data;
-        } /* EVP_MD_CTX */;
-
-/* values for EVP_MD_CTX flags */
-
-#define EVP_MD_CTX_FLAG_ONESHOT         0x0001 /* digest update will be called
-                                                * once only */
-#define EVP_MD_CTX_FLAG_CLEANED         0x0002 /* context has already been
-                                                * cleaned */
-#define EVP_MD_CTX_FLAG_REUSE           0x0004 /* Don't free up ctx->md_data
-                                                * in EVP_MD_CTX_cleanup */
-
-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008  /* Allow use of non FIPS digest
-                                                 * in FIPS mode */
-
-struct evp_cipher_st
-        {
-        int nid;
-        int block_size;
-        int key_len;            /* Default value for variable length ciphers */
-        int iv_len;
-        unsigned long flags;    /* Various flags */
-        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                    const unsigned char *iv, int enc);  /* init key */
-        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                         const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
-        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
-        int ctx_size;           /* how big ctx->cipher_data needs to be */
-        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
-        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
-        int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
-        void *app_data;         /* Application data */
-        } /* EVP_CIPHER */;
-
-/* Values for cipher flags */
-
-/* Modes for ciphers */
-
-#define         EVP_CIPH_STREAM_CIPHER          0x0
-#define         EVP_CIPH_ECB_MODE               0x1
-#define         EVP_CIPH_CBC_MODE               0x2
-#define         EVP_CIPH_CFB_MODE               0x3
-#define         EVP_CIPH_OFB_MODE               0x4
-#define         EVP_CIPH_MODE                   0x7
-/* Set if variable length cipher */
-#define         EVP_CIPH_VARIABLE_LENGTH        0x8
-/* Set if the iv handling should be done by the cipher itself */
-#define         EVP_CIPH_CUSTOM_IV              0x10
-/* Set if the cipher's init() function should be called if key is NULL */
-#define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
-/* Call ctrl() to init cipher parameters */
-#define         EVP_CIPH_CTRL_INIT              0x40
-/* Don't use standard key length function */
-#define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
-/* Don't use standard block padding */
-#define         EVP_CIPH_NO_PADDING             0x100
-/* Note if suitable for use in FIPS mode */
-#define         EVP_CIPH_FLAG_FIPS              0x400
-/* Allow non FIPS cipher in FIPS mode */
-#define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x800
-
-/* ctrl() values */
-
-#define         EVP_CTRL_INIT                   0x0
-#define         EVP_CTRL_SET_KEY_LENGTH         0x1
-#define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
-#define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
-#define         EVP_CTRL_GET_RC5_ROUNDS         0x4
-#define         EVP_CTRL_SET_RC5_ROUNDS         0x5
-#define         EVP_CTRL_SET_ACSS_MODE          0x6
-
-typedef struct evp_cipher_info_st
-        {
-        const EVP_CIPHER *cipher;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        } EVP_CIPHER_INFO;
-
-struct evp_cipher_ctx_st
-        {
-        const EVP_CIPHER *cipher;
-        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
-        int encrypt;            /* encrypt or decrypt */
-        int buf_len;            /* number we have left */
-
-        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
-        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
-        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-        int num;                                /* used by cfb/ofb mode */
-
-        void *app_data;         /* application stuff */
-        int key_len;            /* May change for variable length cipher */
-        unsigned long flags;    /* Various flags */
-        void *cipher_data; /* per EVP data */
-        int final_used;
-        int block_mask;
-        unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
-        } /* EVP_CIPHER_CTX */;
-
-typedef struct evp_Encode_Ctx_st
-        {
-        int num;        /* number saved in a partial encode/decode */
-        int length;     /* The length is either the output line length
-                         * (in input bytes) or the shortest input line
-                         * length that is ok.  Once decoding begins,
-                         * the length is adjusted up each time a longer
-                         * line is decoded */
-        unsigned char enc_data[80];     /* data to encode */
-        int line_num;   /* number read on current line */
-        int expect_nl;
-        } EVP_ENCODE_CTX;
-
-/* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                const EVP_MD *md, int en_de);
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
-                                        (char *)(rsa))
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
-                                        (char *)(dsa))
-#endif
-
-#ifndef OPENSSL_NO_DH
-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
-                                        (char *)(dh))
-#endif
-
-/* Add some extra combinations */
-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
-#define EVP_MD_type(e)                  ((e)->type)
-#define EVP_MD_nid(e)                   EVP_MD_type(e)
-#define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
-#define EVP_MD_pkey_type(e)             ((e)->pkey_type)
-#define EVP_MD_size(e)                  ((e)->md_size)
-#define EVP_MD_block_size(e)            ((e)->block_size)
-
-#define EVP_MD_CTX_md(e)                ((e)->digest)
-#define EVP_MD_CTX_size(e)              EVP_MD_size((e)->digest)
-#define EVP_MD_CTX_block_size(e)        EVP_MD_block_size((e)->digest)
-#define EVP_MD_CTX_type(e)              EVP_MD_type((e)->digest)
-
-#define EVP_CIPHER_nid(e)               ((e)->nid)
-#define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
-#define EVP_CIPHER_block_size(e)        ((e)->block_size)
-#define EVP_CIPHER_key_length(e)        ((e)->key_len)
-#define EVP_CIPHER_iv_length(e)         ((e)->iv_len)
-#define EVP_CIPHER_flags(e)             ((e)->flags)
-#define EVP_CIPHER_mode(e)              (((e)->flags) & EVP_CIPH_MODE)
-
-#define EVP_CIPHER_CTX_cipher(e)        ((e)->cipher)
-#define EVP_CIPHER_CTX_nid(e)           ((e)->cipher->nid)
-#define EVP_CIPHER_CTX_block_size(e)    ((e)->cipher->block_size)
-#define EVP_CIPHER_CTX_key_length(e)    ((e)->key_len)
-#define EVP_CIPHER_CTX_iv_length(e)     ((e)->cipher->iv_len)
-#define EVP_CIPHER_CTX_get_app_data(e)  ((e)->app_data)
-#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
-#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-#define EVP_CIPHER_CTX_flags(e)         ((e)->cipher->flags)
-#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-#define EVP_CIPHER_CTX_mode(e)          ((e)->cipher->flags & EVP_CIPH_MODE)
-
-#define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
-#define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
-
-#define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
-#define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
-#define EVP_VerifyInit_ex(a,b,c)        EVP_DigestInit_ex(a,b,c)
-#define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
-#define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
-#define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
-#define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)    
-
-#ifdef CONST_STRICT
-void BIO_set_md(BIO *,const EVP_MD *md);
-#else
-# define BIO_set_md(b,md)               BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
-#endif
-#define BIO_get_md(b,mdp)               BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-#define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-#define BIO_get_cipher_ctx(b,c_pp)      BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-#define EVP_Cipher(c,o,i,l)     (c)->cipher->do_cipher((c),(o),(i),(l))
-
-#define EVP_add_cipher_alias(n,alias) \
-        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_add_digest_alias(n,alias) \
-        OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_delete_cipher_alias(alias) \
-        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
-#define EVP_delete_digest_alias(alias) \
-        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-
-void    EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void    EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int     EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
-                         unsigned int cnt);
-int     EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int     EVP_Digest(void *data, unsigned int count,
-                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-int     EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-
-int     EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
-void    EVP_set_pw_prompt(char *prompt);
-char *  EVP_get_pw_prompt(void);
-
-int     EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
-                const unsigned char *salt, const unsigned char *data,
-                int datal, int count, unsigned char *key,unsigned char *iv);
-
-int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-                const unsigned char *key, const unsigned char *iv);
-int     EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-                const unsigned char *key, const unsigned char *iv);
-int     EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                int *outl, const unsigned char *in, int inl);
-int     EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int     EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int     EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-                const unsigned char *key, const unsigned char *iv);
-int     EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-                const unsigned char *key, const unsigned char *iv);
-int     EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                int *outl, const unsigned char *in, int inl);
-int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int     EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int     EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-                       const unsigned char *key,const unsigned char *iv,
-                       int enc);
-int     EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-                       const unsigned char *key,const unsigned char *iv,
-                       int enc);
-int     EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                int *outl, const unsigned char *in, int inl);
-int     EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int     EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int     EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
-                EVP_PKEY *pkey);
-
-int     EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
-                unsigned int siglen,EVP_PKEY *pkey);
-
-int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
-                int ekl,unsigned char *iv,EVP_PKEY *priv);
-int     EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-int     EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
-                int *outl,unsigned char *in,int inl);
-void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int     EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-                unsigned char *in, int inl);
-int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-                char *out, int *outl);
-int     EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
-        unsigned char *i, int enc);
-#endif
-
-const EVP_MD *EVP_md_null(void);
-#ifndef OPENSSL_NO_MD2
-const EVP_MD *EVP_md2(void);
-#endif
-#ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-#endif
-#ifndef OPENSSL_NO_MD5
-const EVP_MD *EVP_md5(void);
-#endif
-#ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-#ifdef OPENSSL_FIPS
-#ifndef OPENSSL_NO_SHA256
-const EVP_MD *EVP_sha224(void);
-const EVP_MD *EVP_sha256(void);
-#endif
-#ifndef OPENSSL_NO_SHA512
-const EVP_MD *EVP_sha384(void);
-const EVP_MD *EVP_sha512(void);
-#endif
-#endif
-#endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-const EVP_MD *EVP_ripemd160(void);
-#endif
-const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
-#ifndef OPENSSL_NO_DES
-const EVP_CIPHER *EVP_des_ecb(void);
-const EVP_CIPHER *EVP_des_ede(void);
-const EVP_CIPHER *EVP_des_ede3(void);
-const EVP_CIPHER *EVP_des_ede_ecb(void);
-const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-#if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-const EVP_CIPHER *EVP_des_ofb(void);
-const EVP_CIPHER *EVP_des_ede_ofb(void);
-const EVP_CIPHER *EVP_des_ede3_ofb(void);
-const EVP_CIPHER *EVP_des_cbc(void);
-const EVP_CIPHER *EVP_des_ede_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_desx_cbc(void);
-/* This should now be supported through the dev_crypto ENGINE. But also, why are
- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
-#if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-#endif
-#endif
-#ifndef OPENSSL_NO_RC4
-const EVP_CIPHER *EVP_rc4(void);
-const EVP_CIPHER *EVP_rc4_40(void);
-#endif
-#ifndef OPENSSL_NO_IDEA
-const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
-const EVP_CIPHER *EVP_idea_ofb(void);
-const EVP_CIPHER *EVP_idea_cbc(void);
-#endif
-#ifndef OPENSSL_NO_RC2
-const EVP_CIPHER *EVP_rc2_ecb(void);
-const EVP_CIPHER *EVP_rc2_cbc(void);
-const EVP_CIPHER *EVP_rc2_40_cbc(void);
-const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
-const EVP_CIPHER *EVP_rc2_ofb(void);
-#endif
-#ifndef OPENSSL_NO_BF
-const EVP_CIPHER *EVP_bf_ecb(void);
-const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
-const EVP_CIPHER *EVP_bf_ofb(void);
-#endif
-#ifndef OPENSSL_NO_CAST
-const EVP_CIPHER *EVP_cast5_ecb(void);
-const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
-const EVP_CIPHER *EVP_cast5_ofb(void);
-#endif
-#ifndef OPENSSL_NO_RC5
-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-#endif
-#ifndef OPENSSL_NO_AES
-const EVP_CIPHER *EVP_aes_128_ecb(void);
-const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
-const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
-const EVP_CIPHER *EVP_aes_192_ecb(void);
-const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
-const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
-const EVP_CIPHER *EVP_aes_256_ecb(void);
-const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
-const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_256_ctr(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_ACSS
-const EVP_CIPHER *EVP_acss(void);
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-#ifdef OPENSSL_LOAD_CONF
-#define OpenSSL_add_all_algorithms() \
-                OPENSSL_add_all_algorithms_conf()
-#else
-#define OpenSSL_add_all_algorithms() \
-                OPENSSL_add_all_algorithms_noconf()
-#endif
-
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
-
-int EVP_add_cipher(const EVP_CIPHER *cipher);
-int EVP_add_digest(const EVP_MD *digest);
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
-
-int             EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
-                        int enc_key_len,EVP_PKEY *private_key);
-int             EVP_PKEY_encrypt(unsigned char *enc_key,
-                        unsigned char *key,int key_len,EVP_PKEY *pub_key);
-int             EVP_PKEY_type(int type);
-int             EVP_PKEY_bits(EVP_PKEY *pkey);
-int             EVP_PKEY_size(EVP_PKEY *pkey);
-int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
-
-#ifndef OPENSSL_NO_RSA
-struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DSA
-struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DH
-struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-#endif
-
-
-EVP_PKEY *      EVP_PKEY_new(void);
-void            EVP_PKEY_free(EVP_PKEY *pkey);
-EVP_PKEY *      d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
-                        long length);
-int             i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-
-EVP_PKEY *      d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
-                        long length);
-EVP_PKEY *      d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
-                        long length);
-int             i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
-int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
-
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
-/* calls methods */
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* These are used by EVP_CIPHER methods */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-
-/* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-                         int en_de);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-                           unsigned char *salt, int saltlen, int iter,
-                           int keylen, unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-                         int en_de);
-
-void PKCS5_PBE_add(void);
-
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-                    EVP_PBE_KEYGEN *keygen);
-void EVP_PBE_cleanup(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_AES_INIT_KEY                               129
-#define EVP_F_D2I_PKEY                                   100
-#define EVP_F_EVP_ADD_CIPHER                             130
-#define EVP_F_EVP_ADD_DIGEST                             131
-#define EVP_F_EVP_CIPHERINIT                             123
-#define EVP_F_EVP_CIPHER_CTX_CTRL                        124
-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
-#define EVP_F_EVP_DECRYPTFINAL                           101
-#define EVP_F_EVP_DIGESTINIT                             128
-#define EVP_F_EVP_ENCRYPTFINAL                           127
-#define EVP_F_EVP_GET_CIPHERBYNAME                       132
-#define EVP_F_EVP_GET_DIGESTBYNAME                       133
-#define EVP_F_EVP_MD_CTX_COPY                            110
-#define EVP_F_EVP_OPENINIT                               102
-#define EVP_F_EVP_PBE_ALG_ADD                            115
-#define EVP_F_EVP_PBE_CIPHERINIT                         116
-#define EVP_F_EVP_PKCS82PKEY                             111
-#define EVP_F_EVP_PKCS8_SET_BROKEN                       112
-#define EVP_F_EVP_PKEY2PKCS8                             113
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
-#define EVP_F_EVP_PKEY_DECRYPT                           104
-#define EVP_F_EVP_PKEY_ENCRYPT                           105
-#define EVP_F_EVP_PKEY_GET1_DH                           119
-#define EVP_F_EVP_PKEY_GET1_DSA                          120
-#define EVP_F_EVP_PKEY_GET1_RSA                          121
-#define EVP_F_EVP_PKEY_NEW                               106
-#define EVP_F_EVP_RIJNDAEL                               126
-#define EVP_F_EVP_SIGNFINAL                              107
-#define EVP_F_EVP_VERIFYFINAL                            108
-#define EVP_F_PKCS5_PBE_KEYIVGEN                         117
-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
-#define EVP_F_RC2_MAGIC_TO_METH                          109
-#define EVP_F_RC5_CTRL                                   125
-
-/* Reason codes. */
-#define EVP_R_AES_KEY_SETUP_FAILED                       140
-#define EVP_R_BAD_BLOCK_LENGTH                           136
-#define EVP_R_BAD_DECRYPT                                100
-#define EVP_R_BAD_KEY_LENGTH                             137
-#define EVP_R_BN_DECODE_ERROR                            112
-#define EVP_R_BN_PUBKEY_ERROR                            113
-#define EVP_R_CIPHER_PARAMETER_ERROR                     122
-#define EVP_R_CTRL_NOT_IMPLEMENTED                       132
-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
-#define EVP_R_DECODE_ERROR                               114
-#define EVP_R_DIFFERENT_KEY_TYPES                        101
-#define EVP_R_DISABLED_FOR_FIPS                          141
-#define EVP_R_ENCODE_ERROR                               115
-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
-#define EVP_R_EXPECTING_AN_RSA_KEY                       127
-#define EVP_R_EXPECTING_A_DH_KEY                         128
-#define EVP_R_EXPECTING_A_DSA_KEY                        129
-#define EVP_R_INITIALIZATION_ERROR                       134
-#define EVP_R_INPUT_NOT_INITIALIZED                      111
-#define EVP_R_INVALID_KEY_LENGTH                         130
-#define EVP_R_IV_TOO_LARGE                               102
-#define EVP_R_KEYGEN_FAILURE                             120
-#define EVP_R_MISSING_PARAMETERS                         103
-#define EVP_R_NO_CIPHER_SET                              131
-#define EVP_R_NO_DIGEST_SET                              139
-#define EVP_R_NO_DSA_PARAMETERS                          116
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
-#define EVP_R_PUBLIC_KEY_NOT_RSA                         106
-#define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
-#define EVP_R_UNSUPPORTED_CIPHER                         107
-#define EVP_R_UNSUPPORTED_KEYLENGTH                      123
-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
-#define EVP_R_UNSUPPORTED_KEY_SIZE                       108
-#define EVP_R_UNSUPPORTED_PRF                            125
-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
-#define EVP_R_UNSUPPORTED_SALT_TYPE                      126
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
deleted file mode 100644
index f549eeb437..0000000000
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ /dev/null
@@ -1,592 +0,0 @@
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "evp_locl.h"
-
-const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
-        {
-        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
-        /* ctx->cipher=NULL; */
-        }
-
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-             const unsigned char *key, const unsigned char *iv, int enc)
-        {
-        if (cipher)
-                EVP_CIPHER_CTX_init(ctx);
-        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
-        }
-
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-            const unsigned char *iv, int enc)
-        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-
-int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                 const unsigned char *in, unsigned int inl)
-        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-
-/* NB: no cleanup because it is allowed after failed init */
-
-int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
-        {
-        0,
-        0,
-        0,
-        0,
-        0,
-        bad_init,
-        bad_do_cipher,
-        NULL,
-        0,
-        bad_set_asn1,
-        bad_get_asn1,
-        bad_ctrl,
-        NULL
-        };
-
-#endif
-
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-             const unsigned char *key, const unsigned char *iv, int enc)
-        {
-        if (enc == -1)
-                enc = ctx->encrypt;
-        else
-                {
-                if (enc)
-                        enc = 1;
-                ctx->encrypt = enc;
-                }
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unecessary. */
-        if (ctx->engine && ctx->cipher && (!cipher ||
-                        (cipher && (cipher->nid == ctx->cipher->nid))))
-                goto skip_to_init;
-#endif
-        if (cipher)
-                {
-                /* Ensure a context left lying around from last time is cleared
-                 * (the previous check attempted to avoid this if the same
-                 * ENGINE and EVP_CIPHER could be used). */
-                EVP_CIPHER_CTX_cleanup(ctx);
-
-                /* Restore encrypt field: it is zeroed by cleanup */
-                ctx->encrypt = enc;
-#ifndef OPENSSL_NO_ENGINE
-                if(impl)
-                        {
-                        if (!ENGINE_init(impl))
-                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                                }
-                        }
-                else
-                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_cipher_engine(cipher->nid);
-                if(impl)
-                        {
-                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
-                        if(!c)
-                                {
-                                /* One positive side-effect of US's export
-                                 * control history, is that we should at least
-                                 * be able to avoid using US mispellings of
-                                 * "initialisation"? */
-                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                                }
-                        /* We'll use the ENGINE's private cipher definition */
-                        cipher = c;
-                        /* Store the ENGINE functional reference so we know
-                         * 'cipher' came from an ENGINE and we need to release
-                         * it when done. */
-                        ctx->engine = impl;
-                        }
-                else
-                        ctx->engine = NULL;
-#endif
-                ctx->cipher=cipher;
-                if (ctx->cipher->ctx_size)
-                        {
-                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
-                        if (!ctx->cipher_data)
-                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
-                                return 0;
-                                }
-                        }
-                else
-                        {
-                        ctx->cipher_data = NULL;
-                        }
-                ctx->key_len = cipher->key_len;
-                ctx->flags = 0;
-                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
-                        {
-                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
-                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                                }
-                        }
-                }
-        else if(!ctx->cipher)
-                {
-                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
-                return 0;
-                }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
-        /* we assume block size is a power of 2 in *cryptUpdate */
-        OPENSSL_assert(ctx->cipher->block_size == 1
-            || ctx->cipher->block_size == 8
-            || ctx->cipher->block_size == 16);
-
-        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
-                switch(EVP_CIPHER_CTX_mode(ctx)) {
-
-                        case EVP_CIPH_STREAM_CIPHER:
-                        case EVP_CIPH_ECB_MODE:
-                        break;
-
-                        case EVP_CIPH_CFB_MODE:
-                        case EVP_CIPH_OFB_MODE:
-
-                        ctx->num = 0;
-
-                        case EVP_CIPH_CBC_MODE:
-
-                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
-                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-                        break;
-
-                        default:
-                        return 0;
-                        break;
-                }
-        }
-
-#ifdef OPENSSL_FIPS
-        /* After 'key' is set no further parameters changes are permissible.
-         * So only check for non FIPS enabling at this point.
-         */
-        if (key && FIPS_mode())
-                {
-                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                        {
-                        EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
-                        ERR_add_error_data(2, "cipher=",
-                                                EVP_CIPHER_name(ctx->cipher));
-                        ctx->cipher = &bad_cipher;
-                        return 0;
-                        }
-                }
-#endif
-
-        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
-                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
-        }
-        ctx->buf_len=0;
-        ctx->final_used=0;
-        ctx->block_mask=ctx->cipher->block_size-1;
-        return 1;
-        }
-
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-             const unsigned char *in, int inl)
-        {
-        if (ctx->encrypt)
-                return EVP_EncryptUpdate(ctx,out,outl,in,inl);
-        else    return EVP_DecryptUpdate(ctx,out,outl,in,inl);
-        }
-
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        if (ctx->encrypt)
-                return EVP_EncryptFinal_ex(ctx,out,outl);
-        else    return EVP_DecryptFinal_ex(ctx,out,outl);
-        }
-
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        if (ctx->encrypt)
-                return EVP_EncryptFinal(ctx,out,outl);
-        else    return EVP_DecryptFinal(ctx,out,outl);
-        }
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-             const unsigned char *key, const unsigned char *iv)
-        {
-        return EVP_CipherInit(ctx, cipher, key, iv, 1);
-        }
-
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-                const unsigned char *key, const unsigned char *iv)
-        {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
-        }
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-             const unsigned char *key, const unsigned char *iv)
-        {
-        return EVP_CipherInit(ctx, cipher, key, iv, 0);
-        }
-
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-             const unsigned char *key, const unsigned char *iv)
-        {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
-        }
-
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-             const unsigned char *in, int inl)
-        {
-        int i,j,bl;
-
-        OPENSSL_assert(inl > 0);
-        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
-                {
-                if(ctx->cipher->do_cipher(ctx,out,in,inl))
-                        {
-                        *outl=inl;
-                        return 1;
-                        }
-                else
-                        {
-                        *outl=0;
-                        return 0;
-                        }
-                }
-        i=ctx->buf_len;
-        bl=ctx->cipher->block_size;
-        OPENSSL_assert(bl <= sizeof ctx->buf);
-        if (i != 0)
-                {
-                if (i+inl < bl)
-                        {
-                        memcpy(&(ctx->buf[i]),in,inl);
-                        ctx->buf_len+=inl;
-                        *outl=0;
-                        return 1;
-                        }
-                else
-                        {
-                        j=bl-i;
-                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
-                        inl-=j;
-                        in+=j;
-                        out+=bl;
-                        *outl=bl;
-                        }
-                }
-        else
-                *outl = 0;
-        i=inl&(bl-1);
-        inl-=i;
-        if (inl > 0)
-                {
-                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
-                *outl+=inl;
-                }
-
-        if (i != 0)
-                memcpy(ctx->buf,&(in[inl]),i);
-        ctx->buf_len=i;
-        return 1;
-        }
-
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int ret;
-        ret = EVP_EncryptFinal_ex(ctx, out, outl);
-        return ret;
-        }
-
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int i,n,b,bl,ret;
-
-        b=ctx->cipher->block_size;
-        OPENSSL_assert(b <= sizeof ctx->buf);
-        if (b == 1)
-                {
-                *outl=0;
-                return 1;
-                }
-        bl=ctx->buf_len;
-        if (ctx->flags & EVP_CIPH_NO_PADDING)
-                {
-                if(bl)
-                        {
-                        EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-                        return 0;
-                        }
-                *outl = 0;
-                return 1;
-                }
-
-        n=b-bl;
-        for (i=bl; i<b; i++)
-                ctx->buf[i]=n;
-        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
-
-
-        if(ret)
-                *outl=b;
-
-        return ret;
-        }
-
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-             const unsigned char *in, int inl)
-        {
-        int b, fix_len;
-
-        if (inl == 0)
-                {
-                *outl=0;
-                return 1;
-                }
-
-        if (ctx->flags & EVP_CIPH_NO_PADDING)
-                return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-
-        b=ctx->cipher->block_size;
-        OPENSSL_assert(b <= sizeof ctx->final);
-
-        if(ctx->final_used)
-                {
-                memcpy(out,ctx->final,b);
-                out+=b;
-                fix_len = 1;
-                }
-        else
-                fix_len = 0;
-
-
-        if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
-                return 0;
-
-        /* if we have 'decrypted' a multiple of block size, make sure
-         * we have a copy of this last block */
-        if (b > 1 && !ctx->buf_len)
-                {
-                *outl-=b;
-                ctx->final_used=1;
-                memcpy(ctx->final,&out[*outl],b);
-                }
-        else
-                ctx->final_used = 0;
-
-        if (fix_len)
-                *outl += b;
-                
-        return 1;
-        }
-
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int ret;
-        ret = EVP_DecryptFinal_ex(ctx, out, outl);
-        return ret;
-        }
-
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int i,b;
-        int n;
-
-        *outl=0;
-        b=ctx->cipher->block_size;
-        if (ctx->flags & EVP_CIPH_NO_PADDING)
-                {
-                if(ctx->buf_len)
-                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-                        return 0;
-                        }
-                *outl = 0;
-                return 1;
-                }
-        if (b > 1)
-                {
-                if (ctx->buf_len || !ctx->final_used)
-                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-                        return(0);
-                        }
-                OPENSSL_assert(b <= sizeof ctx->final);
-                n=ctx->final[b-1];
-                if (n > b)
-                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
-                        return(0);
-                        }
-                for (i=0; i<n; i++)
-                        {
-                        if (ctx->final[--b] != n)
-                                {
-                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
-                                return(0);
-                                }
-                        }
-                n=ctx->cipher->block_size-n;
-                for (i=0; i<n; i++)
-                        out[i]=ctx->final[i];
-                *outl=n;
-                }
-        else
-                *outl=0;
-        return(1);
-        }
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-        {
-        if (c->cipher != NULL)
-                {
-                if(c->cipher->cleanup && !c->cipher->cleanup(c))
-                        return 0;
-                /* Cleanse cipher context data */
-                if (c->cipher_data)
-                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-                }
-        if (c->cipher_data)
-                OPENSSL_free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
-        if (c->engine)
-                /* The EVP_CIPHER we used belongs to an ENGINE, release the
-                 * functional reference we held for this reason. */
-                ENGINE_finish(c->engine);
-#endif
-        memset(c,0,sizeof(EVP_CIPHER_CTX));
-        return 1;
-        }
-
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
-        {
-        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
-                return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
-        if(c->key_len == keylen) return 1;
-        if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
-                {
-                c->key_len = keylen;
-                return 1;
-                }
-        EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
-        return 0;
-        }
-
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
-        {
-        if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
-        else ctx->flags |= EVP_CIPH_NO_PADDING;
-        return 1;
-        }
-
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
-        int ret;
-        if(!ctx->cipher) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
-                return 0;
-        }
-
-        if(!ctx->cipher->ctrl) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
-                return 0;
-        }
-
-        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
-        if(ret == -1) {
-                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
-                return 0;
-        }
-        return ret;
-}
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
deleted file mode 100644
index 77eee070d3..0000000000
--- a/src/lib/libcrypto/evp/evp_err.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/* crypto/evp/evp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[]=
-        {
-{ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
-{ERR_FUNC(EVP_F_EVP_ADD_CIPHER),        "EVP_add_cipher"},
-{ERR_FUNC(EVP_F_EVP_ADD_DIGEST),        "EVP_add_digest"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT),        "EVP_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),   "EVP_CIPHER_CTX_ctrl"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL),      "EVP_DecryptFinal"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT),        "EVP_DigestInit"},
-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL),      "EVP_EncryptFinal"},
-{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME),  "EVP_get_cipherbyname"},
-{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME),  "EVP_get_digestbyname"},
-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY),       "EVP_MD_CTX_copy"},
-{ERR_FUNC(EVP_F_EVP_OPENINIT),  "EVP_OpenInit"},
-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),       "EVP_PBE_alg_add"},
-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),    "EVP_PBE_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY),        "EVP_PKCS82PKEY"},
-{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN),  "EVP_PKCS8_SET_BROKEN"},
-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8),        "EVP_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),      "EVP_PKEY_copy_parameters"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),      "EVP_PKEY_decrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),      "EVP_PKEY_encrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),      "EVP_PKEY_get1_DH"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),     "EVP_PKEY_get1_DSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),     "EVP_PKEY_get1_RSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_NEW),  "EVP_PKEY_new"},
-{ERR_FUNC(EVP_F_EVP_RIJNDAEL),  "EVP_RIJNDAEL"},
-{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL),       "EVP_VerifyFinal"},
-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),    "PKCS5_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),     "RC2_MAGIC_TO_METH"},
-{ERR_FUNC(EVP_F_RC5_CTRL),      "RC5_CTRL"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA EVP_str_reasons[]=
-        {
-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},
-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},
-{ERR_REASON(EVP_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
-{ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
-{ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
-{ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
-{ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
-{ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
-{ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
-{ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},
-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE)  ,"unsupported key size"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRF)       ,"unsupported prf"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_EVP_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,EVP_str_functs);
-                ERR_load_strings(0,EVP_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
deleted file mode 100644
index f8650d5df6..0000000000
--- a/src/lib/libcrypto/evp/evp_key.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* crypto/evp/evp_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/ui.h>
-
-/* should be init to zeros. */
-static char prompt_string[80];
-
-void EVP_set_pw_prompt(char *prompt)
-        {
-        if (prompt == NULL)
-                prompt_string[0]='\0';
-        else
-                {
-                strncpy(prompt_string,prompt,79);
-                prompt_string[79]='\0';
-                }
-        }
-
-char *EVP_get_pw_prompt(void)
-        {
-        if (prompt_string[0] == '\0')
-                return(NULL);
-        else
-                return(prompt_string);
-        }
-
-/* For historical reasons, the standard function for reading passwords is
- * in the DES library -- if someone ever wants to disable DES,
- * this function will fail */
-int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
-        {
-        int ret;
-        char buff[BUFSIZ];
-        UI *ui;
-
-        if ((prompt == NULL) && (prompt_string[0] != '\0'))
-                prompt=prompt_string;
-        ui = UI_new();
-        UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
-        if (verify)
-                UI_add_verify_string(ui,prompt,0,
-                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
-        ret = UI_process(ui);
-        UI_free(ui);
-        OPENSSL_cleanse(buff,BUFSIZ);
-        return ret;
-        }
-
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
-             const unsigned char *salt, const unsigned char *data, int datal,
-             int count, unsigned char *key, unsigned char *iv)
-        {
-        EVP_MD_CTX c;
-        unsigned char md_buf[EVP_MAX_MD_SIZE];
-        int niv,nkey,addmd=0;
-        unsigned int mds=0,i;
-
-        nkey=type->key_len;
-        niv=type->iv_len;
-        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
-        OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
-
-        if (data == NULL) return(nkey);
-
-        EVP_MD_CTX_init(&c);
-        for (;;)
-                {
-                if (!EVP_DigestInit_ex(&c,md, NULL))
-                        return 0;
-                if (addmd++)
-                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-                EVP_DigestUpdate(&c,data,datal);
-                if (salt != NULL)
-                        EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-                EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
-
-                for (i=1; i<(unsigned int)count; i++)
-                        {
-                        EVP_DigestInit_ex(&c,md, NULL);
-                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-                        EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
-                        }
-                i=0;
-                if (nkey)
-                        {
-                        for (;;)
-                                {
-                                if (nkey == 0) break;
-                                if (i == mds) break;
-                                if (key != NULL)
-                                        *(key++)=md_buf[i];
-                                nkey--;
-                                i++;
-                                }
-                        }
-                if (niv && (i != mds))
-                        {
-                        for (;;)
-                                {
-                                if (niv == 0) break;
-                                if (i == mds) break;
-                                if (iv != NULL)
-                                        *(iv++)=md_buf[i];
-                                niv--;
-                                i++;
-                                }
-                        }
-                if ((nkey == 0) && (niv == 0)) break;
-                }
-        EVP_MD_CTX_cleanup(&c);
-        OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
-        return(type->key_len);
-        }
-
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
deleted file mode 100644
index a63ba19317..0000000000
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/* crypto/evp/evp_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        int ret;
-
-        if (c->cipher->set_asn1_parameters != NULL)
-                ret=c->cipher->set_asn1_parameters(c,type);
-        else
-                return -1;
-        return(ret);
-        }
-
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        int ret;
-
-        if (c->cipher->get_asn1_parameters != NULL)
-                ret=c->cipher->get_asn1_parameters(c,type);
-        else
-                return -1;
-        return(ret);
-        }
-
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        int i=0,l;
-
-        if (type != NULL) 
-                {
-                l=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(l <= sizeof c->iv);
-                i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
-                if (i != l)
-                        return(-1);
-                else if (i > 0)
-                        memcpy(c->iv,c->oiv,l);
-                }
-        return(i);
-        }
-
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-        {
-        int i=0,j;
-
-        if (type != NULL)
-                {
-                j=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(j <= sizeof c->iv);
-                i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
-                }
-        return(i);
-        }
-
-/* Convert the various cipher NIDs and dummies to a proper OID NID */
-int EVP_CIPHER_type(const EVP_CIPHER *ctx)
-{
-        int nid;
-        ASN1_OBJECT *otmp;
-        nid = EVP_CIPHER_nid(ctx);
-
-        switch(nid) {
-
-                case NID_rc2_cbc:
-                case NID_rc2_64_cbc:
-                case NID_rc2_40_cbc:
-
-                return NID_rc2_cbc;
-
-                case NID_rc4:
-                case NID_rc4_40:
-
-                return NID_rc4;
-
-                case NID_aes_128_cfb128:
-                case NID_aes_128_cfb8:
-                case NID_aes_128_cfb1:
-
-                return NID_aes_128_cfb128;
-
-                case NID_aes_192_cfb128:
-                case NID_aes_192_cfb8:
-                case NID_aes_192_cfb1:
-
-                return NID_aes_192_cfb128;
-
-                case NID_aes_256_cfb128:
-                case NID_aes_256_cfb8:
-                case NID_aes_256_cfb1:
-
-                return NID_aes_256_cfb128;
-
-                case NID_des_cfb64:
-                case NID_des_cfb8:
-                case NID_des_cfb1:
-
-                return NID_des_cfb64;
-
-                default:
-                /* Check it has an OID and it is valid */
-                otmp = OBJ_nid2obj(nid);
-                if(!otmp || !otmp->data) nid = NID_undef;
-                ASN1_OBJECT_free(otmp);
-                return nid;
-        }
-}
-
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
deleted file mode 100644
index f8c5343620..0000000000
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ /dev/null
@@ -1,252 +0,0 @@
-/* evp_locl.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Macros to code block cipher wrappers */
-
-/* Wrapper functions for each cipher mode */
-
-#define BLOCK_CIPHER_ecb_loop() \
-        unsigned int i, bl; \
-        bl = ctx->cipher->block_size;\
-        if(inl < bl) return 1;\
-        inl -= bl; \
-        for(i=0; i <= inl; i+=bl) \
-
-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
-        BLOCK_CIPHER_ecb_loop() \
-                cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
-        cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
-        cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
-        cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
-        return 1;\
-}
-
-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
-
-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
-                          key_len, iv_len, flags, init_key, cleanup, \
-                          set_asn1, get_asn1, ctrl) \
-static const EVP_CIPHER cname##_##mode = { \
-        nid##_##nmode, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_##MODE##_MODE, \
-        init_key, \
-        cname##_##mode##_cipher, \
-        cleanup, \
-        sizeof(kstruct), \
-        set_asn1, get_asn1,\
-        ctrl, \
-        NULL \
-}; \
-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
-
-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
-                             iv_len, flags, init_key, cleanup, set_asn1, \
-                             get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
-                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
-                             iv_len, cbits, flags, init_key, cleanup, \
-                             set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
-                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-                  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
-                             iv_len, cbits, flags, init_key, cleanup, \
-                             set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
-                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-                  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
-                             iv_len, flags, init_key, cleanup, set_asn1, \
-                             get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
-                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-                          nid, block_size, key_len, iv_len, cbits, flags, \
-                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
-                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
-                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
-                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
-                     init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-
-/*
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-                                nid, block_size, key_len, iv_len, flags,\
-                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static const EVP_CIPHER cname##_cbc = {\
-        nid##_cbc, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_CBC_MODE,\
-        init_key,\
-        cname##_cbc_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl, \
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static const EVP_CIPHER cname##_cfb = {\
-        nid##_cfb64, 1, key_len, iv_len, \
-        flags | EVP_CIPH_CFB_MODE,\
-        init_key,\
-        cname##_cfb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static const EVP_CIPHER cname##_ofb = {\
-        nid##_ofb64, 1, key_len, iv_len, \
-        flags | EVP_CIPH_OFB_MODE,\
-        init_key,\
-        cname##_ofb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static const EVP_CIPHER cname##_ecb = {\
-        nid##_ecb, block_size, key_len, iv_len, \
-        flags | EVP_CIPH_ECB_MODE,\
-        init_key,\
-        cname##_ecb_cipher,\
-        cleanup,\
-        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-        set_asn1, get_asn1,\
-        ctrl,\
-        NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-*/
-
-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
-                               block_size, key_len, iv_len, cbits, \
-                               flags, init_key, \
-                               cleanup, set_asn1, get_asn1, ctrl) \
-        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
-                          cbits, flags, init_key, cleanup, set_asn1, \
-                          get_asn1, ctrl)
-
-#define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
-
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
-        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
-        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
-                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-                             flags, cipher##_init_key, NULL, \
-                             EVP_CIPHER_set_asn1_iv, \
-                             EVP_CIPHER_get_asn1_iv, \
-                             NULL)
-
-#ifdef OPENSSL_FIPS
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
-#define CAST_set_key    private_CAST_set_key
-#define RC5_32_set_key  private_RC5_32_set_key
-#define BF_set_key      private_BF_set_key
-#define idea_set_encrypt_key private_idea_set_encrypt_key
-
-#define MD5_Init        private_MD5_Init
-#define MD4_Init        private_MD4_Init
-#define MD2_Init        private_MD2_Init
-#define MDC2_Init       private_MDC2_Init
-#define SHA_Init        private_SHA_Init
-
-#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
deleted file mode 100644
index 91e545a141..0000000000
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/* evp_pbe.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* Password based encryption (PBE) functions */
-
-static STACK *pbe_algs;
-
-/* Setup a cipher context from a PBE algorithm */
-
-typedef struct {
-int pbe_nid;
-const EVP_CIPHER *cipher;
-const EVP_MD *md;
-EVP_PBE_KEYGEN *keygen;
-} EVP_PBE_CTL;
-
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
-{
-
-        EVP_PBE_CTL *pbetmp, pbelu;
-        int i;
-        pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
-        if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
-        else i = -1;
-
-        if (i == -1) {
-                char obj_tmp[80];
-                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
-                if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                return 0;
-        }
-        if(!pass) passlen = 0;
-        else if (passlen == -1) passlen = strlen(pass);
-        pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
-        i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
-                                                 pbetmp->md, en_de);
-        if (!i) {
-                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
-                return 0;
-        }
-        return 1;       
-}
-
-static int pbe_cmp(const char * const *a, const char * const *b)
-{
-        EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a,  **pbe2 = (EVP_PBE_CTL **)b;
-        return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
-}
-
-/* Add a PBE algorithm */
-
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-             EVP_PBE_KEYGEN *keygen)
-{
-        EVP_PBE_CTL *pbe_tmp;
-        if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
-        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
-                EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        pbe_tmp->pbe_nid = nid;
-        pbe_tmp->cipher = cipher;
-        pbe_tmp->md = md;
-        pbe_tmp->keygen = keygen;
-        sk_push (pbe_algs, (char *)pbe_tmp);
-        return 1;
-}
-
-void EVP_PBE_cleanup(void)
-{
-        sk_pop_free(pbe_algs, OPENSSL_freeFunc);
-        pbe_algs = NULL;
-}
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
deleted file mode 100644
index 47a69932a5..0000000000
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ /dev/null
@@ -1,468 +0,0 @@
-/* evp_pkey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-
-/* Extract a private key from a PKCS8 structure */
-
-EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
-{
-        EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa = NULL;
-        ASN1_INTEGER *privkey;
-        ASN1_TYPE *t1, *t2, *param = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        BN_CTX *ctx = NULL;
-        int plen;
-#endif
-        X509_ALGOR *a;
-        unsigned char *p;
-        const unsigned char *cp;
-        int pkeylen;
-        char obj_tmp[80];
-
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-                p8->broken = PKCS8_OK;
-                p = p8->pkey->value.octet_string->data;
-                pkeylen = p8->pkey->value.octet_string->length;
-        } else {
-                p8->broken = PKCS8_NO_OCTET;
-                p = p8->pkey->value.sequence->data;
-                pkeylen = p8->pkey->value.sequence->length;
-        }
-        if (!(pkey = EVP_PKEY_new())) {
-                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        a = p8->pkeyalg;
-        switch (OBJ_obj2nid(a->algorithm))
-        {
-#ifndef OPENSSL_NO_RSA
-                case NID_rsaEncryption:
-                cp = p;
-                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
-                }
-                EVP_PKEY_assign_RSA (pkey, rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case NID_dsa:
-                /* PKCS#8 DSA is weird: you just get a private key integer
-                 * and parameters in the AlgorithmIdentifier the pubkey must
-                 * be recalculated.
-                 */
-        
-                /* Check for broken DSA PKCS#8, UGH! */
-                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                                          d2i_ASN1_TYPE,
-                                                          ASN1_TYPE_free))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    /* Handle Two broken types:
-                     * SEQUENCE {parameters, priv_key}
-                     * SEQUENCE {pub_key, priv_key}
-                     */
-
-                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-                    if(t1->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_EMBEDDED_PARAM;
-                        param = t1;
-                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_NS_DB;
-                        param = a->parameter;
-                    } else {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-
-                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    privkey = t2->value.integer;
-                } else {
-                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                                goto dsaerr;
-                        }
-                        param = p8->pkeyalg->parameter;
-                }
-                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                cp = p = param->value.sequence->data;
-                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* Calculate public key (ouch!) */
-                if (!(dsa->pub_key = BN_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                if (!(ctx = BN_CTX_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                        
-                if (!BN_mod_exp(dsa->pub_key, dsa->g,
-                                                 dsa->priv_key, dsa->p, ctx)) {
-                        
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        goto dsaerr;
-                }
-
-                EVP_PKEY_assign_DSA(pkey, dsa);
-                BN_CTX_free (ctx);
-                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                else ASN1_INTEGER_free(privkey);
-                break;
-                dsaerr:
-                BN_CTX_free (ctx);
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                DSA_free(dsa);
-                EVP_PKEY_free(pkey);
-                return NULL;
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                EVP_PKEY_free (pkey);
-                return NULL;
-        }
-        return pkey;
-}
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
-        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-
-/* Turn a private key into a PKCS8 structure */
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
-{
-        PKCS8_PRIV_KEY_INFO *p8;
-
-        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        p8->broken = broken;
-        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
-        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
-                case EVP_PKEY_RSA:
-
-                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
-
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case EVP_PKEY_DSA:
-                if(!dsa_pkey2pkcs8(p8, pkey)) {
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        RAND_add(p8->pkey->value.octet_string->data,
-                 p8->pkey->value.octet_string->length, 0);
-        return p8;
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
-        switch (broken) {
-
-                case PKCS8_OK:
-                p8->broken = PKCS8_OK;
-                return p8;
-                break;
-
-                case PKCS8_NO_OCTET:
-                p8->broken = PKCS8_NO_OCTET;
-                p8->pkey->type = V_ASN1_SEQUENCE;
-                return p8;
-                break;
-
-                default:
-                EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-                return NULL;
-                break;
-                
-        }
-}
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        ASN1_STRING *params = NULL;
-        ASN1_INTEGER *prkey = NULL;
-        ASN1_TYPE *ttmp = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        unsigned char *p = NULL, *q;
-        int len;
-
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        q = p;
-        i2d_DSAparams (pkey->pkey.dsa, &q);
-        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        OPENSSL_free(p);
-        p = NULL;
-        /* Get private key into integer */
-        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                goto err;
-        }
-
-        switch(p8->broken) {
-
-                case PKCS8_OK:
-                case PKCS8_NO_OCTET:
-
-                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-
-                M_ASN1_INTEGER_free (prkey);
-                prkey = NULL;
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-
-                break;
-
-                case PKCS8_NS_DB:
-
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp->value.integer =
-                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        goto err;
-                }
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-
-                case PKCS8_EMBEDDED_PARAM:
-
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.sequence = params;
-                params = NULL;
-                ttmp->type = V_ASN1_SEQUENCE;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-        }
-        return 1;
-err:
-        if (p != NULL) OPENSSL_free(p);
-        if (params != NULL) ASN1_STRING_free(params);
-        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-        return 0;
-}
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
deleted file mode 100644
index d393eb3400..0000000000
--- a/src/lib/libcrypto/evp/m_dss.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/evp/m_dss.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_SHA
-static int init(EVP_MD_CTX *ctx)
-        { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dsa_md=
-        {
-        NID_dsaWithSHA,
-        NID_dsaWithSHA,
-        SHA_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_DSA_method,
-        SHA_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA_CTX),
-        };
-
-const EVP_MD *EVP_dss(void)
-        {
-        return(&dsa_md);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
deleted file mode 100644
index 23b90d0538..0000000000
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/evp/m_dss1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SHA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-#ifndef OPENSSL_FIPS
-        { return SHA1_Update(ctx->md_data,data,count); }
-#else
-        {
-        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
-        return SHA1_Update(ctx->md_data,data,count);
-        }
-#endif
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dss1_md=
-        {
-        NID_dsa,
-        NID_dsaWithSHA1,
-        SHA_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_DSA_method,
-        SHA_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA_CTX),
-        };
-
-const EVP_MD *EVP_dss1(void)
-        {
-        return(&dss1_md);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
deleted file mode 100644
index 0605e4b707..0000000000
--- a/src/lib/libcrypto/evp/m_md4.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/evp/m_md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_MD4
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md4.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return MD4_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return MD4_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return MD4_Final(md,ctx->md_data); }
-
-static const EVP_MD md4_md=
-        {
-        NID_md4,
-        NID_md4WithRSAEncryption,
-        MD4_DIGEST_LENGTH,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        MD4_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(MD4_CTX),
-        };
-
-const EVP_MD *EVP_md4(void)
-        {
-        return(&md4_md);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
deleted file mode 100644
index 752615d473..0000000000
--- a/src/lib/libcrypto/evp/m_md5.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/evp/m_md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_MD5
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return MD5_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return MD5_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return MD5_Final(md,ctx->md_data); }
-
-static const EVP_MD md5_md=
-        {
-        NID_md5,
-        NID_md5WithRSAEncryption,
-        MD5_DIGEST_LENGTH,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        MD5_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(MD5_CTX),
-        };
-
-const EVP_MD *EVP_md5(void)
-        {
-        return(&md5_md);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
deleted file mode 100644
index f6f0a1d2c0..0000000000
--- a/src/lib/libcrypto/evp/m_null.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/evp/m_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return 1; }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return 1; }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return 1; }
-
-static const EVP_MD null_md=
-        {
-        NID_undef,
-        NID_undef,
-        0,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_NULL_method,
-        0,
-        sizeof(EVP_MD *),
-        };
-
-const EVP_MD *EVP_md_null(void)
-        {
-        return(&null_md);
-        }
-
-
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
deleted file mode 100644
index 64725528dc..0000000000
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* crypto/evp/m_ripemd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RIPEMD
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/ripemd.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return RIPEMD160_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return RIPEMD160_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return RIPEMD160_Final(md,ctx->md_data); }
-
-static const EVP_MD ripemd160_md=
-        {
-        NID_ripemd160,
-        NID_ripemd160WithRSA,
-        RIPEMD160_DIGEST_LENGTH,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        RIPEMD160_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
-        };
-
-const EVP_MD *EVP_ripemd160(void)
-        {
-        return(&ripemd160_md);
-        }
-#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
deleted file mode 100644
index 60da93873c..0000000000
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/* crypto/evp/m_sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_SHA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
-        { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-#ifndef OPENSSL_FIPS
-        { return SHA1_Update(ctx->md_data,data,count); }
-#else
-        {
-        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
-        return SHA1_Update(ctx->md_data,data,count);
-        }
-#endif
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-        { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD sha1_md=
-        {
-        NID_sha1,
-        NID_sha1WithRSAEncryption,
-        SHA_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA_CTX),
-        };
-
-const EVP_MD *EVP_sha1(void)
-        {
-        return(&sha1_md);
-        }
-#endif
-
-#ifdef OPENSSL_FIPS
-#ifndef OPENSSL_NO_SHA256
-static int init224(EVP_MD_CTX *ctx)
-        { return SHA224_Init(ctx->md_data); }
-static int init256(EVP_MD_CTX *ctx)
-        { return SHA256_Init(ctx->md_data); }
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
-static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        {
-        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
-        return SHA256_Update(ctx->md_data,data,count);
-        }
-static int final256(EVP_MD_CTX *ctx,unsigned char *md)
-        { return SHA256_Final(md,ctx->md_data); }
-
-static const EVP_MD sha224_md=
-        {
-        NID_sha224,
-        NID_sha224WithRSAEncryption,
-        SHA224_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init224,
-        update256,
-        final256,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA256_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-        };
-
-const EVP_MD *EVP_sha224(void)
-        { return(&sha224_md); }
-
-static const EVP_MD sha256_md=
-        {
-        NID_sha256,
-        NID_sha256WithRSAEncryption,
-        SHA256_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init256,
-        update256,
-        final256,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA256_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-        };
-
-const EVP_MD *EVP_sha256(void)
-        { return(&sha256_md); }
-#endif /* ifndef OPENSSL_NO_SHA256 */
-
-#ifndef OPENSSL_NO_SHA512
-static int init384(EVP_MD_CTX *ctx)
-        { return SHA384_Init(ctx->md_data); }
-static int init512(EVP_MD_CTX *ctx)
-        { return SHA512_Init(ctx->md_data); }
-/* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        {
-        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
-        return SHA512_Update(ctx->md_data,data,count);
-        }
-static int final512(EVP_MD_CTX *ctx,unsigned char *md)
-        { return SHA512_Final(md,ctx->md_data); }
-
-static const EVP_MD sha384_md=
-        {
-        NID_sha384,
-        NID_sha384WithRSAEncryption,
-        SHA384_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init384,
-        update512,
-        final512,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA512_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-        };
-
-const EVP_MD *EVP_sha384(void)
-        { return(&sha384_md); }
-
-static const EVP_MD sha512_md=
-        {
-        NID_sha512,
-        NID_sha512WithRSAEncryption,
-        SHA512_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
-        init512,
-        update512,
-        final512,
-        NULL,
-        NULL,
-        EVP_PKEY_RSA_method,
-        SHA512_CBLOCK,
-        sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-        };
-
-const EVP_MD *EVP_sha512(void)
-        { return(&sha512_md); }
-#endif /* ifndef OPENSSL_NO_SHA512 */
-#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
deleted file mode 100644
index 7712453046..0000000000
--- a/src/lib/libcrypto/evp/names.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/* crypto/evp/names.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-int EVP_add_cipher(const EVP_CIPHER *c)
-        {
-        int r;
-
-        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
-        if (r == 0) return(0);
-        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
-        return(r);
-        }
-
-int EVP_add_digest(const EVP_MD *md)
-        {
-        int r;
-        const char *name;
-
-        name=OBJ_nid2sn(md->type);
-        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
-        if (r == 0) return(0);
-        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md);
-        if (r == 0) return(0);
-
-        if (md->type != md->pkey_type)
-                {
-                r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
-                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-                if (r == 0) return(0);
-                r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
-                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-                }
-        return(r);
-        }
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
-        {
-        const EVP_CIPHER *cp;
-
-        cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
-        return(cp);
-        }
-
-const EVP_MD *EVP_get_digestbyname(const char *name)
-        {
-        const EVP_MD *cp;
-
-        cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
-        return(cp);
-        }
-
-void EVP_cleanup(void)
-        {
-        OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
-        OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
-        /* The above calls will only clean out the contents of the name
-           hash table, but not the hash table itself.  The following line
-           does that part.  -- Richard Levitte */
-        OBJ_NAME_cleanup(-1);
-
-        EVP_PBE_cleanup();
-        }
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
deleted file mode 100644
index a1874e83b2..0000000000
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* p5_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-
-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
- */
-
-void PKCS5_PBE_add(void)
-{
-#ifndef OPENSSL_NO_DES
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_RC2
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_HMAC
-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
-#endif
-}
-
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-                         int en_de)
-{
-        EVP_MD_CTX ctx;
-        unsigned char md_tmp[EVP_MAX_MD_SIZE];
-        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-        int i;
-        PBEPARAM *pbe;
-        int saltlen, iter;
-        unsigned char *salt, *pbuf;
-
-        /* Extract useful info from parameter */
-        pbuf = param->value.sequence->data;
-        if (!param || (param->type != V_ASN1_SEQUENCE) ||
-           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                return 0;
-        }
-
-        if (!pbe->iter) iter = 1;
-        else iter = ASN1_INTEGER_get (pbe->iter);
-        salt = pbe->salt->data;
-        saltlen = pbe->salt->length;
-
-        if(!pass) passlen = 0;
-        else if(passlen == -1) passlen = strlen(pass);
-
-        EVP_MD_CTX_init(&ctx);
-        EVP_DigestInit_ex(&ctx, md, NULL);
-        EVP_DigestUpdate(&ctx, pass, passlen);
-        EVP_DigestUpdate(&ctx, salt, saltlen);
-        PBEPARAM_free(pbe);
-        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
-        for (i = 1; i < iter; i++) {
-                EVP_DigestInit_ex(&ctx, md, NULL);
-                EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
-                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
-        }
-        EVP_MD_CTX_cleanup(&ctx);
-        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
-        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
-        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-                                                 EVP_CIPHER_iv_length(cipher));
-        EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-        OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
-        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-        return 1;
-}
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
deleted file mode 100644
index 1d5fabc4b2..0000000000
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ /dev/null
@@ -1,256 +0,0 @@
-/* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-
-/* set this to print out info about the keygen algorithm */
-/* #define DEBUG_PKCS5V2 */
-
-#ifdef DEBUG_PKCS5V2
-        static void h__dump (const unsigned char *p, int len);
-#endif
-
-/* This is an implementation of PKCS#5 v2.0 password based encryption key
- * derivation function PBKDF2 using the only currently defined function HMAC
- * with SHA1. Verified against test vectors posted by Peter Gutmann
- * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
- */
-
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-                           unsigned char *salt, int saltlen, int iter,
-                           int keylen, unsigned char *out)
-{
-        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
-        int cplen, j, k, tkeylen;
-        unsigned long i = 1;
-        HMAC_CTX hctx;
-
-        HMAC_CTX_init(&hctx);
-        p = out;
-        tkeylen = keylen;
-        if(!pass) passlen = 0;
-        else if(passlen == -1) passlen = strlen(pass);
-        while(tkeylen) {
-                if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
-                else cplen = tkeylen;
-                /* We are unlikely to ever use more than 256 blocks (5120 bits!)
-                 * but just in case...
-                 */
-                itmp[0] = (unsigned char)((i >> 24) & 0xff);
-                itmp[1] = (unsigned char)((i >> 16) & 0xff);
-                itmp[2] = (unsigned char)((i >> 8) & 0xff);
-                itmp[3] = (unsigned char)(i & 0xff);
-                HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
-                HMAC_Update(&hctx, salt, saltlen);
-                HMAC_Update(&hctx, itmp, 4);
-                HMAC_Final(&hctx, digtmp, NULL);
-                memcpy(p, digtmp, cplen);
-                for(j = 1; j < iter; j++) {
-                        HMAC(EVP_sha1(), pass, passlen,
-                                 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
-                        for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
-                }
-                tkeylen-= cplen;
-                i++;
-                p+= cplen;
-        }
-        HMAC_CTX_cleanup(&hctx);
-#ifdef DEBUG_PKCS5V2
-        fprintf(stderr, "Password:\n");
-        h__dump (pass, passlen);
-        fprintf(stderr, "Salt:\n");
-        h__dump (salt, saltlen);
-        fprintf(stderr, "Iteration count %d\n", iter);
-        fprintf(stderr, "Key:\n");
-        h__dump (out, keylen);
-#endif
-        return 1;
-}
-
-#ifdef DO_TEST
-main()
-{
-        unsigned char out[4];
-        unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
-        PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
-        fprintf(stderr, "Out %02X %02X %02X %02X\n",
-                                         out[0], out[1], out[2], out[3]);
-}
-
-#endif
-
-/* Now the key derivation function itself. This is a bit evil because
- * it has to check the ASN1 parameters are valid: and there are quite a
- * few of them...
- */
-
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
-                         int en_de)
-{
-        unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
-        int saltlen, keylen, iter, plen;
-        PBE2PARAM *pbe2 = NULL;
-        const EVP_CIPHER *cipher;
-        PBKDF2PARAM *kdf = NULL;
-
-        pbuf = param->value.sequence->data;
-        plen = param->value.sequence->length;
-        if(!param || (param->type != V_ASN1_SEQUENCE) ||
-                                   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                return 0;
-        }
-
-        /* See if we recognise the key derivation function */
-
-        if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                                EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
-                goto err;
-        }
-
-        /* lets see if we recognise the encryption algorithm.
-         */
-
-        cipher = EVP_get_cipherbyname(
-                        OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
-
-        if(!cipher) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                                                EVP_R_UNSUPPORTED_CIPHER);
-                goto err;
-        }
-
-        /* Fixup cipher based on AlgorithmIdentifier */
-        EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
-        if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                                        EVP_R_CIPHER_PARAMETER_ERROR);
-                goto err;
-        }
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
-        OPENSSL_assert(keylen <= sizeof key);
-
-        /* Now decode key derivation function */
-
-        if(!pbe2->keyfunc->parameter ||
-                 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
-                {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                goto err;
-                }
-
-        pbuf = pbe2->keyfunc->parameter->value.sequence->data;
-        plen = pbe2->keyfunc->parameter->value.sequence->length;
-        if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                goto err;
-        }
-
-        PBE2PARAM_free(pbe2);
-        pbe2 = NULL;
-
-        /* Now check the parameters of the kdf */
-
-        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                                                EVP_R_UNSUPPORTED_KEYLENGTH);
-                goto err;
-        }
-
-        if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
-                goto err;
-        }
-
-        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-                                                EVP_R_UNSUPPORTED_SALT_TYPE);
-                goto err;
-        }
-
-        /* it seems that its all OK */
-        salt = kdf->salt->value.octet_string->data;
-        saltlen = kdf->salt->value.octet_string->length;
-        iter = ASN1_INTEGER_get(kdf->iter);
-        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
-        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-        OPENSSL_cleanse(key, keylen);
-        PBKDF2PARAM_free(kdf);
-        return 1;
-
-        err:
-        PBE2PARAM_free(pbe2);
-        PBKDF2PARAM_free(kdf);
-        return 0;
-}
-
-#ifdef DEBUG_PKCS5V2
-static void h__dump (const unsigned char *p, int len)
-{
-        for (; len --; p++) fprintf(stderr, "%02X ", *p);
-        fprintf(stderr, "\n");
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
deleted file mode 100644
index 8af620400e..0000000000
--- a/src/lib/libcrypto/evp/p_dec.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* crypto/evp/p_dec.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
-             EVP_PKEY *priv)
-        {
-        int ret= -1;
-        
-#ifndef OPENSSL_NO_RSA
-        if (priv->type != EVP_PKEY_RSA)
-                {
-#endif
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
-                goto err;
-                }
-
-        ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
deleted file mode 100644
index 656883b996..0000000000
--- a/src/lib/libcrypto/evp/p_enc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* crypto/evp/p_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
-             EVP_PKEY *pubk)
-        {
-        int ret=0;
-        
-#ifndef OPENSSL_NO_RSA
-        if (pubk->type != EVP_PKEY_RSA)
-                {
-#endif
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
-                goto err;
-                }
-        ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
deleted file mode 100644
index 215b94292a..0000000000
--- a/src/lib/libcrypto/evp/p_lib.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/* crypto/evp/p_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-static void EVP_PKEY_free_it(EVP_PKEY *x);
-
-int EVP_PKEY_bits(EVP_PKEY *pkey)
-        {
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA)
-                return(BN_num_bits(pkey->pkey.rsa->n));
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                return(BN_num_bits(pkey->pkey.dsa->p));
-#endif
-        return(0);
-        }
-
-int EVP_PKEY_size(EVP_PKEY *pkey)
-        {
-        if (pkey == NULL)
-                return(0);
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA)
-                return(RSA_size(pkey->pkey.rsa));
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                return(DSA_size(pkey->pkey.dsa));
-#endif
-        return(0);
-        }
-
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
-        {
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
-                {
-                int ret=pkey->save_parameters;
-
-                if (mode >= 0)
-                        pkey->save_parameters=mode;
-                return(ret);
-                }
-#endif
-        return(0);
-        }
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
-        {
-        if (to->type != from->type)
-                {
-                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
-                goto err;
-                }
-
-        if (EVP_PKEY_missing_parameters(from))
-                {
-                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
-                goto err;
-                }
-#ifndef OPENSSL_NO_DSA
-        if (to->type == EVP_PKEY_DSA)
-                {
-                BIGNUM *a;
-
-                if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
-                if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
-                to->pkey.dsa->p=a;
-
-                if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
-                if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
-                to->pkey.dsa->q=a;
-
-                if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
-                if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
-                to->pkey.dsa->g=a;
-                }
-#endif
-        return(1);
-err:
-        return(0);
-        }
-
-int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
-        {
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
-                {
-                DSA *dsa;
-
-                dsa=pkey->pkey.dsa;
-                if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-                        return(1);
-                }
-#endif
-        return(0);
-        }
-
-int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
-        {
-#ifndef OPENSSL_NO_DSA
-        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
-                {
-                if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
-                        BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
-                        BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
-                        return(0);
-                else
-                        return(1);
-                }
-#endif
-        return(-1);
-        }
-
-EVP_PKEY *EVP_PKEY_new(void)
-        {
-        EVP_PKEY *ret;
-
-        ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
-        if (ret == NULL)
-                {
-                EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        ret->type=EVP_PKEY_NONE;
-        ret->references=1;
-        ret->pkey.ptr=NULL;
-        ret->attributes=NULL;
-        ret->save_parameters=1;
-        return(ret);
-        }
-
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
-        {
-        if (pkey == NULL) return(0);
-        if (pkey->pkey.ptr != NULL)
-                EVP_PKEY_free_it(pkey);
-        pkey->type=EVP_PKEY_type(type);
-        pkey->save_type=type;
-        pkey->pkey.ptr=key;
-        return(key != NULL);
-        }
-
-#ifndef OPENSSL_NO_RSA
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
-{
-        int ret = EVP_PKEY_assign_RSA(pkey, key);
-        if(ret)
-                RSA_up_ref(key);
-        return ret;
-}
-
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
-        {
-        if(pkey->type != EVP_PKEY_RSA) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
-                return NULL;
-        }
-        RSA_up_ref(pkey->pkey.rsa);
-        return pkey->pkey.rsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
-{
-        int ret = EVP_PKEY_assign_DSA(pkey, key);
-        if(ret)
-                DSA_up_ref(key);
-        return ret;
-}
-
-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
-        {
-        if(pkey->type != EVP_PKEY_DSA) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
-                return NULL;
-        }
-        DSA_up_ref(pkey->pkey.dsa);
-        return pkey->pkey.dsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
-{
-        int ret = EVP_PKEY_assign_DH(pkey, key);
-        if(ret)
-                DH_up_ref(key);
-        return ret;
-}
-
-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
-        {
-        if(pkey->type != EVP_PKEY_DH) {
-                EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
-                return NULL;
-        }
-        DH_up_ref(pkey->pkey.dh);
-        return pkey->pkey.dh;
-}
-#endif
-
-int EVP_PKEY_type(int type)
-        {
-        switch (type)
-                {
-        case EVP_PKEY_RSA:
-        case EVP_PKEY_RSA2:
-                return(EVP_PKEY_RSA);
-        case EVP_PKEY_DSA:
-        case EVP_PKEY_DSA1:
-        case EVP_PKEY_DSA2:
-        case EVP_PKEY_DSA3:
-        case EVP_PKEY_DSA4:
-                return(EVP_PKEY_DSA);
-        case EVP_PKEY_DH:
-                return(EVP_PKEY_DH);
-        default:
-                return(NID_undef);
-                }
-        }
-
-void EVP_PKEY_free(EVP_PKEY *x)
-        {
-        int i;
-
-        if (x == NULL) return;
-
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-        REF_PRINT("EVP_PKEY",x);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
-                abort();
-                }
-#endif
-        EVP_PKEY_free_it(x);
-        OPENSSL_free(x);
-        }
-
-static void EVP_PKEY_free_it(EVP_PKEY *x)
-        {
-        switch (x->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-        case EVP_PKEY_RSA2:
-                RSA_free(x->pkey.rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-        case EVP_PKEY_DSA2:
-        case EVP_PKEY_DSA3:
-        case EVP_PKEY_DSA4:
-                DSA_free(x->pkey.dsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                DH_free(x->pkey.dh);
-                break;
-#endif
-                }
-        }
-
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
deleted file mode 100644
index 5a933d1cda..0000000000
--- a/src/lib/libcrypto/evp/p_open.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/evp/p_open.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
-             int ekl, unsigned char *iv, EVP_PKEY *priv)
-        {
-        unsigned char *key=NULL;
-        int i,size=0,ret=0;
-
-        if(type) {      
-                EVP_CIPHER_CTX_init(ctx);
-                if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
-        }
-
-        if(!priv) return 1;
-
-        if (priv->type != EVP_PKEY_RSA)
-                {
-                EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-                goto err;
-                }
-
-        size=RSA_size(priv->pkey.rsa);
-        key=(unsigned char *)OPENSSL_malloc(size+2);
-        if (key == NULL)
-                {
-                /* ERROR */
-                EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        i=EVP_PKEY_decrypt(key,ek,ekl,priv);
-        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
-                {
-                /* ERROR */
-                goto err;
-                }
-        if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
-
-        ret=1;
-err:
-        if (key != NULL) OPENSSL_cleanse(key,size);
-        OPENSSL_free(key);
-        return(ret);
-        }
-
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int i;
-
-        i=EVP_DecryptFinal_ex(ctx,out,outl);
-        EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-        return(i);
-        }
-#else /* !OPENSSL_NO_RSA */
-
-# ifdef PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
deleted file mode 100644
index 37e547fe72..0000000000
--- a/src/lib/libcrypto/evp/p_seal.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* crypto/evp/p_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-             int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
-        {
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        int i;
-        
-        if(type) {
-                EVP_CIPHER_CTX_init(ctx);
-                if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
-        }
-        if ((npubk <= 0) || !pubk)
-                return 1;
-        if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
-                return 0;
-        if (EVP_CIPHER_CTX_iv_length(ctx))
-                RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
-
-        if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
-
-        for (i=0; i<npubk; i++)
-                {
-                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
-                        pubk[i]);
-                if (ekl[i] <= 0) return(-1);
-                }
-        return(npubk);
-        }
-
-/* MACRO
-void EVP_SealUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
-        {
-        EVP_EncryptUpdate(ctx,out,outl,in,inl);
-        }
-*/
-
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-        {
-        int i;
-        i = EVP_EncryptFinal_ex(ctx,out,outl);
-        EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-        return i;
-        }
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
deleted file mode 100644
index e4ae5906f5..0000000000
--- a/src/lib/libcrypto/evp/p_sign.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/evp/p_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifdef undef
-void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-        {
-        EVP_DigestInit_ex(ctx,type);
-        }
-
-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-             unsigned int count)
-        {
-        EVP_DigestUpdate(ctx,data,count);
-        }
-#endif
-
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-             EVP_PKEY *pkey)
-        {
-        unsigned char m[EVP_MAX_MD_SIZE];
-        unsigned int m_len;
-        int i,ok=0,v;
-        MS_STATIC EVP_MD_CTX tmp_ctx;
-
-        *siglen=0;
-        EVP_MD_CTX_init(&tmp_ctx);
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
-        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        for (i=0; i<4; i++)
-                {
-                v=ctx->digest->required_pkey_type[i];
-                if (v == 0) break;
-                if (pkey->type == v)
-                        {
-                        ok=1;
-                        break;
-                        }
-                }
-        if (!ok)
-                {
-                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-                return(0);
-                }
-        if (ctx->digest->sign == NULL)
-                {
-                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
-                return(0);
-                }
-        return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-                pkey->pkey.ptr));
-        }
-
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
deleted file mode 100644
index d854d743a5..0000000000
--- a/src/lib/libcrypto/evp/p_verify.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/evp/p_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
-             unsigned int siglen, EVP_PKEY *pkey)
-        {
-        unsigned char m[EVP_MAX_MD_SIZE];
-        unsigned int m_len;
-        int i,ok=0,v;
-        MS_STATIC EVP_MD_CTX tmp_ctx;
-
-        for (i=0; i<4; i++)
-                {
-                v=ctx->digest->required_pkey_type[i];
-                if (v == 0) break;
-                if (pkey->type == v)
-                        {
-                        ok=1;
-                        break;
-                        }
-                }
-        if (!ok)
-                {
-                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-                return(-1);
-                }
-        EVP_MD_CTX_init(&tmp_ctx);
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
-        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        if (ctx->digest->verify == NULL)
-                {
-                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-                return(0);
-                }
-
-        return(ctx->digest->verify(ctx->digest->type,m,m_len,
-                sigbuf,siglen,pkey->pkey.ptr));
-        }
-
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
deleted file mode 100644
index 5b2e345c27..0000000000
--- a/src/lib/libcrypto/ex_data.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/* crypto/ex_data.c */
-
-/*
- * Overhaul notes;
- *
- * This code is now *mostly* thread-safe. It is now easier to understand in what
- * ways it is safe and in what ways it is not, which is an improvement. Firstly,
- * all per-class stacks and index-counters for ex_data are stored in the same
- * global LHASH table (keyed by class). This hash table uses locking for all
- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
- * called when no other threads can possibly race against it (even if it was
- * locked, the race would mean it's possible the hash table might have been
- * recreated after the cleanup). As classes can only be added to the hash table,
- * and within each class, the stack of methods can only be incremented, the
- * locking mechanics are simpler than they would otherwise be. For example, the
- * new/dup/free ex_data functions will lock the hash table, copy the method
- * pointers it needs from the relevant class, then unlock the hash table before
- * actually applying those method pointers to the task of the new/dup/free
- * operations. As they can't be removed from the method-stack, only
- * supplemented, there's no race conditions associated with using them outside
- * the lock. The get/set_ex_data functions are not locked because they do not
- * involve this global state at all - they operate directly with a previously
- * obtained per-class method index and a particular "ex_data" variable. These
- * variables are usually instantiated per-context (eg. each RSA structure has
- * one) so locking on read/write access to that variable can be locked locally
- * if required (eg. using the "RSA" lock to synchronise access to a
- * per-RSA-structure ex_data variable if required).
- * [Geoff]
- */
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include "cryptlib.h"
-
-/* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL
-        {
-        /*********************/
-        /* GLOBAL OPERATIONS */
-        /* Return a new class index */
-        int (*cb_new_class)(void);
-        /* Cleanup all state used by the implementation */
-        void (*cb_cleanup)(void);
-        /************************/
-        /* PER-CLASS OPERATIONS */
-        /* Get a new method index within a class */
-        int (*cb_get_new_index)(int class_index, long argl, void *argp,
-                        CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                        CRYPTO_EX_free *free_func);
-        /* Initialise a new CRYPTO_EX_DATA of a given class */
-        int (*cb_new_ex_data)(int class_index, void *obj,
-                        CRYPTO_EX_DATA *ad);
-        /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
-        int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
-                        CRYPTO_EX_DATA *from);
-        /* Cleanup a CRYPTO_EX_DATA of a given class */
-        void (*cb_free_ex_data)(int class_index, void *obj,
-                        CRYPTO_EX_DATA *ad);
-        };
-
-/* The implementation we use at run-time */
-static const CRYPTO_EX_DATA_IMPL *impl = NULL;
-
-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
- * EX_IMPL(get_new_index)(...); */
-#define EX_IMPL(a) impl->cb_##a
-
-/* Predeclare the "default" ex_data implementation */
-static int int_new_class(void);
-static void int_cleanup(void);
-static int int_get_new_index(int class_index, long argl, void *argp,
-                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj,
-                CRYPTO_EX_DATA *ad);
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj,
-                CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default =
-        {
-        int_new_class,
-        int_cleanup,
-        int_get_new_index,
-        int_new_ex_data,
-        int_dup_ex_data,
-        int_free_ex_data
-        };
-
-/* Internal function that checks whether "impl" is set and if not, sets it to
- * the default. */
-static void impl_check(void)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        if(!impl)
-                impl = &impl_default;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        }
-/* A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock). */
-#define IMPL_CHECK if(!impl) impl_check();
-
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
-        {
-        IMPL_CHECK
-        return impl;
-        }
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
-        {
-        int toret = 0;
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        if(!impl)
-                {
-                impl = i;
-                toret = 1;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        return toret;
-        }
-
-/****************************************************************************/
-/* Interal (default) implementation of "ex_data" support. API functions are
- * further down. */
-
-/* The type that represents what each "class" used to implement locally. A STACK
- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
- * value representing the class that is used to distinguish these items. */
-typedef struct st_ex_class_item {
-        int class_index;
-        STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
-        int meth_num;
-} EX_CLASS_ITEM;
-
-/* When assigning new class indexes, this is our counter */
-static int ex_class = CRYPTO_EX_INDEX_USER;
-
-/* The global hash table of EX_CLASS_ITEM items */
-static LHASH *ex_data = NULL;
-
-/* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_hash_cb(const void *a_void)
-        {
-        return ((const EX_CLASS_ITEM *)a_void)->class_index;
-        }
-static int ex_cmp_cb(const void *a_void, const void *b_void)
-        {
-        return (((const EX_CLASS_ITEM *)a_void)->class_index -
-                ((const EX_CLASS_ITEM *)b_void)->class_index);
-        }
-
-/* Internal functions used by the "impl_default" implementation to access the
- * state */
-
-static int ex_data_check(void)
-        {
-        int toret = 1;
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
-                toret = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        return toret;
-        }
-/* This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock. */
-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
-
-/* This "inner" callback is used by the callback function that follows it */
-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
-        {
-        OPENSSL_free(funcs);
-        }
-
-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
- * any locking. */
-static void def_cleanup_cb(const void *a_void)
-        {
-        EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
-        sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
-        OPENSSL_free(item);
-        }
-
-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
- * given class. Handles locking. */
-static EX_CLASS_ITEM *def_get_class(int class_index)
-        {
-        EX_CLASS_ITEM d, *p, *gen;
-        EX_DATA_CHECK(return NULL;)
-        d.class_index = class_index;
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        p = lh_retrieve(ex_data, &d);
-        if(!p)
-                {
-                gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
-                if(gen)
-                        {
-                        gen->class_index = class_index;
-                        gen->meth_num = 0;
-                        gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
-                        if(!gen->meth)
-                                OPENSSL_free(gen);
-                        else
-                                {
-                                /* Because we're inside the ex_data lock, the
-                                 * return value from the insert will be NULL */
-                                lh_insert(ex_data, gen);
-                                p = gen;
-                                }
-                        }
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        if(!p)
-                CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
-        return p;
-        }
-
-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking. */
-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
-                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func)
-        {
-        int toret = -1;
-        CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
-                                        sizeof(CRYPTO_EX_DATA_FUNCS));
-        if(!a)
-                {
-                CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-                return -1;
-                }
-        a->argl=argl;
-        a->argp=argp;
-        a->new_func=new_func;
-        a->dup_func=dup_func;
-        a->free_func=free_func;
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
-                {
-                if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
-                        {
-                        CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-                        OPENSSL_free(a);
-                        goto err;
-                        }
-                }
-        toret = item->meth_num++;
-        sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
-err:
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        return toret;
-        }
-
-/**************************************************************/
-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
-
-static int int_new_class(void)
-        {
-        int toret;
-        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        toret = ex_class++;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-        return toret;
-        }
-
-static void int_cleanup(void)
-        {
-        EX_DATA_CHECK(return;)
-        lh_doall(ex_data, def_cleanup_cb);
-        lh_free(ex_data);
-        ex_data = NULL;
-        impl = NULL;
-        }
-
-static int int_get_new_index(int class_index, long argl, void *argp,
-                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func)
-        {
-        EX_CLASS_ITEM *item = def_get_class(class_index);
-        if(!item)
-                return -1;
-        return def_add_index(item, argl, argp, new_func, dup_func, free_func);
-        }
-
-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
- * the lock, then using them outside the lock. NB: Thread-safety only applies to
- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
- * itself. */
-static int int_new_ex_data(int class_index, void *obj,
-                CRYPTO_EX_DATA *ad)
-        {
-        int mx,i;
-        void *ptr;
-        CRYPTO_EX_DATA_FUNCS **storage = NULL;
-        EX_CLASS_ITEM *item = def_get_class(class_index);
-        if(!item)
-                /* error is already set */
-                return 0;
-        ad->sk = NULL;
-        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-        if(mx > 0)
-                {
-                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-                if(!storage)
-                        goto skip;
-                for(i = 0; i < mx; i++)
-                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-                }
-skip:
-        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-        if((mx > 0) && !storage)
-                {
-                CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        for(i = 0; i < mx; i++)
-                {
-                if(storage[i] && storage[i]->new_func)
-                        {
-                        ptr = CRYPTO_get_ex_data(ad, i);
-                        storage[i]->new_func(obj,ptr,ad,i,
-                                storage[i]->argl,storage[i]->argp);
-                        }
-                }
-        if(storage)
-                OPENSSL_free(storage);
-        return 1;
-        }
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-                CRYPTO_EX_DATA *from)
-        {
-        int mx, j, i;
-        char *ptr;
-        CRYPTO_EX_DATA_FUNCS **storage = NULL;
-        EX_CLASS_ITEM *item;
-        if(!from->sk)
-                /* 'to' should be "blank" which *is* just like 'from' */
-                return 1;
-        if((item = def_get_class(class_index)) == NULL)
-                return 0;
-        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-        j = sk_num(from->sk);
-        if(j < mx)
-                mx = j;
-        if(mx > 0)
-                {
-                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-                if(!storage)
-                        goto skip;
-                for(i = 0; i < mx; i++)
-                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-                }
-skip:
-        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-        if((mx > 0) && !storage)
-                {
-                CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        for(i = 0; i < mx; i++)
-                {
-                ptr = CRYPTO_get_ex_data(from, i);
-                if(storage[i] && storage[i]->dup_func)
-                        storage[i]->dup_func(to,from,&ptr,i,
-                                storage[i]->argl,storage[i]->argp);
-                CRYPTO_set_ex_data(to,i,ptr);
-                }
-        if(storage)
-                OPENSSL_free(storage);
-        return 1;
-        }
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj,
-                CRYPTO_EX_DATA *ad)
-        {
-        int mx,i;
-        EX_CLASS_ITEM *item;
-        void *ptr;
-        CRYPTO_EX_DATA_FUNCS **storage = NULL;
-        if((item = def_get_class(class_index)) == NULL)
-                return;
-        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-        if(mx > 0)
-                {
-                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-                if(!storage)
-                        goto skip;
-                for(i = 0; i < mx; i++)
-                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-                }
-skip:
-        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-        if((mx > 0) && !storage)
-                {
-                CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
-                return;
-                }
-        for(i = 0; i < mx; i++)
-                {
-                if(storage[i] && storage[i]->free_func)
-                        {
-                        ptr = CRYPTO_get_ex_data(ad,i);
-                        storage[i]->free_func(obj,ptr,ad,i,
-                                storage[i]->argl,storage[i]->argp);
-                        }
-                }
-        if(storage)
-                OPENSSL_free(storage);
-        if(ad->sk)
-                {
-                sk_free(ad->sk);
-                ad->sk=NULL;
-                }
-        }
-
-/********************************************************************/
-/* API functions that defer all "state" operations to the "ex_data"
- * implementation we have set. */
-
-/* Obtain an index for a new class (not the same as getting a new index within
- * an existing class - this is actually getting a new *class*) */
-int CRYPTO_ex_data_new_class(void)
-        {
-        IMPL_CHECK
-        return EX_IMPL(new_class)();
-        }
-
-/* Release all "ex_data" state to prevent memory leaks. This can't be made
- * thread-safe without overhauling a lot of stuff, and shouldn't really be
- * called under potential race-conditions anyway (it's for program shutdown
- * after all). */
-void CRYPTO_cleanup_all_ex_data(void)
-        {
-        IMPL_CHECK
-        EX_IMPL(cleanup)();
-        }
-
-/* Inside an existing class, get/register a new index. */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func)
-        {
-        int ret = -1;
-
-        IMPL_CHECK
-        ret = EX_IMPL(get_new_index)(class_index,
-                        argl, argp, new_func, dup_func, free_func);
-        return ret;
-        }
-
-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-        {
-        IMPL_CHECK
-        return EX_IMPL(new_ex_data)(class_index, obj, ad);
-        }
-
-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
- * each index in the class used by this variable */
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-             CRYPTO_EX_DATA *from)
-        {
-        IMPL_CHECK
-        return EX_IMPL(dup_ex_data)(class_index, to, from);
-        }
-
-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable */
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-        {
-        IMPL_CHECK
-        EX_IMPL(free_ex_data)(class_index, obj, ad);
-        }
-
-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
- * particular index in the class used by this variable */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
-        {
-        int i;
-
-        if (ad->sk == NULL)
-                {
-                if ((ad->sk=sk_new_null()) == NULL)
-                        {
-                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                }
-        i=sk_num(ad->sk);
-
-        while (i <= idx)
-                {
-                if (!sk_push(ad->sk,NULL))
-                        {
-                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                i++;
-                }
-        sk_set(ad->sk,idx,val);
-        return(1);
-        }
-
-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
- * particular index in the class used by this variable */
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
-        {
-        if (ad->sk == NULL)
-                return(0);
-        else if (idx >= sk_num(ad->sk))
-                return(0);
-        else
-                return(sk_value(ad->sk,idx));
-        }
-
-IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
deleted file mode 100644
index 6c110bd52b..0000000000
--- a/src/lib/libcrypto/hmac/hmac.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/hmac.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_FIPS
-
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-                  const EVP_MD *md, ENGINE *impl)
-        {
-        int i,j,reset=0;
-        unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
-        if (md != NULL)
-                {
-                reset=1;
-                ctx->md=md;
-                }
-        else
-                md=ctx->md;
-
-        if (key != NULL)
-                {
-                reset=1;
-                j=EVP_MD_block_size(md);
-                OPENSSL_assert(j <= sizeof ctx->key);
-                if (j < len)
-                        {
-                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
-                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
-                        EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
-                                &ctx->key_length);
-                        }
-                else
-                        {
-                        OPENSSL_assert(len <= sizeof ctx->key);
-                        memcpy(ctx->key,key,len);
-                        ctx->key_length=len;
-                        }
-                if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
-                        memset(&ctx->key[ctx->key_length], 0,
-                                HMAC_MAX_MD_CBLOCK - ctx->key_length);
-                }
-
-        if (reset)      
-                {
-                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-                        pad[i]=0x36^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
-                EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
-
-                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-                        pad[i]=0x5c^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
-                EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
-                }
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
-        }
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-               const EVP_MD *md)
-        {
-        if(key && md)
-            HMAC_CTX_init(ctx);
-        HMAC_Init_ex(ctx,key,len,md, NULL);
-        }
-
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
-        {
-        EVP_DigestUpdate(&ctx->md_ctx,data,len);
-        }
-
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
-        {
-        int j;
-        unsigned int i;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-
-        j=EVP_MD_block_size(ctx->md);
-
-        EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
-        EVP_DigestUpdate(&ctx->md_ctx,buf,i);
-        EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
-        }
-
-void HMAC_CTX_init(HMAC_CTX *ctx)
-        {
-        EVP_MD_CTX_init(&ctx->i_ctx);
-        EVP_MD_CTX_init(&ctx->o_ctx);
-        EVP_MD_CTX_init(&ctx->md_ctx);
-        }
-
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
-        {
-        EVP_MD_CTX_cleanup(&ctx->i_ctx);
-        EVP_MD_CTX_cleanup(&ctx->o_ctx);
-        EVP_MD_CTX_cleanup(&ctx->md_ctx);
-        memset(ctx,0,sizeof *ctx);
-        }
-
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, int n, unsigned char *md,
-                    unsigned int *md_len)
-        {
-        HMAC_CTX c;
-        static unsigned char m[EVP_MAX_MD_SIZE];
-
-        if (md == NULL) md=m;
-        HMAC_CTX_init(&c);
-        HMAC_Init(&c,key,key_len,evp_md);
-        HMAC_Update(&c,d,n);
-        HMAC_Final(&c,md,md_len);
-        HMAC_CTX_cleanup(&c);
-        return(md);
-        }
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-        {
-        EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
deleted file mode 100644
index c6489c04c8..0000000000
--- a/src/lib/libcrypto/hmac/hmac.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/hmac/hmac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-#define HEADER_HMAC_H
-
-#ifdef OPENSSL_NO_HMAC
-#error HMAC is disabled.
-#endif
-
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-#define HMAC_MAX_MD_CBLOCK      128
-#else
-#define HMAC_MAX_MD_CBLOCK      64
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct hmac_ctx_st
-        {
-        const EVP_MD *md;
-        EVP_MD_CTX md_ctx;
-        EVP_MD_CTX i_ctx;
-        EVP_MD_CTX o_ctx;
-        unsigned int key_length;
-        unsigned char key[HMAC_MAX_MD_CBLOCK];
-        } HMAC_CTX;
-
-#define HMAC_size(e)    (EVP_MD_size((e)->md))
-
-
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-
-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-               const EVP_MD *md); /* deprecated */
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-                  const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, int n, unsigned char *md,
-                    unsigned int *md_len);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h
deleted file mode 100644
index bf41844fd7..0000000000
--- a/src/lib/libcrypto/idea/idea.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/idea/idea.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_IDEA_H
-#define HEADER_IDEA_H
-
-#ifdef OPENSSL_NO_IDEA
-#error IDEA is disabled.
-#endif
-
-#define IDEA_ENCRYPT    1
-#define IDEA_DECRYPT    0
-
-#include <openssl/opensslconf.h> /* IDEA_INT */
-#define IDEA_BLOCK      8
-#define IDEA_KEY_LENGTH 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct idea_key_st
-        {
-        IDEA_INT data[9][6];
-        } IDEA_KEY_SCHEDULE;
-
-const char *idea_options(void);
-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
-        IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key,
-                                                IDEA_KEY_SCHEDULE *ks);
-#endif
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-        int *num,int enc);
-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/krb5/krb5_asn.c b/src/lib/libcrypto/krb5/krb5_asn.c
deleted file mode 100644
index 1fb741d2a0..0000000000
--- a/src/lib/libcrypto/krb5/krb5_asn.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* krb5_asn.c */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/krb5_asn.h>
-
-
-ASN1_SEQUENCE(KRB5_ENCDATA) = {
-        ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
-        ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
-        ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
-} ASN1_SEQUENCE_END(KRB5_ENCDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
-
-
-ASN1_SEQUENCE(KRB5_PRINCNAME) = {
-        ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
-        ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
-} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-
-
-/* [APPLICATION 1] = 0x61 */
-ASN1_SEQUENCE(KRB5_TKTBODY) = {
-        ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
-        ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
-        ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
-} ASN1_SEQUENCE_END(KRB5_TKTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
-
-
-ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
-                        KRB5_TICKET, KRB5_TKTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
-
-
-/* [APPLICATION 14] = 0x6e */
-ASN1_SEQUENCE(KRB5_APREQBODY) = {
-        ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
-        ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
-        ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
-        ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
-} ASN1_SEQUENCE_END(KRB5_APREQBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
-                        KRB5_APREQ, KRB5_APREQBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
-
-
-/*  Authenticator stuff         */
-
-ASN1_SEQUENCE(KRB5_CHECKSUM) = {
-        ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-
-
-ASN1_SEQUENCE(KRB5_ENCKEY) = {
-        ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_ENCKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
-
-
-/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
-ASN1_SEQUENCE(KRB5_AUTHDATA) = {
-        ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-
-
-/* [APPLICATION 2] = 0x62 */
-ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
-        ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
-        ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
-        ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
-        ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
-        ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
-        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
-        ASN1_EXP_SEQUENCE_OF_OPT
-                    (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
-} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
-                        KRB5_AUTHENT, KRB5_AUTHENTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
diff --git a/src/lib/libcrypto/krb5/krb5_asn.h b/src/lib/libcrypto/krb5/krb5_asn.h
deleted file mode 100644
index 3329477b07..0000000000
--- a/src/lib/libcrypto/krb5/krb5_asn.h
+++ /dev/null
@@ -1,256 +0,0 @@
-/* krb5_asn.h */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_KRB5_ASN_H
-#define HEADER_KRB5_ASN_H
-
-/*
-#include <krb5.h>
-*/
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-/*      ASN.1 from Kerberos RFC 1510
-*/
-
-/*      EncryptedData ::=   SEQUENCE {
-**              etype[0]                      INTEGER, -- EncryptionType
-**              kvno[1]                       INTEGER OPTIONAL,
-**              cipher[2]                     OCTET STRING -- ciphertext
-**      }
-*/
-typedef struct  krb5_encdata_st
-        {
-        ASN1_INTEGER                    *etype;
-        ASN1_INTEGER                    *kvno;
-        ASN1_OCTET_STRING               *cipher;
-        }       KRB5_ENCDATA;
-
-DECLARE_STACK_OF(KRB5_ENCDATA)
-
-/*      PrincipalName ::=   SEQUENCE {
-**              name-type[0]                  INTEGER,
-**              name-string[1]                SEQUENCE OF GeneralString
-**      }
-*/
-typedef struct  krb5_princname_st
-        {
-        ASN1_INTEGER                    *nametype;
-        STACK_OF(ASN1_GENERALSTRING)    *namestring;
-        }       KRB5_PRINCNAME;
-
-DECLARE_STACK_OF(KRB5_PRINCNAME)
-
-
-/*      Ticket ::=      [APPLICATION 1] SEQUENCE {
-**              tkt-vno[0]                    INTEGER,
-**              realm[1]                      Realm,
-**              sname[2]                      PrincipalName,
-**              enc-part[3]                   EncryptedData
-**      }
-*/
-typedef struct  krb5_tktbody_st
-        {
-        ASN1_INTEGER                    *tktvno;
-        ASN1_GENERALSTRING              *realm;
-        KRB5_PRINCNAME                  *sname;
-        KRB5_ENCDATA                    *encdata;
-        }       KRB5_TKTBODY;
-
-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
-DECLARE_STACK_OF(KRB5_TKTBODY)
-
-
-/*      AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-**              pvno[0]                       INTEGER,
-**              msg-type[1]                   INTEGER,
-**              ap-options[2]                 APOptions,
-**              ticket[3]                     Ticket,
-**              authenticator[4]              EncryptedData
-**      }
-**
-**      APOptions ::=   BIT STRING {
-**              reserved(0), use-session-key(1), mutual-required(2) }
-*/
-typedef struct  krb5_ap_req_st
-        {
-        ASN1_INTEGER                    *pvno;
-        ASN1_INTEGER                    *msgtype;
-        ASN1_BIT_STRING                 *apoptions;
-        KRB5_TICKET                     *ticket;
-        KRB5_ENCDATA                    *authenticator;
-        }       KRB5_APREQBODY;
-
-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
-DECLARE_STACK_OF(KRB5_APREQBODY)
-
-
-/*      Authenticator Stuff     */
-
-
-/*      Checksum ::=   SEQUENCE {
-**              cksumtype[0]                  INTEGER,
-**              checksum[1]                   OCTET STRING
-**      }
-*/
-typedef struct  krb5_checksum_st
-        {
-        ASN1_INTEGER                    *ctype;
-        ASN1_OCTET_STRING               *checksum;
-        }       KRB5_CHECKSUM;
-
-DECLARE_STACK_OF(KRB5_CHECKSUM)
-
-
-/*      EncryptionKey ::=   SEQUENCE {
-**              keytype[0]                    INTEGER,
-**              keyvalue[1]                   OCTET STRING
-**      }
-*/
-typedef struct  krb5_encryptionkey_st
-        {
-        ASN1_INTEGER                    *ktype;
-        ASN1_OCTET_STRING               *keyvalue;
-        }       KRB5_ENCKEY;
-
-DECLARE_STACK_OF(KRB5_ENCKEY)
-
-
-/*      AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-**              ad-type[0]                    INTEGER,
-**              ad-data[1]                    OCTET STRING
-**      }
-*/
-typedef struct  krb5_authorization_st
-        {
-        ASN1_INTEGER                    *adtype;
-        ASN1_OCTET_STRING               *addata;
-        }       KRB5_AUTHDATA;
-
-DECLARE_STACK_OF(KRB5_AUTHDATA)
-
-                        
-/*      -- Unencrypted authenticator
-**      Authenticator ::=    [APPLICATION 2] SEQUENCE    {
-**              authenticator-vno[0]          INTEGER,
-**              crealm[1]                     Realm,
-**              cname[2]                      PrincipalName,
-**              cksum[3]                      Checksum OPTIONAL,
-**              cusec[4]                      INTEGER,
-**              ctime[5]                      KerberosTime,
-**              subkey[6]                     EncryptionKey OPTIONAL,
-**              seq-number[7]                 INTEGER OPTIONAL,
-**              authorization-data[8]         AuthorizationData OPTIONAL
-**      }
-*/
-typedef struct  krb5_authenticator_st
-        {
-        ASN1_INTEGER                    *avno;
-        ASN1_GENERALSTRING              *crealm;
-        KRB5_PRINCNAME                  *cname;
-        KRB5_CHECKSUM                   *cksum;
-        ASN1_INTEGER                    *cusec;
-        ASN1_GENERALIZEDTIME            *ctime;
-        KRB5_ENCKEY                     *subkey;
-        ASN1_INTEGER                    *seqnum;
-        KRB5_AUTHDATA                   *authorization;
-        }       KRB5_AUTHENTBODY;
-
-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
-DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
-
-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-**      type *name##_new(void);
-**      void name##_free(type *a);
-**      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-**       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-**        type *d2i_##name(type **a, unsigned char **in, long len);
-**        int i2d_##name(type *a, unsigned char **out);
-**        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
-*/
-
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
-
-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libcrypto/lhash/lh_stats.c b/src/lib/libcrypto/lhash/lh_stats.c
deleted file mode 100644
index 5aa7766aa6..0000000000
--- a/src/lib/libcrypto/lhash/lh_stats.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* crypto/lhash/lh_stats.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-/* If you wish to build this outside of SSLeay, remove the following lines
- * and things should work as expected */
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/lhash.h>
-
-#ifdef OPENSSL_NO_BIO
-
-void lh_stats(LHASH *lh, FILE *out)
-        {
-        fprintf(out,"num_items             = %lu\n",lh->num_items);
-        fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
-        fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-        fprintf(out,"num_expands           = %lu\n",lh->num_expands);
-        fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
-        fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
-        fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
-        fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-        fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-        fprintf(out,"num_insert            = %lu\n",lh->num_insert);
-        fprintf(out,"num_replace           = %lu\n",lh->num_replace);
-        fprintf(out,"num_delete            = %lu\n",lh->num_delete);
-        fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-        fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-        fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-        fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-        fprintf(out,"p                     = %u\n",lh->p);
-        fprintf(out,"pmax                  = %u\n",lh->pmax);
-        fprintf(out,"up_load               = %lu\n",lh->up_load);
-        fprintf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-        }
-
-void lh_node_stats(LHASH *lh, FILE *out)
-        {
-        LHASH_NODE *n;
-        unsigned int i,num;
-
-        for (i=0; i<lh->num_nodes; i++)
-                {
-                for (n=lh->b[i],num=0; n != NULL; n=n->next)
-                        num++;
-                fprintf(out,"node %6u -> %3u\n",i,num);
-                }
-        }
-
-void lh_node_usage_stats(LHASH *lh, FILE *out)
-        {
-        LHASH_NODE *n;
-        unsigned long num;
-        unsigned int i;
-        unsigned long total=0,n_used=0;
-
-        for (i=0; i<lh->num_nodes; i++)
-                {
-                for (n=lh->b[i],num=0; n != NULL; n=n->next)
-                        num++;
-                if (num != 0)
-                        {
-                        n_used++;
-                        total+=num;
-                        }
-                }
-        fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-        fprintf(out,"%lu items\n",total);
-        if (n_used == 0) return;
-        fprintf(out,"load %d.%02d  actual load %d.%02d\n",
-                (int)(total/lh->num_nodes),
-                (int)((total%lh->num_nodes)*100/lh->num_nodes),
-                (int)(total/n_used),
-                (int)((total%n_used)*100/n_used));
-        }
-
-#else
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *fp)
-        {
-        BIO *bp;
-
-        bp=BIO_new(BIO_s_file());
-        if (bp == NULL) goto end;
-        BIO_set_fp(bp,fp,BIO_NOCLOSE);
-        lh_stats_bio(lh,bp);
-        BIO_free(bp);
-end:;
-        }
-
-void lh_node_stats(const LHASH *lh, FILE *fp)
-        {
-        BIO *bp;
-
-        bp=BIO_new(BIO_s_file());
-        if (bp == NULL) goto end;
-        BIO_set_fp(bp,fp,BIO_NOCLOSE);
-        lh_node_stats_bio(lh,bp);
-        BIO_free(bp);
-end:;
-        }
-
-void lh_node_usage_stats(const LHASH *lh, FILE *fp)
-        {
-        BIO *bp;
-
-        bp=BIO_new(BIO_s_file());
-        if (bp == NULL) goto end;
-        BIO_set_fp(bp,fp,BIO_NOCLOSE);
-        lh_node_usage_stats_bio(lh,bp);
-        BIO_free(bp);
-end:;
-        }
-
-#endif
-
-void lh_stats_bio(const LHASH *lh, BIO *out)
-        {
-        BIO_printf(out,"num_items             = %lu\n",lh->num_items);
-        BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
-        BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-        BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
-        BIO_printf(out,"num_expand_reallocs   = %lu\n",
-                   lh->num_expand_reallocs);
-        BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
-        BIO_printf(out,"num_contract_reallocs = %lu\n",
-                   lh->num_contract_reallocs);
-        BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-        BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-        BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
-        BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
-        BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
-        BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-        BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-        BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-        BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-        BIO_printf(out,"p                     = %u\n",lh->p);
-        BIO_printf(out,"pmax                  = %u\n",lh->pmax);
-        BIO_printf(out,"up_load               = %lu\n",lh->up_load);
-        BIO_printf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-        }
-
-void lh_node_stats_bio(const LHASH *lh, BIO *out)
-        {
-        LHASH_NODE *n;
-        unsigned int i,num;
-
-        for (i=0; i<lh->num_nodes; i++)
-                {
-                for (n=lh->b[i],num=0; n != NULL; n=n->next)
-                        num++;
-                BIO_printf(out,"node %6u -> %3u\n",i,num);
-                }
-        }
-
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
-        {
-        LHASH_NODE *n;
-        unsigned long num;
-        unsigned int i;
-        unsigned long total=0,n_used=0;
-
-        for (i=0; i<lh->num_nodes; i++)
-                {
-                for (n=lh->b[i],num=0; n != NULL; n=n->next)
-                        num++;
-                if (num != 0)
-                        {
-                        n_used++;
-                        total+=num;
-                        }
-                }
-        BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-        BIO_printf(out,"%lu items\n",total);
-        if (n_used == 0) return;
-        BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
-                   (int)(total/lh->num_nodes),
-                   (int)((total%lh->num_nodes)*100/lh->num_nodes),
-                   (int)(total/n_used),
-                   (int)((total%n_used)*100/n_used));
-        }
-
-#endif
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
deleted file mode 100644
index 0a16fcf27d..0000000000
--- a/src/lib/libcrypto/lhash/lhash.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for dynamic hash table routines
- * Author - Eric Young v 2.0
- *
- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- *           present. eay 18-Jun-98
- *
- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
- *
- * 2.0 eay - Fixed a bug that occurred when using lh_delete
- *           from inside lh_doall().  As entries were deleted,
- *           the 'table' was 'contract()ed', making some entries
- *           jump from the end of the table to the start, there by
- *           skipping the lh_doall() processing. eay - 4/12/95
- *
- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- *           were not being free()ed. 21/11/95
- *
- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- *           19/09/95
- *
- * 1.7 eay - Removed the fputs() for realloc failures - the code
- *           should silently tolerate them.  I have also fixed things
- *           lint complained about 04/05/95
- *
- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
- *
- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
- *
- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
- *
- * 1.3 eay - Fixed a few lint problems 19/3/1991
- *
- * 1.2 eay - Fixed lh_doall problem 13/3/1991
- *
- * 1.1 eay - Added lh_doall
- *
- * 1.0 eay - First version
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-
-const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
-
-#undef MIN_NODES 
-#define MIN_NODES       16
-#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256  (default 2) */
-#define DOWN_LOAD       (LH_LOAD_MULT)   /* load times 256  (default 1) */
-
-static void expand(LHASH *lh);
-static void contract(LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
-
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
-        {
-        LHASH *ret;
-        int i;
-
-        if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
-                goto err0;
-        if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
-                goto err1;
-        for (i=0; i<MIN_NODES; i++)
-                ret->b[i]=NULL;
-        ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
-        ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
-        ret->num_nodes=MIN_NODES/2;
-        ret->num_alloc_nodes=MIN_NODES;
-        ret->p=0;
-        ret->pmax=MIN_NODES/2;
-        ret->up_load=UP_LOAD;
-        ret->down_load=DOWN_LOAD;
-        ret->num_items=0;
-
-        ret->num_expands=0;
-        ret->num_expand_reallocs=0;
-        ret->num_contracts=0;
-        ret->num_contract_reallocs=0;
-        ret->num_hash_calls=0;
-        ret->num_comp_calls=0;
-        ret->num_insert=0;
-        ret->num_replace=0;
-        ret->num_delete=0;
-        ret->num_no_delete=0;
-        ret->num_retrieve=0;
-        ret->num_retrieve_miss=0;
-        ret->num_hash_comps=0;
-
-        ret->error=0;
-        return(ret);
-err1:
-        OPENSSL_free(ret);
-err0:
-        return(NULL);
-        }
-
-void lh_free(LHASH *lh)
-        {
-        unsigned int i;
-        LHASH_NODE *n,*nn;
-
-        if (lh == NULL)
-            return;
-
-        for (i=0; i<lh->num_nodes; i++)
-                {
-                n=lh->b[i];
-                while (n != NULL)
-                        {
-                        nn=n->next;
-                        OPENSSL_free(n);
-                        n=nn;
-                        }
-                }
-        OPENSSL_free(lh->b);
-        OPENSSL_free(lh);
-        }
-
-void *lh_insert(LHASH *lh, const void *data)
-        {
-        unsigned long hash;
-        LHASH_NODE *nn,**rn;
-        const void *ret;
-
-        lh->error=0;
-        if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
-                expand(lh);
-
-        rn=getrn(lh,data,&hash);
-
-        if (*rn == NULL)
-                {
-                if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
-                        {
-                        lh->error++;
-                        return(NULL);
-                        }
-                nn->data=data;
-                nn->next=NULL;
-#ifndef OPENSSL_NO_HASH_COMP
-                nn->hash=hash;
-#endif
-                *rn=nn;
-                ret=NULL;
-                lh->num_insert++;
-                lh->num_items++;
-                }
-        else /* replace same key */
-                {
-                ret= (*rn)->data;
-                (*rn)->data=data;
-                lh->num_replace++;
-                }
-        return((void *)ret);
-        }
-
-void *lh_delete(LHASH *lh, const void *data)
-        {
-        unsigned long hash;
-        LHASH_NODE *nn,**rn;
-        const void *ret;
-
-        lh->error=0;
-        rn=getrn(lh,data,&hash);
-
-        if (*rn == NULL)
-                {
-                lh->num_no_delete++;
-                return(NULL);
-                }
-        else
-                {
-                nn= *rn;
-                *rn=nn->next;
-                ret=nn->data;
-                OPENSSL_free(nn);
-                lh->num_delete++;
-                }
-
-        lh->num_items--;
-        if ((lh->num_nodes > MIN_NODES) &&
-                (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
-                contract(lh);
-
-        return((void *)ret);
-        }
-
-void *lh_retrieve(LHASH *lh, const void *data)
-        {
-        unsigned long hash;
-        LHASH_NODE **rn;
-        const void *ret;
-
-        lh->error=0;
-        rn=getrn(lh,data,&hash);
-
-        if (*rn == NULL)
-                {
-                lh->num_retrieve_miss++;
-                return(NULL);
-                }
-        else
-                {
-                ret= (*rn)->data;
-                lh->num_retrieve++;
-                }
-        return((void *)ret);
-        }
-
-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
-        {
-        int i;
-        LHASH_NODE *a,*n;
-
-        /* reverse the order so we search from 'top to bottom'
-         * We were having memory leaks otherwise */
-        for (i=lh->num_nodes-1; i>=0; i--)
-                {
-                a=lh->b[i];
-                while (a != NULL)
-                        {
-                        /* 28/05/91 - eay - n added so items can be deleted
-                         * via lh_doall */
-                        n=a->next;
-                        if(use_arg)
-                                func_arg(a->data,arg);
-                        else
-                                func(a->data);
-                        a=n;
-                        }
-                }
-        }
-
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
-        {
-        doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
-        }
-
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
-        {
-        doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
-        }
-
-static void expand(LHASH *lh)
-        {
-        LHASH_NODE **n,**n1,**n2,*np;
-        unsigned int p,i,j;
-        unsigned long hash,nni;
-
-        lh->num_nodes++;
-        lh->num_expands++;
-        p=(int)lh->p++;
-        n1= &(lh->b[p]);
-        n2= &(lh->b[p+(int)lh->pmax]);
-        *n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
-        nni=lh->num_alloc_nodes;
-        
-        for (np= *n1; np != NULL; )
-                {
-#ifndef OPENSSL_NO_HASH_COMP
-                hash=np->hash;
-#else
-                hash=lh->hash(np->data);
-                lh->num_hash_calls++;
-#endif
-                if ((hash%nni) != p)
-                        { /* move it */
-                        *n1= (*n1)->next;
-                        np->next= *n2;
-                        *n2=np;
-                        }
-                else
-                        n1= &((*n1)->next);
-                np= *n1;
-                }
-
-        if ((lh->p) >= lh->pmax)
-                {
-                j=(int)lh->num_alloc_nodes*2;
-                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-                        (unsigned int)sizeof(LHASH_NODE *)*j);
-                if (n == NULL)
-                        {
-/*                      fputs("realloc error in lhash",stderr); */
-                        lh->error++;
-                        lh->p=0;
-                        return;
-                        }
-                /* else */
-                for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
-                        n[i]=NULL;                        /* 02/03/92 eay */
-                lh->pmax=lh->num_alloc_nodes;
-                lh->num_alloc_nodes=j;
-                lh->num_expand_reallocs++;
-                lh->p=0;
-                lh->b=n;
-                }
-        }
-
-static void contract(LHASH *lh)
-        {
-        LHASH_NODE **n,*n1,*np;
-
-        np=lh->b[lh->p+lh->pmax-1];
-        lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
-        if (lh->p == 0)
-                {
-                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-                        (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
-                if (n == NULL)
-                        {
-/*                      fputs("realloc error in lhash",stderr); */
-                        lh->error++;
-                        return;
-                        }
-                lh->num_contract_reallocs++;
-                lh->num_alloc_nodes/=2;
-                lh->pmax/=2;
-                lh->p=lh->pmax-1;
-                lh->b=n;
-                }
-        else
-                lh->p--;
-
-        lh->num_nodes--;
-        lh->num_contracts++;
-
-        n1=lh->b[(int)lh->p];
-        if (n1 == NULL)
-                lh->b[(int)lh->p]=np;
-        else
-                {
-                while (n1->next != NULL)
-                        n1=n1->next;
-                n1->next=np;
-                }
-        }
-
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
-        {
-        LHASH_NODE **ret,*n1;
-        unsigned long hash,nn;
-        int (*cf)();
-
-        hash=(*(lh->hash))(data);
-        lh->num_hash_calls++;
-        *rhash=hash;
-
-        nn=hash%lh->pmax;
-        if (nn < lh->p)
-                nn=hash%lh->num_alloc_nodes;
-
-        cf=lh->comp;
-        ret= &(lh->b[(int)nn]);
-        for (n1= *ret; n1 != NULL; n1=n1->next)
-                {
-#ifndef OPENSSL_NO_HASH_COMP
-                lh->num_hash_comps++;
-                if (n1->hash != hash)
-                        {
-                        ret= &(n1->next);
-                        continue;
-                        }
-#endif
-                lh->num_comp_calls++;
-                if(cf(n1->data,data) == 0)
-                        break;
-                ret= &(n1->next);
-                }
-        return(ret);
-        }
-
-/* The following hash seems to work very well on normal text strings
- * no collisions on /usr/dict/words and it distributes on %2^n quite
- * well, not as good as MD5, but still good.
- */
-unsigned long lh_strhash(const char *c)
-        {
-        unsigned long ret=0;
-        long n;
-        unsigned long v;
-        int r;
-
-        if ((c == NULL) || (*c == '\0'))
-                return(ret);
-/*
-        unsigned char b[16];
-        MD5(c,strlen(c),b);
-        return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
-*/
-
-        n=0x100;
-        while (*c)
-                {
-                v=n|(*c);
-                n+=0x100;
-                r= (int)((v>>2)^v)&0x0f;
-                ret=(ret<<r)|(ret>>(32-r));
-                ret&=0xFFFFFFFFL;
-                ret^=v*v;
-                c++;
-                }
-        return((ret>>16)^ret);
-        }
-
-unsigned long lh_num_items(const LHASH *lh)
-        {
-        return lh ? lh->num_items : 0;
-        }
diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h
deleted file mode 100644
index dee8207333..0000000000
--- a/src/lib/libcrypto/lhash/lhash.h
+++ /dev/null
@@ -1,199 +0,0 @@
-/* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Header for dynamic hash table routines
- * Author - Eric Young
- */
-
-#ifndef HEADER_LHASH_H
-#define HEADER_LHASH_H
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct lhash_node_st
-        {
-        const void *data;
-        struct lhash_node_st *next;
-#ifndef OPENSSL_NO_HASH_COMP
-        unsigned long hash;
-#endif
-        } LHASH_NODE;
-
-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *);
-
-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
- * This way, callbacks can be provided to LHASH structures without function
- * pointer casting and the macro-defined callbacks provide per-variable casting
- * before deferring to the underlying type-specific callbacks. NB: It is
- * possible to place a "static" in front of both the DECLARE and IMPLEMENT
- * macros if the functions are strictly internal. */
-
-/* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *arg) { \
-                o_type a = (o_type)arg; \
-                return f_name(a); }
-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
-
-/* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
-        int f_name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
-        int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-                o_type a = (o_type)arg1; \
-                o_type b = (o_type)arg2; \
-                return f_name(a,b); }
-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
-
-/* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
-        void f_name##_LHASH_DOALL(const void *);
-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
-        void f_name##_LHASH_DOALL(const void *arg) { \
-                o_type a = (o_type)arg; \
-                f_name(a); }
-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
-
-/* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
-        void f_name##_LHASH_DOALL_ARG(const void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
-        void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \
-                o_type a = (o_type)arg1; \
-                a_type b = (a_type)arg2; \
-                f_name(a,b); }
-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
-
-typedef struct lhash_st
-        {
-        LHASH_NODE **b;
-        LHASH_COMP_FN_TYPE comp;
-        LHASH_HASH_FN_TYPE hash;
-        unsigned int num_nodes;
-        unsigned int num_alloc_nodes;
-        unsigned int p;
-        unsigned int pmax;
-        unsigned long up_load; /* load times 256 */
-        unsigned long down_load; /* load times 256 */
-        unsigned long num_items;
-
-        unsigned long num_expands;
-        unsigned long num_expand_reallocs;
-        unsigned long num_contracts;
-        unsigned long num_contract_reallocs;
-        unsigned long num_hash_calls;
-        unsigned long num_comp_calls;
-        unsigned long num_insert;
-        unsigned long num_replace;
-        unsigned long num_delete;
-        unsigned long num_no_delete;
-        unsigned long num_retrieve;
-        unsigned long num_retrieve_miss;
-        unsigned long num_hash_comps;
-
-        int error;
-        } LHASH;
-
-#define LH_LOAD_MULT    256
-
-/* Indicates a malloc() error in the last call, this is only bad
- * in lh_insert(). */
-#define lh_error(lh)    ((lh)->error)
-
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(LHASH *lh);
-void *lh_insert(LHASH *lh, const void *data);
-void *lh_delete(LHASH *lh, const void *data);
-void *lh_retrieve(LHASH *lh, const void *data);
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
-unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const LHASH *lh);
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *out);
-void lh_node_stats(const LHASH *lh, FILE *out);
-void lh_node_usage_stats(const LHASH *lh, FILE *out);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const LHASH *lh, BIO *out);
-void lh_node_stats_bio(const LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
-#endif
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h
deleted file mode 100644
index 733da6acaf..0000000000
--- a/src/lib/libcrypto/md32_common.h
+++ /dev/null
@@ -1,649 +0,0 @@
-/* crypto/md32_common.h */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This is a generic 32 bit "collector" for message digest algorithms.
- * Whenever needed it collects input character stream into chunks of
- * 32 bit values and invokes a block function that performs actual hash
- * calculations.
- *
- * Porting guide.
- *
- * Obligatory macros:
- *
- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
- *      this macro defines byte order of input stream.
- * HASH_CBLOCK
- *      size of a unit chunk HASH_BLOCK operates on.
- * HASH_LONG
- *      has to be at lest 32 bit wide, if it's wider, then
- *      HASH_LONG_LOG2 *has to* be defined along
- * HASH_CTX
- *      context structure that at least contains following
- *      members:
- *              typedef struct {
- *                      ...
- *                      HASH_LONG       Nl,Nh;
- *                      HASH_LONG       data[HASH_LBLOCK];
- *                      int             num;
- *                      ...
- *                      } HASH_CTX;
- * HASH_UPDATE
- *      name of "Update" function, implemented here.
- * HASH_TRANSFORM
- *      name of "Transform" function, implemented here.
- * HASH_FINAL
- *      name of "Final" function, implemented here.
- * HASH_BLOCK_HOST_ORDER
- *      name of "block" function treating *aligned* input message
- *      in host byte order, implemented externally.
- * HASH_BLOCK_DATA_ORDER
- *      name of "block" function treating *unaligned* input message
- *      in original (data) byte order, implemented externally (it
- *      actually is optional if data and host are of the same
- *      "endianess").
- * HASH_MAKE_STRING
- *      macro convering context variables to an ASCII hash string.
- *
- * Optional macros:
- *
- * B_ENDIAN or L_ENDIAN
- *      defines host byte-order.
- * HASH_LONG_LOG2
- *      defaults to 2 if not states otherwise.
- * HASH_LBLOCK
- *      assumed to be HASH_CBLOCK/4 if not stated otherwise.
- * HASH_BLOCK_DATA_ORDER_ALIGNED
- *      alternative "block" function capable of treating
- *      aligned input message in original (data) order,
- *      implemented externally.
- *
- * MD5 example:
- *
- *      #define DATA_ORDER_IS_LITTLE_ENDIAN
- *
- *      #define HASH_LONG               MD5_LONG
- *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
- *      #define HASH_CTX                MD5_CTX
- *      #define HASH_CBLOCK             MD5_CBLOCK
- *      #define HASH_LBLOCK             MD5_LBLOCK
- *      #define HASH_UPDATE             MD5_Update
- *      #define HASH_TRANSFORM          MD5_Transform
- *      #define HASH_FINAL              MD5_Final
- *      #define HASH_BLOCK_HOST_ORDER   md5_block_host_order
- *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
- *
- *                                      <appro@fy.chalmers.se>
- */
-
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-#error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-#error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-#error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-#error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-#error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-#error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_HOST_ORDER
-#error "HASH_BLOCK_HOST_ORDER must be defined!"
-#endif
-
-#if 0
-/*
- * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
- * isn't defined.
- */
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-#endif
-
-#ifndef HASH_LBLOCK
-#define HASH_LBLOCK     (HASH_CBLOCK/4)
-#endif
-
-#ifndef HASH_LONG_LOG2
-#define HASH_LONG_LOG2  2
-#endif
-
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if 0 /* defined(_MSC_VER) */
-#  define ROTATE(a,n)   _lrotl(a,n)
-# elif defined(__MWERKS__)
-#  if defined(__POWERPC__)
-#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
-#  elif defined(__MC68K__)
-    /* Motorola specific tweak. <appro@fy.chalmers.se> */
-#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
-#  else
-#   define ROTATE(a,n)  __rol(a,n)
-#  endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /*
-   * Some GNU C inline assembler templates. Note that these are
-   * rotates by *constant* number of bits! But that's exactly
-   * what we need here...
-   *
-   *                                    <appro@fy.chalmers.se>
-   */
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "roll %1,%0"            \
-                                : "=r"(ret)             \
-                                : "I"(n), "0"(a)        \
-                                : "cc");                \
-                           ret;                         \
-                        })
-#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "rlwinm %0,%1,%2,0,31"  \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                           ret;                         \
-                        })
-#  endif
-# endif
-
-/*
- * Engage compiler specific "fetch in reverse byte order"
- * intrinsic function if available.
- */
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
-#  if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
-#   define BE_FETCH32(a)        ({ register unsigned int l=(a);\
-                                asm (                   \
-                                "bswapl %0"             \
-                                : "=r"(l) : "0"(l));    \
-                          l;                            \
-                        })
-#  elif defined(__powerpc)
-#   define LE_FETCH32(a)        ({ register unsigned int l;     \
-                                asm (                   \
-                                "lwbrx %0,0,%1"         \
-                                : "=r"(l)               \
-                                : "r"(a));              \
-                           l;                           \
-                        })
-
-#  elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
-#  define LE_FETCH32(a) ({ register unsigned int l;             \
-                                asm (                           \
-                                "lda [%1]#ASI_PRIMARY_LITTLE,%0"\
-                                : "=r"(l)                       \
-                                : "r"(a));                      \
-                           l;                                   \
-                        })
-#  endif
-# endif
-#endif /* PEDANTIC */
-
-#if HASH_LONG_LOG2==2   /* Engage only if sizeof(HASH_LONG)== 4 */
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#ifdef ROTATE
-/* 5 instructions with rotate instruction, else 9 */
-#define REVERSE_FETCH32(a,l)    (                                       \
-                l=*(const HASH_LONG *)(a),                              \
-                ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))  \
-                                )
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define REVERSE_FETCH32(a,l)    (                               \
-                l=*(const HASH_LONG *)(a),                      \
-                l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),    \
-                ROTATE(l,16)                                    \
-                                )
-/*
- * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
- * It's rewritten as above for two reasons:
- *      - RISCs aren't good at long constants and have to explicitely
- *        compose 'em with several (well, usually 2) instructions in a
- *        register before performing the actual operation and (as you
- *        already realized:-) having same constant should inspire the
- *        compiler to permanently allocate the only register for it;
- *      - most modern CPUs have two ALUs, but usually only one has
- *        circuitry for shifts:-( this minor tweak inspires compiler
- *        to schedule shift instructions in a better way...
- *
- *                              <appro@fy.chalmers.se>
- */
-#endif
-#endif
-
-#ifndef ROTATE
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-/*
- * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
- * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
- * and host are of the same "endianess". It's possible to mask
- * this with blank #define HASH_BLOCK_DATA_ORDER though...
- *
- *                              <appro@fy.chalmers.se>
- */
-#if defined(B_ENDIAN)
-#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
-#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
-#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
-#    endif
-#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#    ifndef HOST_FETCH32
-#      ifdef LE_FETCH32
-#        define HOST_FETCH32(p,l)       LE_FETCH32(p)
-#      elif defined(REVERSE_FETCH32)
-#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
-#      endif
-#    endif
-#  endif
-#elif defined(L_ENDIAN)
-#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
-#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
-#    endif
-#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
-#    ifndef HOST_FETCH32
-#      ifdef BE_FETCH32
-#        define HOST_FETCH32(p,l)       BE_FETCH32(p)
-#      elif defined(REVERSE_FETCH32)
-#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
-#      endif
-#    endif
-#  endif
-#endif
-
-#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-#endif
-
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-
-#define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))    ),          \
-                         l)
-#define HOST_p_c2l(c,l,n)       {                                       \
-                        switch (n) {                                    \
-                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
-                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
-                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
-                        case 3: l|=((unsigned long)(*((c)++)));         \
-                                } }
-#define HOST_p_c2l_p(c,l,sc,len) {                                      \
-                        switch (sc) {                                   \
-                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
-                                if (--len == 0) break;                  \
-                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
-                                if (--len == 0) break;                  \
-                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
-                                } }
-/* NOTE the pointer is not incremented at the end of this */
-#define HOST_c2l_p(c,l,n)       {                                       \
-                        l=0; (c)+=n;                                    \
-                        switch (n) {                                    \
-                        case 3: l =((unsigned long)(*(--(c))))<< 8;     \
-                        case 2: l|=((unsigned long)(*(--(c))))<<16;     \
-                        case 1: l|=((unsigned long)(*(--(c))))<<24;     \
-                                } }
-#define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         l)
-
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-
-#define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<<24),          \
-                         l)
-#define HOST_p_c2l(c,l,n)       {                                       \
-                        switch (n) {                                    \
-                        case 0: l =((unsigned long)(*((c)++)));         \
-                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
-                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
-                        case 3: l|=((unsigned long)(*((c)++)))<<24;     \
-                                } }
-#define HOST_p_c2l_p(c,l,sc,len) {                                      \
-                        switch (sc) {                                   \
-                        case 0: l =((unsigned long)(*((c)++)));         \
-                                if (--len == 0) break;                  \
-                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
-                                if (--len == 0) break;                  \
-                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
-                                } }
-/* NOTE the pointer is not incremented at the end of this */
-#define HOST_c2l_p(c,l,n)       {                                       \
-                        l=0; (c)+=n;                                    \
-                        switch (n) {                                    \
-                        case 3: l =((unsigned long)(*(--(c))))<<16;     \
-                        case 2: l|=((unsigned long)(*(--(c))))<< 8;     \
-                        case 1: l|=((unsigned long)(*(--(c))));         \
-                                } }
-#define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         l)
-
-#endif
-
-/*
- * Time for some action:-)
- */
-
-int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
-        {
-        const unsigned char *data=data_;
-        register HASH_LONG * p;
-        register unsigned long l;
-        int sw,sc,ew,ec;
-
-        if (len==0) return 1;
-
-        l=(c->Nl+(len<<3))&0xffffffffL;
-        /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
-         * Wei Dai <weidai@eskimo.com> for pointing it out. */
-        if (l < c->Nl) /* overflow */
-                c->Nh++;
-        c->Nh+=(len>>29);
-        c->Nl=l;
-
-        if (c->num != 0)
-                {
-                p=c->data;
-                sw=c->num>>2;
-                sc=c->num&0x03;
-
-                if ((c->num+len) >= HASH_CBLOCK)
-                        {
-                        l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
-                        for (; sw<HASH_LBLOCK; sw++)
-                                {
-                                HOST_c2l(data,l); p[sw]=l;
-                                }
-                        HASH_BLOCK_HOST_ORDER (c,p,1);
-                        len-=(HASH_CBLOCK-c->num);
-                        c->num=0;
-                        /* drop through and do the rest */
-                        }
-                else
-                        {
-                        c->num+=len;
-                        if ((sc+len) < 4) /* ugly, add char's to a word */
-                                {
-                                l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
-                                }
-                        else
-                                {
-                                ew=(c->num>>2);
-                                ec=(c->num&0x03);
-                                if (sc)
-                                        l=p[sw];
-                                HOST_p_c2l(data,l,sc);
-                                p[sw++]=l;
-                                for (; sw < ew; sw++)
-                                        {
-                                        HOST_c2l(data,l); p[sw]=l;
-                                        }
-                                if (ec)
-                                        {
-                                        HOST_c2l_p(data,l,ec); p[sw]=l;
-                                        }
-                                }
-                        return 1;
-                        }
-                }
-
-        sw=len/HASH_CBLOCK;
-        if (sw > 0)
-                {
-#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
-                /*
-                 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
-                 * only if sizeof(HASH_LONG)==4.
-                 */
-                if ((((unsigned long)data)%4) == 0)
-                        {
-                        /* data is properly aligned so that we can cast it: */
-                        HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
-                        sw*=HASH_CBLOCK;
-                        data+=sw;
-                        len-=sw;
-                        }
-                else
-#if !defined(HASH_BLOCK_DATA_ORDER)
-                        while (sw--)
-                                {
-                                memcpy (p=c->data,data,HASH_CBLOCK);
-                                HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
-                                data+=HASH_CBLOCK;
-                                len-=HASH_CBLOCK;
-                                }
-#endif
-#endif
-#if defined(HASH_BLOCK_DATA_ORDER)
-                        {
-                        HASH_BLOCK_DATA_ORDER(c,data,sw);
-                        sw*=HASH_CBLOCK;
-                        data+=sw;
-                        len-=sw;
-                        }
-#endif
-                }
-
-        if (len!=0)
-                {
-                p = c->data;
-                c->num = len;
-                ew=len>>2;      /* words to copy */
-                ec=len&0x03;
-                for (; ew; ew--,p++)
-                        {
-                        HOST_c2l(data,l); *p=l;
-                        }
-                HOST_c2l_p(data,l,ec);
-                *p=l;
-                }
-        return 1;
-        }
-
-
-void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
-        {
-#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
-        if ((((unsigned long)data)%4) == 0)
-                /* data is properly aligned so that we can cast it: */
-                HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
-        else
-#if !defined(HASH_BLOCK_DATA_ORDER)
-                {
-                memcpy (c->data,data,HASH_CBLOCK);
-                HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
-                }
-#endif
-#endif
-#if defined(HASH_BLOCK_DATA_ORDER)
-        HASH_BLOCK_DATA_ORDER (c,data,1);
-#endif
-        }
-
-
-int HASH_FINAL (unsigned char *md, HASH_CTX *c)
-        {
-        register HASH_LONG *p;
-        register unsigned long l;
-        register int i,j;
-        static const unsigned char end[4]={0x80,0x00,0x00,0x00};
-        const unsigned char *cp=end;
-
-#if 0
-        if(FIPS_mode() && !FIPS_md5_allowed())
-            {
-            FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
-
-        /* c->num should definitly have room for at least one more byte. */
-        p=c->data;
-        i=c->num>>2;
-        j=c->num&0x03;
-
-#if 0
-        /* purify often complains about the following line as an
-         * Uninitialized Memory Read.  While this can be true, the
-         * following p_c2l macro will reset l when that case is true.
-         * This is because j&0x03 contains the number of 'valid' bytes
-         * already in p[i].  If and only if j&0x03 == 0, the UMR will
-         * occur but this is also the only time p_c2l will do
-         * l= *(cp++) instead of l|= *(cp++)
-         * Many thanks to Alex Tang <altitude@cic.net> for pickup this
-         * 'potential bug' */
-#ifdef PURIFY
-        if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
-#endif
-        l=p[i];
-#else
-        l = (j==0) ? 0 : p[i];
-#endif
-        HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
-
-        if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
-                {
-                if (i<HASH_LBLOCK) p[i]=0;
-                HASH_BLOCK_HOST_ORDER (c,p,1);
-                i=0;
-                }
-        for (; i<(HASH_LBLOCK-2); i++)
-                p[i]=0;
-
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-        p[HASH_LBLOCK-2]=c->Nh;
-        p[HASH_LBLOCK-1]=c->Nl;
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-        p[HASH_LBLOCK-2]=c->Nl;
-        p[HASH_LBLOCK-1]=c->Nh;
-#endif
-        HASH_BLOCK_HOST_ORDER (c,p,1);
-
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#else
-        HASH_MAKE_STRING(c,md);
-#endif
-
-        c->num=0;
-        /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
-         * but I'm not worried :-)
-        OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
-         */
-        return 1;
-        }
-
-#ifndef MD32_REG_T
-#define MD32_REG_T long
-/*
- * This comment was originaly written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
- * In case you wonder why A-D are declared as long and not
- * as MD5_LONG. Doing so results in slight performance
- * boost on LP64 architectures. The catch is we don't
- * really care if 32 MSBs of a 64-bit register get polluted
- * with eventual overflows as we *save* only 32 LSBs in
- * *either* case. Now declaring 'em long excuses the compiler
- * from keeping 32 MSBs zeroed resulting in 13% performance
- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents* 
- * performance degradation.
- *                              <appro@fy.chalmers.se>
- * Apparently there're LP64 compilers that generate better
- * code if A-D are declared int. Most notably GCC-x86_64
- * generates better code.
- *                              <appro@fy.chalmers.se>
- */
-#endif
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
deleted file mode 100644
index 7e761efb62..0000000000
--- a/src/lib/libcrypto/md4/md4.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/md4/md4.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD4_H
-#define HEADER_MD4_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD4
-#error MD4 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD4_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define MD4_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD4_LONG unsigned long
-#define MD4_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-#else
-#define MD4_LONG unsigned int
-#endif
-
-#define MD4_CBLOCK      64
-#define MD4_LBLOCK      (MD4_CBLOCK/4)
-#define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st
-        {
-        MD4_LONG A,B,C,D;
-        MD4_LONG Nl,Nh;
-        MD4_LONG data[MD4_LBLOCK];
-        int num;
-        } MD4_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
deleted file mode 100644
index ee7cc72262..0000000000
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/* crypto/md4/md4_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md4_locl.h"
-#include <openssl/opensslv.h>
-
-const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-FIPS_NON_FIPS_MD_Init(MD4)
-        {
-        c->A=INIT_DATA_A;
-        c->B=INIT_DATA_B;
-        c->C=INIT_DATA_C;
-        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
-        return 1;
-        }
-
-#ifndef md4_block_host_order
-void md4_block_host_order (MD4_CTX *c, const void *data, int num)
-        {
-        const MD4_LONG *X=data;
-        register unsigned MD32_REG_T A,B,C,D;
-
-        A=c->A;
-        B=c->B;
-        C=c->C;
-        D=c->D;
-
-        for (;num--;X+=HASH_LBLOCK)
-                {
-        /* Round 0 */
-        R0(A,B,C,D,X[ 0], 3,0);
-        R0(D,A,B,C,X[ 1], 7,0);
-        R0(C,D,A,B,X[ 2],11,0);
-        R0(B,C,D,A,X[ 3],19,0);
-        R0(A,B,C,D,X[ 4], 3,0);
-        R0(D,A,B,C,X[ 5], 7,0);
-        R0(C,D,A,B,X[ 6],11,0);
-        R0(B,C,D,A,X[ 7],19,0);
-        R0(A,B,C,D,X[ 8], 3,0);
-        R0(D,A,B,C,X[ 9], 7,0);
-        R0(C,D,A,B,X[10],11,0);
-        R0(B,C,D,A,X[11],19,0);
-        R0(A,B,C,D,X[12], 3,0);
-        R0(D,A,B,C,X[13], 7,0);
-        R0(C,D,A,B,X[14],11,0);
-        R0(B,C,D,A,X[15],19,0);
-        /* Round 1 */
-        R1(A,B,C,D,X[ 0], 3,0x5A827999L);
-        R1(D,A,B,C,X[ 4], 5,0x5A827999L);
-        R1(C,D,A,B,X[ 8], 9,0x5A827999L);
-        R1(B,C,D,A,X[12],13,0x5A827999L);
-        R1(A,B,C,D,X[ 1], 3,0x5A827999L);
-        R1(D,A,B,C,X[ 5], 5,0x5A827999L);
-        R1(C,D,A,B,X[ 9], 9,0x5A827999L);
-        R1(B,C,D,A,X[13],13,0x5A827999L);
-        R1(A,B,C,D,X[ 2], 3,0x5A827999L);
-        R1(D,A,B,C,X[ 6], 5,0x5A827999L);
-        R1(C,D,A,B,X[10], 9,0x5A827999L);
-        R1(B,C,D,A,X[14],13,0x5A827999L);
-        R1(A,B,C,D,X[ 3], 3,0x5A827999L);
-        R1(D,A,B,C,X[ 7], 5,0x5A827999L);
-        R1(C,D,A,B,X[11], 9,0x5A827999L);
-        R1(B,C,D,A,X[15],13,0x5A827999L);
-        /* Round 2 */
-        R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
-        R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
-        R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
-        R2(B,C,D,A,X[12],15,0x6ED9EBA1);
-        R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
-        R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
-        R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
-        R2(B,C,D,A,X[14],15,0x6ED9EBA1);
-        R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
-        R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
-        R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
-        R2(B,C,D,A,X[13],15,0x6ED9EBA1);
-        R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
-        R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
-        R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
-        R2(B,C,D,A,X[15],15,0x6ED9EBA1);
-
-        A = c->A += A;
-        B = c->B += B;
-        C = c->C += C;
-        D = c->D += D;
-                }
-        }
-#endif
-
-#ifndef md4_block_data_order
-#ifdef X
-#undef X
-#endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
-        {
-        const unsigned char *data=data_;
-        register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-        /* See comment in crypto/sha/sha_locl.h for details. */
-        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)   XX##i
-#else
-        MD4_LONG XX[MD4_LBLOCK];
-# define X(i)   XX[i]
-#endif
-
-        A=c->A;
-        B=c->B;
-        C=c->C;
-        D=c->D;
-
-        for (;num--;)
-                {
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-        /* Round 0 */
-        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
-        R0(C,D,A,B,X(14),11,0);
-        R0(B,C,D,A,X(15),19,0);
-        /* Round 1 */
-        R1(A,B,C,D,X( 0), 3,0x5A827999L);
-        R1(D,A,B,C,X( 4), 5,0x5A827999L);
-        R1(C,D,A,B,X( 8), 9,0x5A827999L);
-        R1(B,C,D,A,X(12),13,0x5A827999L);
-        R1(A,B,C,D,X( 1), 3,0x5A827999L);
-        R1(D,A,B,C,X( 5), 5,0x5A827999L);
-        R1(C,D,A,B,X( 9), 9,0x5A827999L);
-        R1(B,C,D,A,X(13),13,0x5A827999L);
-        R1(A,B,C,D,X( 2), 3,0x5A827999L);
-        R1(D,A,B,C,X( 6), 5,0x5A827999L);
-        R1(C,D,A,B,X(10), 9,0x5A827999L);
-        R1(B,C,D,A,X(14),13,0x5A827999L);
-        R1(A,B,C,D,X( 3), 3,0x5A827999L);
-        R1(D,A,B,C,X( 7), 5,0x5A827999L);
-        R1(C,D,A,B,X(11), 9,0x5A827999L);
-        R1(B,C,D,A,X(15),13,0x5A827999L);
-        /* Round 2 */
-        R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
-        R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
-        R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
-        R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
-        R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
-        R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
-        R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
-        R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
-        R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
-        R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
-        R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
-        R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
-        R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
-        R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
-        R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
-        R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
-
-        A = c->A += A;
-        B = c->B += B;
-        C = c->C += C;
-        D = c->D += D;
-                }
-        }
-#endif
-
-#ifdef undef
-int printit(unsigned long *l)
-        {
-        int i,ii;
-
-        for (i=0; i<2; i++)
-                {
-                for (ii=0; ii<8; ii++)
-                        {
-                        fprintf(stderr,"%08lx ",l[i*8+ii]);
-                        }
-                fprintf(stderr,"\n");
-                }
-        }
-#endif
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
deleted file mode 100644
index a8d31d7a73..0000000000
--- a/src/lib/libcrypto/md4/md4_locl.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/md4/md4_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/md4.h>
-
-#ifndef MD4_LONG_LOG2
-#define MD4_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-void md4_block_host_order (MD4_CTX *c, const void *p,int num);
-void md4_block_data_order (MD4_CTX *c, const void *p,int num);
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-/*
- * *_block_host_order is expected to handle aligned data while
- * *_block_data_order - unaligned. As algorithm and host (x86)
- * are in this case of the same "endianness" these two are
- * otherwise indistinguishable. But normally you don't want to
- * call the same function because unaligned access in places
- * where alignment is expected is usually a "Bad Thing". Indeed,
- * on RISCs you get punished with BUS ERROR signal or *severe*
- * performance degradation. Intel CPUs are in turn perfectly
- * capable of loading unaligned data without such drastic side
- * effect. Yes, they say it's slower than aligned load, but no
- * exception is generated and therefore performance degradation
- * is *incomparable* with RISCs. What we should weight here is
- * costs of unaligned access against costs of aligning data.
- * According to my measurements allowing unaligned access results
- * in ~9% performance improvement on Pentium II operating at
- * 266MHz. I won't be surprised if the difference will be higher
- * on faster systems:-)
- *
- *                              <appro@fy.chalmers.se>
- */
-#define md4_block_data_order md4_block_host_order
-#endif
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG               MD4_LONG
-#define HASH_LONG_LOG2          MD4_LONG_LOG2
-#define HASH_CTX                MD4_CTX
-#define HASH_CBLOCK             MD4_CBLOCK
-#define HASH_LBLOCK             MD4_LBLOCK
-#define HASH_UPDATE             MD4_Update
-#define HASH_TRANSFORM          MD4_Transform
-#define HASH_FINAL              MD4_Final
-#define HASH_MAKE_STRING(c,s)   do {    \
-        unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        } while (0)
-#define HASH_BLOCK_HOST_ORDER   md4_block_host_order
-#if !defined(L_ENDIAN) || defined(md4_block_data_order)
-#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
-/*
- * Little-endians (Intel and Alpha) feel better without this.
- * It looks like memcpy does better job than generic
- * md4_block_data_order on copying-n-aligning input data.
- * But frankly speaking I didn't expect such result on Alpha.
- * On the other hand I've got this with egcs-1.0.2 and if
- * program is compiled with another (better?) compiler it
- * might turn out other way around.
- *
- *                              <appro@fy.chalmers.se>
- */
-#endif
-
-#include "md32_common.h"
-
-/*
-#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
-#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-#define H(b,c,d)        ((b) ^ (c) ^ (d))
-
-#define R0(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+F((b),(c),(d))); \
-        a=ROTATE(a,s); };
-
-#define R1(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+G((b),(c),(d))); \
-        a=ROTATE(a,s); };\
-
-#define R2(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+H((b),(c),(d))); \
-        a=ROTATE(a,s); };
diff --git a/src/lib/libcrypto/md4/md4_one.c b/src/lib/libcrypto/md4/md4_one.c
deleted file mode 100644
index 50f79352f6..0000000000
--- a/src/lib/libcrypto/md4/md4_one.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/md4/md4_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md4.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
-        {
-        MD4_CTX c;
-        static unsigned char m[MD4_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MD4_Init(&c))
-                return NULL;
-#ifndef CHARSET_EBCDIC
-        MD4_Update(&c,d,n);
-#else
-        {
-                char temp[1024];
-                unsigned long chunk;
-
-                while (n > 0)
-                {
-                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-                        ebcdic2ascii(temp, d, chunk);
-                        MD4_Update(&c,temp,chunk);
-                        n -= chunk;
-                        d += chunk;
-                }
-        }
-#endif
-        MD4_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl
deleted file mode 100644
index fa3fa3bed5..0000000000
--- a/src/lib/libcrypto/md5/asm/md5-586.pl
+++ /dev/null
@@ -1,306 +0,0 @@
-#!/usr/local/bin/perl
-
-# Normal is the
-# md5_block_x86(MD5_CTX *c, ULONG *X);
-# version, non-normal is the
-# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
-
-$normal=0;
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$A="eax";
-$B="ebx";
-$C="ecx";
-$D="edx";
-$tmp1="edi";
-$tmp2="ebp";
-$X="esi";
-
-# What we need to load into $tmp for the next round
-%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
-@xo=(
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,  # R0
- 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,  # R1
- 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,  # R2
- 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,  # R3
- );
-
-&md5_block("md5_block_asm_host_order");
-&asm_finish();
-
-sub Np
-        {
-        local($p)=@_;
-        local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
-        return($n{$p});
-        }
-
-sub R0
-        {
-        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-        &mov($tmp1,$C)  if $pos < 0;
-        &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
-
-        # body proper
-
-        &comment("R0 $ki");
-        &xor($tmp1,$d); # F function - part 2
-
-        &and($tmp1,$b); # F function - part 3
-        &lea($a,&DWP($t,$a,$tmp2,1));
-
-        &xor($tmp1,$d); # F function - part 4
-
-        &add($a,$tmp1);
-        &mov($tmp1,&Np($c)) if $pos < 1;        # next tmp1 for R0
-        &mov($tmp1,&Np($c)) if $pos == 1;       # next tmp1 for R1
-
-        &rotl($a,$s);
-
-        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-
-        &add($a,$b);
-        }
-
-sub R1
-        {
-        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-        &comment("R1 $ki");
-
-        &lea($a,&DWP($t,$a,$tmp2,1));
-
-        &xor($tmp1,$b); # G function - part 2
-        &and($tmp1,$d); # G function - part 3
-
-        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-        &xor($tmp1,$c);                 # G function - part 4
-
-        &add($a,$tmp1);
-        &mov($tmp1,&Np($c)) if $pos < 1;        # G function - part 1
-        &mov($tmp1,&Np($c)) if $pos == 1;       # G function - part 1
-
-        &rotl($a,$s);
-
-        &add($a,$b);
-        }
-
-sub R2
-        {
-        local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-        # This one is different, only 3 logical operations
-
-if (($n & 1) == 0)
-        {
-        &comment("R2 $ki");
-        # make sure to do 'D' first, not 'B', else we clash with
-        # the last add from the previous round.
-
-        &xor($tmp1,$d); # H function - part 2
-
-        &xor($tmp1,$b); # H function - part 3
-        &lea($a,&DWP($t,$a,$tmp2,1));
-
-        &add($a,$tmp1);
-
-        &rotl($a,$s);
-
-        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
-        &mov($tmp1,&Np($c));
-        }
-else
-        {
-        &comment("R2 $ki");
-        # make sure to do 'D' first, not 'B', else we clash with
-        # the last add from the previous round.
-
-        &lea($a,&DWP($t,$a,$tmp2,1));
-
-        &add($b,$c);                    # MOVED FORWARD
-        &xor($tmp1,$d); # H function - part 2
-
-        &xor($tmp1,$b); # H function - part 3
-        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-
-        &add($a,$tmp1);
-        &mov($tmp1,&Np($c)) if $pos < 1;        # H function - part 1
-        &mov($tmp1,-1) if $pos == 1;            # I function - part 1
-
-        &rotl($a,$s);
-
-        &add($a,$b);
-        }
-        }
-
-sub R3
-        {
-        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-        &comment("R3 $ki");
-
-        # &not($tmp1)
-        &xor($tmp1,$d) if $pos < 0;     # I function - part 2
-
-        &or($tmp1,$b);                          # I function - part 3
-        &lea($a,&DWP($t,$a,$tmp2,1));
-
-        &xor($tmp1,$c);                         # I function - part 4
-        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))  if $pos != 2; # load X/k value
-        &mov($tmp2,&wparam(0)) if $pos == 2;
-
-        &add($a,$tmp1);
-        &mov($tmp1,-1) if $pos < 1;     # H function - part 1
-        &add($K,64) if $pos >=1 && !$normal;
-
-        &rotl($a,$s);
-
-        &xor($tmp1,&Np($d)) if $pos <= 0;       # I function - part = first time
-        &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
-        &add($a,$b);
-        }
-
-
-sub md5_block
-        {
-        local($name)=@_;
-
-        &function_begin_B($name,"",3);
-
-        # parameter 1 is the MD5_CTX structure.
-        # A     0
-        # B     4
-        # C     8
-        # D     12
-
-        &push("esi");
-         &push("edi");
-        &mov($tmp1,     &wparam(0)); # edi
-         &mov($X,       &wparam(1)); # esi
-        &mov($C,        &wparam(2));
-         &push("ebp");
-        &shl($C,        6);
-        &push("ebx");
-         &add($C,       $X); # offset we end at
-        &sub($C,        64);
-         &mov($A,       &DWP( 0,$tmp1,"",0));
-        &push($C);      # Put on the TOS
-         &mov($B,       &DWP( 4,$tmp1,"",0));
-        &mov($C,        &DWP( 8,$tmp1,"",0));
-         &mov($D,       &DWP(12,$tmp1,"",0));
-
-        &set_label("start") unless $normal;
-        &comment("");
-        &comment("R0 section");
-
-        &R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
-        &R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
-        &R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
-        &R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
-        &R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
-        &R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
-        &R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
-        &R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
-        &R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
-        &R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
-        &R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
-        &R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
-        &R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
-        &R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
-        &R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
-        &R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
-
-        &comment("");
-        &comment("R1 section");
-        &R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
-        &R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
-        &R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
-        &R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
-        &R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
-        &R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
-        &R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
-        &R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
-        &R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
-        &R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
-        &R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
-        &R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
-        &R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
-        &R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
-        &R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
-        &R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
-
-        &comment("");
-        &comment("R2 section");
-        &R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
-        &R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
-        &R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
-        &R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
-        &R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
-        &R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
-        &R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
-        &R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
-        &R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
-        &R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
-        &R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
-        &R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
-        &R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
-        &R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
-        &R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
-        &R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
-
-        &comment("");
-        &comment("R3 section");
-        &R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
-        &R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
-        &R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
-        &R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
-        &R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
-        &R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
-        &R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
-        &R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
-        &R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
-        &R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
-        &R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
-        &R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
-        &R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
-        &R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
-        &R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
-        &R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
-
-        # &mov($tmp2,&wparam(0));       # done in the last R3
-        # &mov($tmp1,   &DWP( 0,$tmp2,"",0)); # done is the last R3
-
-        &add($A,$tmp1);
-         &mov($tmp1,    &DWP( 4,$tmp2,"",0));
-
-        &add($B,$tmp1);
-        &mov($tmp1,     &DWP( 8,$tmp2,"",0));
-
-        &add($C,$tmp1);
-        &mov($tmp1,     &DWP(12,$tmp2,"",0));
-
-        &add($D,$tmp1);
-        &mov(&DWP( 0,$tmp2,"",0),$A);
-
-        &mov(&DWP( 4,$tmp2,"",0),$B);
-        &mov($tmp1,&swtmp(0)) unless $normal;
-
-        &mov(&DWP( 8,$tmp2,"",0),$C);
-         &mov(&DWP(12,$tmp2,"",0),$D);
-
-        &cmp($tmp1,$X) unless $normal;                  # check count
-         &jae(&label("start")) unless $normal;
-
-        &pop("eax"); # pop the temp variable off the stack
-         &pop("ebx");
-        &pop("ebp");
-         &pop("edi");
-        &pop("esi");
-         &ret();
-        &function_end_B($name);
-        }
-
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
deleted file mode 100644
index c663dd1816..0000000000
--- a/src/lib/libcrypto/md5/md5.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/md5/md5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD5
-#error MD5 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD5_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define MD5_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD5_LONG unsigned long
-#define MD5_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *                                      <appro@fy.chalmers.se>
- */
-#else
-#define MD5_LONG unsigned int
-#endif
-
-#define MD5_CBLOCK      64
-#define MD5_LBLOCK      (MD5_CBLOCK/4)
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
-        {
-        MD5_LONG A,B,C,D;
-        MD5_LONG Nl,Nh;
-        MD5_LONG data[MD5_LBLOCK];
-        int num;
-        } MD5_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c
deleted file mode 100644
index 54b33c6509..0000000000
--- a/src/lib/libcrypto/md5/md5_dgst.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/* crypto/md5/md5_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md5_locl.h"
-#include <openssl/opensslv.h>
-
-const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-FIPS_NON_FIPS_MD_Init(MD5)
-        {
-        c->A=INIT_DATA_A;
-        c->B=INIT_DATA_B;
-        c->C=INIT_DATA_C;
-        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
-        return 1;
-        }
-
-#ifndef md5_block_host_order
-void md5_block_host_order (MD5_CTX *c, const void *data, int num)
-        {
-        const MD5_LONG *X=data;
-        register unsigned MD32_REG_T A,B,C,D;
-
-        A=c->A;
-        B=c->B;
-        C=c->C;
-        D=c->D;
-
-        for (;num--;X+=HASH_LBLOCK)
-                {
-        /* Round 0 */
-        R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
-        R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
-        R0(C,D,A,B,X[ 2],17,0x242070dbL);
-        R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
-        R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
-        R0(D,A,B,C,X[ 5],12,0x4787c62aL);
-        R0(C,D,A,B,X[ 6],17,0xa8304613L);
-        R0(B,C,D,A,X[ 7],22,0xfd469501L);
-        R0(A,B,C,D,X[ 8], 7,0x698098d8L);
-        R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
-        R0(C,D,A,B,X[10],17,0xffff5bb1L);
-        R0(B,C,D,A,X[11],22,0x895cd7beL);
-        R0(A,B,C,D,X[12], 7,0x6b901122L);
-        R0(D,A,B,C,X[13],12,0xfd987193L);
-        R0(C,D,A,B,X[14],17,0xa679438eL);
-        R0(B,C,D,A,X[15],22,0x49b40821L);
-        /* Round 1 */
-        R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
-        R1(D,A,B,C,X[ 6], 9,0xc040b340L);
-        R1(C,D,A,B,X[11],14,0x265e5a51L);
-        R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
-        R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
-        R1(D,A,B,C,X[10], 9,0x02441453L);
-        R1(C,D,A,B,X[15],14,0xd8a1e681L);
-        R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
-        R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
-        R1(D,A,B,C,X[14], 9,0xc33707d6L);
-        R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
-        R1(B,C,D,A,X[ 8],20,0x455a14edL);
-        R1(A,B,C,D,X[13], 5,0xa9e3e905L);
-        R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
-        R1(C,D,A,B,X[ 7],14,0x676f02d9L);
-        R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
-        /* Round 2 */
-        R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
-        R2(D,A,B,C,X[ 8],11,0x8771f681L);
-        R2(C,D,A,B,X[11],16,0x6d9d6122L);
-        R2(B,C,D,A,X[14],23,0xfde5380cL);
-        R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
-        R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
-        R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
-        R2(B,C,D,A,X[10],23,0xbebfbc70L);
-        R2(A,B,C,D,X[13], 4,0x289b7ec6L);
-        R2(D,A,B,C,X[ 0],11,0xeaa127faL);
-        R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
-        R2(B,C,D,A,X[ 6],23,0x04881d05L);
-        R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
-        R2(D,A,B,C,X[12],11,0xe6db99e5L);
-        R2(C,D,A,B,X[15],16,0x1fa27cf8L);
-        R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
-        /* Round 3 */
-        R3(A,B,C,D,X[ 0], 6,0xf4292244L);
-        R3(D,A,B,C,X[ 7],10,0x432aff97L);
-        R3(C,D,A,B,X[14],15,0xab9423a7L);
-        R3(B,C,D,A,X[ 5],21,0xfc93a039L);
-        R3(A,B,C,D,X[12], 6,0x655b59c3L);
-        R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
-        R3(C,D,A,B,X[10],15,0xffeff47dL);
-        R3(B,C,D,A,X[ 1],21,0x85845dd1L);
-        R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
-        R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
-        R3(C,D,A,B,X[ 6],15,0xa3014314L);
-        R3(B,C,D,A,X[13],21,0x4e0811a1L);
-        R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
-        R3(D,A,B,C,X[11],10,0xbd3af235L);
-        R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
-        R3(B,C,D,A,X[ 9],21,0xeb86d391L);
-
-        A = c->A += A;
-        B = c->B += B;
-        C = c->C += C;
-        D = c->D += D;
-                }
-        }
-#endif
-
-#ifndef md5_block_data_order
-#ifdef X
-#undef X
-#endif
-void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
-        {
-        const unsigned char *data=data_;
-        register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-        /* See comment in crypto/sha/sha_locl.h for details. */
-        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)   XX##i
-#else
-        MD5_LONG XX[MD5_LBLOCK];
-# define X(i)   XX[i]
-#endif
-
-        A=c->A;
-        B=c->B;
-        C=c->C;
-        D=c->D;
-
-        for (;num--;)
-                {
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-        /* Round 0 */
-        R0(A,B,C,D,X( 0), 7,0xd76aa478L);       HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1),12,0xe8c7b756L);       HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),17,0x242070dbL);       HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),22,0xc1bdceeeL);       HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 7,0xf57c0fafL);       HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5),12,0x4787c62aL);       HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),17,0xa8304613L);       HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),22,0xfd469501L);       HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 7,0x698098d8L);       HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9),12,0x8b44f7afL);       HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),17,0xffff5bb1L);       HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),22,0x895cd7beL);       HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 7,0x6b901122L);       HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13),12,0xfd987193L);       HOST_c2l(data,l); X(15)=l;
-        R0(C,D,A,B,X(14),17,0xa679438eL);
-        R0(B,C,D,A,X(15),22,0x49b40821L);
-        /* Round 1 */
-        R1(A,B,C,D,X( 1), 5,0xf61e2562L);
-        R1(D,A,B,C,X( 6), 9,0xc040b340L);
-        R1(C,D,A,B,X(11),14,0x265e5a51L);
-        R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
-        R1(A,B,C,D,X( 5), 5,0xd62f105dL);
-        R1(D,A,B,C,X(10), 9,0x02441453L);
-        R1(C,D,A,B,X(15),14,0xd8a1e681L);
-        R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
-        R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
-        R1(D,A,B,C,X(14), 9,0xc33707d6L);
-        R1(C,D,A,B,X( 3),14,0xf4d50d87L);
-        R1(B,C,D,A,X( 8),20,0x455a14edL);
-        R1(A,B,C,D,X(13), 5,0xa9e3e905L);
-        R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
-        R1(C,D,A,B,X( 7),14,0x676f02d9L);
-        R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
-        /* Round 2 */
-        R2(A,B,C,D,X( 5), 4,0xfffa3942L);
-        R2(D,A,B,C,X( 8),11,0x8771f681L);
-        R2(C,D,A,B,X(11),16,0x6d9d6122L);
-        R2(B,C,D,A,X(14),23,0xfde5380cL);
-        R2(A,B,C,D,X( 1), 4,0xa4beea44L);
-        R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
-        R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
-        R2(B,C,D,A,X(10),23,0xbebfbc70L);
-        R2(A,B,C,D,X(13), 4,0x289b7ec6L);
-        R2(D,A,B,C,X( 0),11,0xeaa127faL);
-        R2(C,D,A,B,X( 3),16,0xd4ef3085L);
-        R2(B,C,D,A,X( 6),23,0x04881d05L);
-        R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
-        R2(D,A,B,C,X(12),11,0xe6db99e5L);
-        R2(C,D,A,B,X(15),16,0x1fa27cf8L);
-        R2(B,C,D,A,X( 2),23,0xc4ac5665L);
-        /* Round 3 */
-        R3(A,B,C,D,X( 0), 6,0xf4292244L);
-        R3(D,A,B,C,X( 7),10,0x432aff97L);
-        R3(C,D,A,B,X(14),15,0xab9423a7L);
-        R3(B,C,D,A,X( 5),21,0xfc93a039L);
-        R3(A,B,C,D,X(12), 6,0x655b59c3L);
-        R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
-        R3(C,D,A,B,X(10),15,0xffeff47dL);
-        R3(B,C,D,A,X( 1),21,0x85845dd1L);
-        R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
-        R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
-        R3(C,D,A,B,X( 6),15,0xa3014314L);
-        R3(B,C,D,A,X(13),21,0x4e0811a1L);
-        R3(A,B,C,D,X( 4), 6,0xf7537e82L);
-        R3(D,A,B,C,X(11),10,0xbd3af235L);
-        R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
-        R3(B,C,D,A,X( 9),21,0xeb86d391L);
-
-        A = c->A += A;
-        B = c->B += B;
-        C = c->C += C;
-        D = c->D += D;
-                }
-        }
-#endif
-
-#ifdef undef
-int printit(unsigned long *l)
-        {
-        int i,ii;
-
-        for (i=0; i<2; i++)
-                {
-                for (ii=0; ii<8; ii++)
-                        {
-                        fprintf(stderr,"%08lx ",l[i*8+ii]);
-                        }
-                fprintf(stderr,"\n");
-                }
-        }
-#endif
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
deleted file mode 100644
index 9e360da732..0000000000
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/* crypto/md5/md5_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#include <openssl/md5.h>
-
-#ifndef MD5_LONG_LOG2
-#define MD5_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-#ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  define md5_block_host_order md5_block_asm_host_order
-# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
-   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
-#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
-# endif
-#endif
-
-void md5_block_host_order (MD5_CTX *c, const void *p,int num);
-void md5_block_data_order (MD5_CTX *c, const void *p,int num);
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-/*
- * *_block_host_order is expected to handle aligned data while
- * *_block_data_order - unaligned. As algorithm and host (x86)
- * are in this case of the same "endianness" these two are
- * otherwise indistinguishable. But normally you don't want to
- * call the same function because unaligned access in places
- * where alignment is expected is usually a "Bad Thing". Indeed,
- * on RISCs you get punished with BUS ERROR signal or *severe*
- * performance degradation. Intel CPUs are in turn perfectly
- * capable of loading unaligned data without such drastic side
- * effect. Yes, they say it's slower than aligned load, but no
- * exception is generated and therefore performance degradation
- * is *incomparable* with RISCs. What we should weight here is
- * costs of unaligned access against costs of aligning data.
- * According to my measurements allowing unaligned access results
- * in ~9% performance improvement on Pentium II operating at
- * 266MHz. I won't be surprised if the difference will be higher
- * on faster systems:-)
- *
- *                              <appro@fy.chalmers.se>
- */
-#define md5_block_data_order md5_block_host_order
-#endif
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG               MD5_LONG
-#define HASH_LONG_LOG2          MD5_LONG_LOG2
-#define HASH_CTX                MD5_CTX
-#define HASH_CBLOCK             MD5_CBLOCK
-#define HASH_LBLOCK             MD5_LBLOCK
-#define HASH_UPDATE             MD5_Update
-#define HASH_TRANSFORM          MD5_Transform
-#define HASH_FINAL              MD5_Final
-#define HASH_MAKE_STRING(c,s)   do {    \
-        unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        } while (0)
-#define HASH_BLOCK_HOST_ORDER   md5_block_host_order
-#if !defined(L_ENDIAN) || defined(md5_block_data_order)
-#define HASH_BLOCK_DATA_ORDER   md5_block_data_order
-/*
- * Little-endians (Intel and Alpha) feel better without this.
- * It looks like memcpy does better job than generic
- * md5_block_data_order on copying-n-aligning input data.
- * But frankly speaking I didn't expect such result on Alpha.
- * On the other hand I've got this with egcs-1.0.2 and if
- * program is compiled with another (better?) compiler it
- * might turn out other way around.
- *
- *                              <appro@fy.chalmers.se>
- */
-#endif
-
-#include "md32_common.h"
-
-/*
-#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
-#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
-#define H(b,c,d)        ((b) ^ (c) ^ (d))
-#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
-
-#define R0(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+F((b),(c),(d))); \
-        a=ROTATE(a,s); \
-        a+=b; };\
-
-#define R1(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+G((b),(c),(d))); \
-        a=ROTATE(a,s); \
-        a+=b; };
-
-#define R2(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+H((b),(c),(d))); \
-        a=ROTATE(a,s); \
-        a+=b; };
-
-#define R3(a,b,c,d,k,s,t) { \
-        a+=((k)+(t)+I((b),(c),(d))); \
-        a=ROTATE(a,s); \
-        a+=b; };
diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c
deleted file mode 100644
index 44c6c455d1..0000000000
--- a/src/lib/libcrypto/md5/md5_one.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/md5/md5_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md5.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
-        {
-        MD5_CTX c;
-        static unsigned char m[MD5_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!MD5_Init(&c))
-                return NULL;
-#ifndef CHARSET_EBCDIC
-        MD5_Update(&c,d,n);
-#else
-        {
-                char temp[1024];
-                unsigned long chunk;
-
-                while (n > 0)
-                {
-                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-                        ebcdic2ascii(temp, d, chunk);
-                        MD5_Update(&c,temp,chunk);
-                        n -= chunk;
-                        d += chunk;
-                }
-        }
-#endif
-        MD5_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libcrypto/mem_clr.c b/src/lib/libcrypto/mem_clr.c
deleted file mode 100644
index e4b7f540b0..0000000000
--- a/src/lib/libcrypto/mem_clr.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-
-unsigned char cleanse_ctr = 0;
-
-void OPENSSL_cleanse(void *ptr, size_t len)
-        {
-        unsigned char *p = ptr;
-        size_t loop = len;
-        while(loop--)
-                {
-                *(p++) = cleanse_ctr;
-                cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
-                }
-        if(memchr(ptr, cleanse_ctr, len))
-                cleanse_ctr += 63;
-        }
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
deleted file mode 100644
index e212de27e4..0000000000
--- a/src/lib/libcrypto/mem_dbg.c
+++ /dev/null
@@ -1,787 +0,0 @@
-/* crypto/mem_dbg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>       
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include "cryptlib.h"
-
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
- * when the application asks for it (usually after library initialisation
- * for which no book-keeping is desired).
- *
- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
- * thinks that certain allocations should not be checked (e.g. the data
- * structures used for memory checking).  It is not suitable as an initial
- * state: the library will unexpectedly enable memory checking when it
- * executes one of those sections that want to disable checking
- * temporarily.
- *
- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
- */
-
-static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
-                        * access requires MALLOC2 lock */
-
-
-typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
- * to be displayed in memory leak list.
- * Each thread has its own stack.  For applications, there is
- *   CRYPTO_push_info("...")     to push an entry,
- *   CRYPTO_pop_info()           to pop an entry,
- *   CRYPTO_remove_all_info()    to pop all entries.
- */
-        {       
-        unsigned long thread;
-        const char *file;
-        int line;
-        const char *info;
-        struct app_mem_info_st *next; /* tail of thread's stack */
-        int references;
-        } APP_INFO;
-
-static void app_info_free(APP_INFO *);
-
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
-                          * that are at the top of their thread's stack
-                          * (with `thread' as key);
-                          * access requires MALLOC2 lock */
-
-typedef struct mem_st
-/* memory-block description */
-        {
-        void *addr;
-        int num;
-        const char *file;
-        int line;
-        unsigned long thread;
-        unsigned long order;
-        time_t time;
-        APP_INFO *app_info;
-        } MEM;
-
-static long options =             /* extra information to be recorded */
-#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
-        V_CRYPTO_MDEBUG_TIME |
-#endif
-#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
-        V_CRYPTO_MDEBUG_THREAD |
-#endif
-        0;
-
-
-static unsigned int num_disable = 0; /* num_disable > 0
-                                      *     iff
-                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
-                                      */
-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
-                                            * CRYPTO_LOCK_MALLOC2 is locked
-                                            * exactly in this case (by the
-                                            * thread named in disabling_thread).
-                                            */
-
-static void app_info_free(APP_INFO *inf)
-        {
-        if (--(inf->references) <= 0)
-                {
-                if (inf->next != NULL)
-                        {
-                        app_info_free(inf->next);
-                        }
-                OPENSSL_free(inf);
-                }
-        }
-
-int CRYPTO_mem_ctrl(int mode)
-        {
-        int ret=mh_mode;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-        switch (mode)
-                {
-        /* for applications (not to be called while multiple threads
-         * use the library): */
-        case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
-                mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
-                num_disable = 0;
-                break;
-        case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
-                mh_mode = 0;
-                num_disable = 0; /* should be true *before* MemCheck_stop is used,
-                                    or there'll be a lot of confusion */
-                break;
-
-        /* switch off temporarily (for library-internal use): */
-        case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
-                if (mh_mode & CRYPTO_MEM_CHECK_ON)
-                        {
-                        if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
-                                {
-                                /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
-                                 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
-                                 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
-                                 * it because we block entry to this function).
-                                 * Give them a chance, first, and then claim the locks in
-                                 * appropriate order (long-time lock first).
-                                 */
-                                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-                                /* Note that after we have waited for CRYPTO_LOCK_MALLOC2
-                                 * and CRYPTO_LOCK_MALLOC, we'll still be in the right
-                                 * "case" and "if" branch because MemCheck_start and
-                                 * MemCheck_stop may never be used while there are multiple
-                                 * OpenSSL threads. */
-                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-                                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-                                disabling_thread=CRYPTO_thread_id();
-                                }
-                        num_disable++;
-                        }
-                break;
-        case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
-                if (mh_mode & CRYPTO_MEM_CHECK_ON)
-                        {
-                        if (num_disable) /* always true, or something is going wrong */
-                                {
-                                num_disable--;
-                                if (num_disable == 0)
-                                        {
-                                        mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
-                                        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-                                        }
-                                }
-                        }
-                break;
-
-        default:
-                break;
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-        return(ret);
-        }
-
-int CRYPTO_is_mem_check_on(void)
-        {
-        int ret = 0;
-
-        if (mh_mode & CRYPTO_MEM_CHECK_ON)
-                {
-                CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
-
-                ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-                        || (disabling_thread != CRYPTO_thread_id());
-
-                CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
-                }
-        return(ret);
-        }       
-
-
-void CRYPTO_dbg_set_options(long bits)
-        {
-        options = bits;
-        }
-
-long CRYPTO_dbg_get_options(void)
-        {
-        return options;
-        }
-
-/* static int mem_cmp(MEM *a, MEM *b) */
-static int mem_cmp(const void *a_void, const void *b_void)
-        {
-        return((const char *)((const MEM *)a_void)->addr
-                - (const char *)((const MEM *)b_void)->addr);
-        }
-
-/* static unsigned long mem_hash(MEM *a) */
-static unsigned long mem_hash(const void *a_void)
-        {
-        unsigned long ret;
-
-        ret=(unsigned long)((const MEM *)a_void)->addr;
-
-        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-        return(ret);
-        }
-
-/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
-static int app_info_cmp(const void *a_void, const void *b_void)
-        {
-        return(((const APP_INFO *)a_void)->thread
-                != ((const APP_INFO *)b_void)->thread);
-        }
-
-/* static unsigned long app_info_hash(APP_INFO *a) */
-static unsigned long app_info_hash(const void *a_void)
-        {
-        unsigned long ret;
-
-        ret=(unsigned long)((const APP_INFO *)a_void)->thread;
-
-        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-        return(ret);
-        }
-
-static APP_INFO *pop_info(void)
-        {
-        APP_INFO tmp;
-        APP_INFO *ret = NULL;
-
-        if (amih != NULL)
-                {
-                tmp.thread=CRYPTO_thread_id();
-                if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
-                        {
-                        APP_INFO *next=ret->next;
-
-                        if (next != NULL)
-                                {
-                                next->references++;
-                                lh_insert(amih,(char *)next);
-                                }
-#ifdef LEVITTE_DEBUG_MEM
-                        if (ret->thread != tmp.thread)
-                                {
-                                fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        ret->thread, tmp.thread);
-                                abort();
-                                }
-#endif
-                        if (--(ret->references) <= 0)
-                                {
-                                ret->next = NULL;
-                                if (next != NULL)
-                                        next->references--;
-                                OPENSSL_free(ret);
-                                }
-                        }
-                }
-        return(ret);
-        }
-
-int CRYPTO_push_info_(const char *info, const char *file, int line)
-        {
-        APP_INFO *ami, *amim;
-        int ret=0;
-
-        if (is_MemCheck_on())
-                {
-                MemCheck_off(); /* obtain MALLOC2 lock */
-
-                if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
-                        {
-                        ret=0;
-                        goto err;
-                        }
-                if (amih == NULL)
-                        {
-                        if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
-                                {
-                                OPENSSL_free(ami);
-                                ret=0;
-                                goto err;
-                                }
-                        }
-
-                ami->thread=CRYPTO_thread_id();
-                ami->file=file;
-                ami->line=line;
-                ami->info=info;
-                ami->references=1;
-                ami->next=NULL;
-
-                if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
-                        {
-#ifdef LEVITTE_DEBUG_MEM
-                        if (ami->thread != amim->thread)
-                                {
-                                fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        amim->thread, ami->thread);
-                                abort();
-                                }
-#endif
-                        ami->next=amim;
-                        }
- err:
-                MemCheck_on(); /* release MALLOC2 lock */
-                }
-
-        return(ret);
-        }
-
-int CRYPTO_pop_info(void)
-        {
-        int ret=0;
-
-        if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
-                {
-                MemCheck_off(); /* obtain MALLOC2 lock */
-
-                ret=(pop_info() != NULL);
-
-                MemCheck_on(); /* release MALLOC2 lock */
-                }
-        return(ret);
-        }
-
-int CRYPTO_remove_all_info(void)
-        {
-        int ret=0;
-
-        if (is_MemCheck_on()) /* _must_ be true */
-                {
-                MemCheck_off(); /* obtain MALLOC2 lock */
-
-                while(pop_info() != NULL)
-                        ret++;
-
-                MemCheck_on(); /* release MALLOC2 lock */
-                }
-        return(ret);
-        }
-
-
-static unsigned long break_order_num=0;
-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-        int before_p)
-        {
-        MEM *m,*mm;
-        APP_INFO tmp,*amim;
-
-        switch(before_p & 127)
-                {
-        case 0:
-                break;
-        case 1:
-                if (addr == NULL)
-                        break;
-
-                if (is_MemCheck_on())
-                        {
-                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
-                        if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
-                                {
-                                OPENSSL_free(addr);
-                                MemCheck_on(); /* release MALLOC2 lock
-                                                * if num_disabled drops to 0 */
-                                return;
-                                }
-                        if (mh == NULL)
-                                {
-                                if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
-                                        {
-                                        OPENSSL_free(addr);
-                                        OPENSSL_free(m);
-                                        addr=NULL;
-                                        goto err;
-                                        }
-                                }
-
-                        m->addr=addr;
-                        m->file=file;
-                        m->line=line;
-                        m->num=num;
-                        if (options & V_CRYPTO_MDEBUG_THREAD)
-                                m->thread=CRYPTO_thread_id();
-                        else
-                                m->thread=0;
-
-                        if (order == break_order_num)
-                                {
-                                /* BREAK HERE */
-                                m->order=order;
-                                }
-                        m->order=order++;
-#ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
-                                m->order,
-                                (before_p & 128) ? '*' : '+',
-                                m->addr, m->num);
-#endif
-                        if (options & V_CRYPTO_MDEBUG_TIME)
-                                m->time=time(NULL);
-                        else
-                                m->time=0;
-
-                        tmp.thread=CRYPTO_thread_id();
-                        m->app_info=NULL;
-                        if (amih != NULL
-                                && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
-                                {
-                                m->app_info = amim;
-                                amim->references++;
-                                }
-
-                        if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
-                                {
-                                /* Not good, but don't sweat it */
-                                if (mm->app_info != NULL)
-                                        {
-                                        mm->app_info->references--;
-                                        }
-                                OPENSSL_free(mm);
-                                }
-                err:
-                        MemCheck_on(); /* release MALLOC2 lock
-                                        * if num_disabled drops to 0 */
-                        }
-                break;
-                }
-        return;
-        }
-
-void CRYPTO_dbg_free(void *addr, int before_p)
-        {
-        MEM m,*mp;
-
-        switch(before_p)
-                {
-        case 0:
-                if (addr == NULL)
-                        break;
-
-                if (is_MemCheck_on() && (mh != NULL))
-                        {
-                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-                        m.addr=addr;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
-                        if (mp != NULL)
-                                {
-#ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
-                                mp->order, mp->addr, mp->num);
-#endif
-                                if (mp->app_info != NULL)
-                                        app_info_free(mp->app_info);
-                                OPENSSL_free(mp);
-                                }
-
-                        MemCheck_on(); /* release MALLOC2 lock
-                                        * if num_disabled drops to 0 */
-                        }
-                break;
-        case 1:
-                break;
-                }
-        }
-
-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
-        const char *file, int line, int before_p)
-        {
-        MEM m,*mp;
-
-#ifdef LEVITTE_DEBUG_MEM
-        fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
-                addr1, addr2, num, file, line, before_p);
-#endif
-
-        switch(before_p)
-                {
-        case 0:
-                break;
-        case 1:
-                if (addr2 == NULL)
-                        break;
-
-                if (addr1 == NULL)
-                        {
-                        CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
-                        break;
-                        }
-
-                if (is_MemCheck_on())
-                        {
-                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-                        m.addr=addr1;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
-                        if (mp != NULL)
-                                {
-#ifdef LEVITTE_DEBUG_MEM
-                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
-                                        mp->order,
-                                        mp->addr, mp->num,
-                                        addr2, num);
-#endif
-                                mp->addr=addr2;
-                                mp->num=num;
-                                lh_insert(mh,(char *)mp);
-                                }
-
-                        MemCheck_on(); /* release MALLOC2 lock
-                                        * if num_disabled drops to 0 */
-                        }
-                break;
-                }
-        return;
-        }
-
-
-typedef struct mem_leak_st
-        {
-        BIO *bio;
-        int chunks;
-        long bytes;
-        } MEM_LEAK;
-
-static void print_leak(const MEM *m, MEM_LEAK *l)
-        {
-        char buf[1024];
-        char *bufp = buf;
-        APP_INFO *amip;
-        int ami_cnt;
-        struct tm *lcl = NULL;
-        unsigned long ti;
-
-#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
-
-        if(m->addr == (char *)l->bio)
-            return;
-
-        if (options & V_CRYPTO_MDEBUG_TIME)
-                {
-                lcl = localtime(&m->time);
-        
-                BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
-                        lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
-                bufp += strlen(bufp);
-                }
-
-        BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
-                m->order,m->file,m->line);
-        bufp += strlen(bufp);
-
-        if (options & V_CRYPTO_MDEBUG_THREAD)
-                {
-                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
-                bufp += strlen(bufp);
-                }
-
-        BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
-                m->num,(unsigned long)m->addr);
-        bufp += strlen(bufp);
-
-        BIO_puts(l->bio,buf);
-        
-        l->chunks++;
-        l->bytes+=m->num;
-
-        amip=m->app_info;
-        ami_cnt=0;
-        if (!amip)
-                return;
-        ti=amip->thread;
-        
-        do
-                {
-                int buf_len;
-                int info_len;
-
-                ami_cnt++;
-                memset(buf,'>',ami_cnt);
-                BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
-                        " thread=%lu, file=%s, line=%d, info=\"",
-                        amip->thread, amip->file, amip->line);
-                buf_len=strlen(buf);
-                info_len=strlen(amip->info);
-                if (128 - buf_len - 3 < info_len)
-                        {
-                        memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
-                        buf_len = 128 - 3;
-                        }
-                else
-                        {
-                        BUF_strlcpy(buf + buf_len, amip->info,
-                                    sizeof buf - buf_len);
-                        buf_len = strlen(buf);
-                        }
-                BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
-                
-                BIO_puts(l->bio,buf);
-
-                amip = amip->next;
-                }
-        while(amip && amip->thread == ti);
-                
-#ifdef LEVITTE_DEBUG_MEM
-        if (amip)
-                {
-                fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
-                abort();
-                }
-#endif
-        }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
-
-void CRYPTO_mem_leaks(BIO *b)
-        {
-        MEM_LEAK ml;
-
-        if (mh == NULL && amih == NULL)
-                return;
-
-        MemCheck_off(); /* obtain MALLOC2 lock */
-
-        ml.bio=b;
-        ml.bytes=0;
-        ml.chunks=0;
-        if (mh != NULL)
-                lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
-                                (char *)&ml);
-        if (ml.chunks != 0)
-                {
-                BIO_printf(b,"%ld bytes leaked in %d chunks\n",
-                           ml.bytes,ml.chunks);
-                }
-        else
-                {
-                /* Make sure that, if we found no leaks, memory-leak debugging itself
-                 * does not introduce memory leaks (which might irritate
-                 * external debugging tools).
-                 * (When someone enables leak checking, but does not call
-                 * this function, we declare it to be their fault.)
-                 *
-                 * XXX    This should be in CRYPTO_mem_leaks_cb,
-                 * and CRYPTO_mem_leaks should be implemented by
-                 * using CRYPTO_mem_leaks_cb.
-                 * (Also their should be a variant of lh_doall_arg
-                 * that takes a function pointer instead of a void *;
-                 * this would obviate the ugly and illegal
-                 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
-                 * Otherwise the code police will come and get us.)
-                 */
-                int old_mh_mode;
-
-                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-
-                /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
-                 * which uses CRYPTO_is_mem_check_on */
-                old_mh_mode = mh_mode;
-                mh_mode = CRYPTO_MEM_CHECK_OFF;
-
-                if (mh != NULL)
-                        {
-                        lh_free(mh);
-                        mh = NULL;
-                        }
-                if (amih != NULL)
-                        {
-                        if (lh_num_items(amih) == 0) 
-                                {
-                                lh_free(amih);
-                                amih = NULL;
-                                }
-                        }
-
-                mh_mode = old_mh_mode;
-                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-                }
-        MemCheck_on(); /* release MALLOC2 lock */
-        }
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *fp)
-        {
-        BIO *b;
-
-        if (mh == NULL) return;
-        /* Need to turn off memory checking when allocated BIOs ... especially
-         * as we're creating them at a time when we're trying to check we've not
-         * left anything un-free()'d!! */
-        MemCheck_off();
-        b = BIO_new(BIO_s_file());
-        MemCheck_on();
-        if(!b) return;
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        CRYPTO_mem_leaks(b);
-        BIO_free(b);
-        }
-#endif
-
-
-
-/* FIXME: We really don't allow much to the callback.  For example, it has
-   no chance of reaching the info stack for the item it processes.  Should
-   it really be this way?  -- Richard Levitte */
-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
- * If this code is restructured, remove the callback type if it is no longer
- * needed. -- Geoff Thorpe */
-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
-        {
-        (**cb)(m->order,m->file,m->line,m->num,m->addr);
-        }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
-
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
-        {
-        if (mh == NULL) return;
-        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-        lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
-        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-        }
diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c
deleted file mode 100644
index da8860491d..0000000000
--- a/src/lib/libcrypto/o_str.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <ctype.h>
-#include <e_os.h>
-#include "o_str.h"
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-        {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-        while (*str1 && *str2 && n)
-                {
-                int res = toupper(*str1) - toupper(*str2);
-                if (res) return res < 0 ? -1 : 1;
-                str1++;
-                str2++;
-                n--;
-                }
-        if (n == 0)
-                return 0;
-        if (*str1)
-                return 1;
-        if (*str2)
-                return -1;
-        return 0;
-#else
-        /* Recursion hazard warning! Whenever strncasecmp is #defined as
-         * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
-         * defined as well. */
-        return strncasecmp(str1, str2, n);
-#endif
-        }
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
-        {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-        return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
-        return strcasecmp(str1, str2);
-#endif
-        }
-
diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c
deleted file mode 100644
index e29091d650..0000000000
--- a/src/lib/libcrypto/o_time.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <string.h>
-#include "o_time.h"
-
-#ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
-#endif
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
-        {
-        struct tm *ts = NULL;
-
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
-        /* should return &data, but doesn't on some systems,
-           so we don't even look at the return value */
-        gmtime_r(timer,result);
-        ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
-        ts = gmtime(timer);
-        if (ts == NULL)
-                return NULL;
-
-        memcpy(result, ts, sizeof(struct tm));
-        ts = result;
-#endif
-#ifdef OPENSSL_SYS_VMS
-        if (ts == NULL)
-                {
-                static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-                static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-                char logvalue[256];
-                unsigned int reslen = 0;
-                struct {
-                        short buflen;
-                        short code;
-                        void *bufaddr;
-                        unsigned int *reslen;
-                } itemlist[] = {
-                        { 0, LNM$_STRING, 0, 0 },
-                        { 0, 0, 0, 0 },
-                };
-                int status;
-                time_t t;
-
-                /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-                itemlist[0].buflen = sizeof(logvalue);
-                itemlist[0].bufaddr = logvalue;
-                itemlist[0].reslen = &reslen;
-                status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-                if (!(status & 1))
-                        return NULL;
-                logvalue[reslen] = '\0';
-
-                t = *timer;
-
-/* The following is extracted from the DEC C header time.h */
-/*
-**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-**  have two implementations.  One implementation is provided
-**  for compatibility and deals with time in terms of local time,
-**  the other __utc_* deals with time in terms of UTC.
-*/
-/* We use the same conditions as in said time.h to check if we should
-   assume that t contains local time (and should therefore be adjusted)
-   or UTC (and should therefore be left untouched). */
-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
-                /* Get the numerical value of the equivalence string */
-                status = atoi(logvalue);
-
-                /* and use it to move time to GMT */
-                t -= status;
-#endif
-
-                /* then convert the result to the time structure */
-
-                /* Since there was no gmtime_r() to do this stuff for us,
-                   we have to do it the hard way. */
-                {
-                /* The VMS epoch is the astronomical Smithsonian date,
-                   if I remember correctly, which is November 17, 1858.
-                   Furthermore, time is measure in thenths of microseconds
-                   and stored in quadwords (64 bit integers).  unix_epoch
-                   below is January 1st 1970 expressed as a VMS time.  The
-                   following code was used to get this number:
-
-                   #include <stdio.h>
-                   #include <stdlib.h>
-                   #include <lib$routines.h>
-                   #include <starlet.h>
-
-                   main()
-                   {
-                     unsigned long systime[2];
-                     unsigned short epoch_values[7] =
-                       { 1970, 1, 1, 0, 0, 0, 0 };
-
-                     lib$cvt_vectim(epoch_values, systime);
-
-                     printf("%u %u", systime[0], systime[1]);
-                   }
-                */
-                unsigned long unix_epoch[2] = { 1273708544, 8164711 };
-                unsigned long deltatime[2];
-                unsigned long systime[2];
-                struct vms_vectime
-                        {
-                        short year, month, day, hour, minute, second,
-                                centi_second;
-                        } time_values;
-                long operation;
-
-                /* Turn the number of seconds since January 1st 1970 to
-                   an internal delta time.
-                   Note that lib$cvt_to_internal_time() will assume
-                   that t is signed, and will therefore break on 32-bit
-                   systems some time in 2038.
-                */
-                operation = LIB$K_DELTA_SECONDS;
-                status = lib$cvt_to_internal_time(&operation,
-                        &t, deltatime);
-
-                /* Add the delta time with the Unix epoch and we have
-                   the current UTC time in internal format */
-                status = lib$add_times(unix_epoch, deltatime, systime);
-
-                /* Turn the internal time into a time vector */
-                status = sys$numtim(&time_values, systime);
-
-                /* Fill in the struct tm with the result */
-                result->tm_sec = time_values.second;
-                result->tm_min = time_values.minute;
-                result->tm_hour = time_values.hour;
-                result->tm_mday = time_values.day;
-                result->tm_mon = time_values.month - 1;
-                result->tm_year = time_values.year - 1900;
-
-                operation = LIB$K_DAY_OF_WEEK;
-                status = lib$cvt_from_internal_time(&operation,
-                        &result->tm_wday, systime);
-                result->tm_wday %= 7;
-
-                operation = LIB$K_DAY_OF_YEAR;
-                status = lib$cvt_from_internal_time(&operation,
-                        &result->tm_yday, systime);
-                result->tm_yday--;
-
-                result->tm_isdst = 0; /* There's no way to know... */
-
-                ts = result;
-                }
-                }
-#endif
-        return ts;
-        }       
diff --git a/src/lib/libcrypto/o_time.h b/src/lib/libcrypto/o_time.h
deleted file mode 100644
index e66044626d..0000000000
--- a/src/lib/libcrypto/o_time.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_TIME_H
-#define HEADER_O_TIME_H
-
-#include <time.h>
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-
-#endif
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
deleted file mode 100644
index 28c9370ca3..0000000000
--- a/src/lib/libcrypto/objects/o_names.c
+++ /dev/null
@@ -1,369 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-/* Later versions of DEC C has started to add lnkage information to certain
- * functions, which makes it tricky to use them as values to regular function
- * pointers.  One way is to define a macro that takes care of casting them
- * correctly.
- */
-#ifdef OPENSSL_SYS_VMS_DECC
-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
-#else
-# define OPENSSL_strcmp strcmp
-#endif
-
-/* I use the ex_data stuff to manage the identifiers for the obj_name_types
- * that applications may define.  I only really use the free function field.
- */
-static LHASH *names_lh=NULL;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-typedef struct name_funcs_st
-        {
-        unsigned long (*hash_func)(const char *name);
-        int (*cmp_func)(const char *a,const char *b);
-        void (*free_func)(const char *, int, const char *);
-        } NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-IMPLEMENT_STACK_OF(NAME_FUNCS)
-
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-
-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
- * casting in the functions. This prevents function pointer casting without the
- * need for macro-generated wrapper functions. */
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void,const void *b_void);
-
-int OBJ_NAME_init(void)
-        {
-        if (names_lh != NULL) return(1);
-        MemCheck_off();
-        names_lh=lh_new(obj_name_hash, obj_name_cmp);
-        MemCheck_on();
-        return(names_lh != NULL);
-        }
-
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-        int (*cmp_func)(const char *, const char *),
-        void (*free_func)(const char *, int, const char *))
-        {
-        int ret;
-        int i;
-        NAME_FUNCS *name_funcs;
-
-        if (name_funcs_stack == NULL)
-                {
-                MemCheck_off();
-                name_funcs_stack=sk_NAME_FUNCS_new_null();
-                MemCheck_on();
-                }
-        if ((name_funcs_stack == NULL))
-                {
-                /* ERROR */
-                return(0);
-                }
-        ret=names_type_num;
-        names_type_num++;
-        for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
-                {
-                MemCheck_off();
-                name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-                MemCheck_on();
-                if (!name_funcs)
-                        {
-                        OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                name_funcs->hash_func = lh_strhash;
-                name_funcs->cmp_func = OPENSSL_strcmp;
-                name_funcs->free_func = 0; /* NULL is often declared to
-                                                * ((void *)0), which according
-                                                * to Compaq C is not really
-                                                * compatible with a function
-                                                * pointer.      -- Richard Levitte*/
-                MemCheck_off();
-                sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
-                MemCheck_on();
-                }
-        name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
-        if (hash_func != NULL)
-                name_funcs->hash_func = hash_func;
-        if (cmp_func != NULL)
-                name_funcs->cmp_func = cmp_func;
-        if (free_func != NULL)
-                name_funcs->free_func = free_func;
-        return(ret);
-        }
-
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int obj_name_cmp(const void *a_void, const void *b_void)
-        {
-        int ret;
-        OBJ_NAME *a = (OBJ_NAME *)a_void;
-        OBJ_NAME *b = (OBJ_NAME *)b_void;
-
-        ret=a->type-b->type;
-        if (ret == 0)
-                {
-                if ((name_funcs_stack != NULL)
-                        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-                        {
-                        ret=sk_NAME_FUNCS_value(name_funcs_stack,
-                                a->type)->cmp_func(a->name,b->name);
-                        }
-                else
-                        ret=strcmp(a->name,b->name);
-                }
-        return(ret);
-        }
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long obj_name_hash(const void *a_void)
-        {
-        unsigned long ret;
-        OBJ_NAME *a = (OBJ_NAME *)a_void;
-
-        if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-                {
-                ret=sk_NAME_FUNCS_value(name_funcs_stack,
-                        a->type)->hash_func(a->name);
-                }
-        else
-                {
-                ret=lh_strhash(a->name);
-                }
-        ret^=a->type;
-        return(ret);
-        }
-
-const char *OBJ_NAME_get(const char *name, int type)
-        {
-        OBJ_NAME on,*ret;
-        int num=0,alias;
-
-        if (name == NULL) return(NULL);
-        if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
-
-        alias=type&OBJ_NAME_ALIAS;
-        type&= ~OBJ_NAME_ALIAS;
-
-        on.name=name;
-        on.type=type;
-
-        for (;;)
-        {
-                ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
-                if (ret == NULL) return(NULL);
-                if ((ret->alias) && !alias)
-                        {
-                        if (++num > 10) return(NULL);
-                        on.name=ret->data;
-                        }
-                else
-                        {
-                        return(ret->data);
-                        }
-                }
-        }
-
-int OBJ_NAME_add(const char *name, int type, const char *data)
-        {
-        OBJ_NAME *onp,*ret;
-        int alias;
-
-        if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
-
-        alias=type&OBJ_NAME_ALIAS;
-        type&= ~OBJ_NAME_ALIAS;
-
-        onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
-        if (onp == NULL)
-                {
-                /* ERROR */
-                return(0);
-                }
-
-        onp->name=name;
-        onp->alias=alias;
-        onp->type=type;
-        onp->data=data;
-
-        ret=(OBJ_NAME *)lh_insert(names_lh,onp);
-        if (ret != NULL)
-                {
-                /* free things */
-                if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-                        {
-                        /* XXX: I'm not sure I understand why the free
-                         * function should get three arguments...
-                         * -- Richard Levitte
-                         */
-                        sk_NAME_FUNCS_value(name_funcs_stack,
-                                ret->type)->free_func(ret->name,ret->type,ret->data);
-                        }
-                OPENSSL_free(ret);
-                }
-        else
-                {
-                if (lh_error(names_lh))
-                        {
-                        /* ERROR */
-                        return(0);
-                        }
-                }
-        return(1);
-        }
-
-int OBJ_NAME_remove(const char *name, int type)
-        {
-        OBJ_NAME on,*ret;
-
-        if (names_lh == NULL) return(0);
-
-        type&= ~OBJ_NAME_ALIAS;
-        on.name=name;
-        on.type=type;
-        ret=(OBJ_NAME *)lh_delete(names_lh,&on);
-        if (ret != NULL)
-                {
-                /* free things */
-                if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-                        {
-                        /* XXX: I'm not sure I understand why the free
-                         * function should get three arguments...
-                         * -- Richard Levitte
-                         */
-                        sk_NAME_FUNCS_value(name_funcs_stack,
-                                ret->type)->free_func(ret->name,ret->type,ret->data);
-                        }
-                OPENSSL_free(ret);
-                return(1);
-                }
-        else
-                return(0);
-        }
-
-struct doall
-        {
-        int type;
-        void (*fn)(const OBJ_NAME *,void *arg);
-        void *arg;
-        };
-
-static void do_all_fn(const OBJ_NAME *name,struct doall *d)
-        {
-        if(name->type == d->type)
-                d->fn(name,d->arg);
-        }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
-
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
-        {
-        struct doall d;
-
-        d.type=type;
-        d.fn=fn;
-        d.arg=arg;
-
-        lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
-        }
-
-struct doall_sorted
-        {
-        int type;
-        int n;
-        const OBJ_NAME **names;
-        };
-
-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
-        {
-        struct doall_sorted *d=d_;
-
-        if(name->type != d->type)
-                return;
-
-        d->names[d->n++]=name;
-        }
-
-static int do_all_sorted_cmp(const void *n1_,const void *n2_)
-        {
-        const OBJ_NAME * const *n1=n1_;
-        const OBJ_NAME * const *n2=n2_;
-
-        return strcmp((*n1)->name,(*n2)->name);
-        }
-
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-                                void *arg)
-        {
-        struct doall_sorted d;
-        int n;
-
-        d.type=type;
-        d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
-        d.n=0;
-        OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
-
-        qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
-
-        for(n=0 ; n < d.n ; ++n)
-                fn(d.names[n],arg);
-
-        OPENSSL_free((void *)d.names);
-        }
-
-static int free_type;
-
-static void names_lh_free(OBJ_NAME *onp)
-{
-        if(onp == NULL)
-                return;
-
-        if ((free_type < 0) || (free_type == onp->type))
-                {
-                OBJ_NAME_remove(onp->name,onp->type);
-                }
-        }
-
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
-
-static void name_funcs_free(NAME_FUNCS *ptr)
-        {
-        OPENSSL_free(ptr);
-        }
-
-void OBJ_NAME_cleanup(int type)
-        {
-        unsigned long down_load;
-
-        if (names_lh == NULL) return;
-
-        free_type=type;
-        down_load=names_lh->down_load;
-        names_lh->down_load=0;
-
-        lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
-        if (type < 0)
-                {
-                lh_free(names_lh);
-                sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
-                names_lh=NULL;
-                name_funcs_stack = NULL;
-                }
-        else
-                names_lh->down_load=down_load;
-        }
-
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
deleted file mode 100644
index f549d078ef..0000000000
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ /dev/null
@@ -1,668 +0,0 @@
-/* crypto/objects/obj_dat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-/* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef OPENSSL_NO_OBJECT
-#include "obj_dat.h"
-#else
-/* You will have to load all the objects needed manually in the application */
-#define NUM_NID 0
-#define NUM_SN 0
-#define NUM_LN 0
-#define NUM_OBJ 0
-static unsigned char lvalues[1];
-static ASN1_OBJECT nid_objs[1];
-static ASN1_OBJECT *sn_objs[1];
-static ASN1_OBJECT *ln_objs[1];
-static ASN1_OBJECT *obj_objs[1];
-#endif
-
-static int sn_cmp(const void *a, const void *b);
-static int ln_cmp(const void *a, const void *b);
-static int obj_cmp(const void *a, const void *b);
-#define ADDED_DATA      0
-#define ADDED_SNAME     1
-#define ADDED_LNAME     2
-#define ADDED_NID       3
-
-typedef struct added_obj_st
-        {
-        int type;
-        ASN1_OBJECT *obj;
-        } ADDED_OBJ;
-
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
-
-static int sn_cmp(const void *a, const void *b)
-        {
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
-        return(strcmp((*ap)->sn,(*bp)->sn));
-        }
-
-static int ln_cmp(const void *a, const void *b)
-        { 
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
-        return(strcmp((*ap)->ln,(*bp)->ln));
-        }
-
-/* static unsigned long add_hash(ADDED_OBJ *ca) */
-static unsigned long add_hash(const void *ca_void)
-        {
-        const ASN1_OBJECT *a;
-        int i;
-        unsigned long ret=0;
-        unsigned char *p;
-        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
-
-        a=ca->obj;
-        switch (ca->type)
-                {
-        case ADDED_DATA:
-                ret=a->length<<20L;
-                p=(unsigned char *)a->data;
-                for (i=0; i<a->length; i++)
-                        ret^=p[i]<<((i*3)%24);
-                break;
-        case ADDED_SNAME:
-                ret=lh_strhash(a->sn);
-                break;
-        case ADDED_LNAME:
-                ret=lh_strhash(a->ln);
-                break;
-        case ADDED_NID:
-                ret=a->nid;
-                break;
-        default:
-                /* abort(); */
-                return 0;
-                }
-        ret&=0x3fffffffL;
-        ret|=ca->type<<30L;
-        return(ret);
-        }
-
-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
-static int add_cmp(const void *ca_void, const void *cb_void)
-        {
-        ASN1_OBJECT *a,*b;
-        int i;
-        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
-        ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
-
-        i=ca->type-cb->type;
-        if (i) return(i);
-        a=ca->obj;
-        b=cb->obj;
-        switch (ca->type)
-                {
-        case ADDED_DATA:
-                i=(a->length - b->length);
-                if (i) return(i);
-                return(memcmp(a->data,b->data,a->length));
-        case ADDED_SNAME:
-                if (a->sn == NULL) return(-1);
-                else if (b->sn == NULL) return(1);
-                else return(strcmp(a->sn,b->sn));
-        case ADDED_LNAME:
-                if (a->ln == NULL) return(-1);
-                else if (b->ln == NULL) return(1);
-                else return(strcmp(a->ln,b->ln));
-        case ADDED_NID:
-                return(a->nid-b->nid);
-        default:
-                /* abort(); */
-                return 0;
-                }
-        }
-
-static int init_added(void)
-        {
-        if (added != NULL) return(1);
-        added=lh_new(add_hash,add_cmp);
-        return(added != NULL);
-        }
-
-static void cleanup1(ADDED_OBJ *a)
-        {
-        a->obj->nid=0;
-        a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
-                        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-                        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-        }
-
-static void cleanup2(ADDED_OBJ *a)
-        { a->obj->nid++; }
-
-static void cleanup3(ADDED_OBJ *a)
-        {
-        if (--a->obj->nid == 0)
-                ASN1_OBJECT_free(a->obj);
-        OPENSSL_free(a);
-        }
-
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
-
-void OBJ_cleanup(void)
-        {
-        if (added == NULL) return;
-        added->down_load=0;
-        lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
-        lh_free(added);
-        added=NULL;
-        }
-
-int OBJ_new_nid(int num)
-        {
-        int i;
-
-        i=new_nid;
-        new_nid+=num;
-        return(i);
-        }
-
-int OBJ_add_object(const ASN1_OBJECT *obj)
-        {
-        ASN1_OBJECT *o;
-        ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
-        int i;
-
-        if (added == NULL)
-                if (!init_added()) return(0);
-        if ((o=OBJ_dup(obj)) == NULL) goto err;
-        if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-        if ((o->length != 0) && (obj->data != NULL))
-                if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-        if (o->sn != NULL)
-                if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-        if (o->ln != NULL)
-                if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-
-        for (i=ADDED_DATA; i<=ADDED_NID; i++)
-                {
-                if (ao[i] != NULL)
-                        {
-                        ao[i]->type=i;
-                        ao[i]->obj=o;
-                        aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
-                        /* memory leak, buit should not normally matter */
-                        if (aop != NULL)
-                                OPENSSL_free(aop);
-                        }
-                }
-        o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-                        ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-
-        return(o->nid);
-err2:
-        OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
-err:
-        for (i=ADDED_DATA; i<=ADDED_NID; i++)
-                if (ao[i] != NULL) OPENSSL_free(ao[i]);
-        if (o != NULL) OPENSSL_free(o);
-        return(NID_undef);
-        }
-
-ASN1_OBJECT *OBJ_nid2obj(int n)
-        {
-        ADDED_OBJ ad,*adp;
-        ASN1_OBJECT ob;
-
-        if ((n >= 0) && (n < NUM_NID))
-                {
-                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                return((ASN1_OBJECT *)&(nid_objs[n]));
-                }
-        else if (added == NULL)
-                return(NULL);
-        else
-                {
-                ad.type=ADDED_NID;
-                ad.obj= &ob;
-                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL)
-                        return(adp->obj);
-                else
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                }
-        }
-
-const char *OBJ_nid2sn(int n)
-        {
-        ADDED_OBJ ad,*adp;
-        ASN1_OBJECT ob;
-
-        if ((n >= 0) && (n < NUM_NID))
-                {
-                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                return(nid_objs[n].sn);
-                }
-        else if (added == NULL)
-                return(NULL);
-        else
-                {
-                ad.type=ADDED_NID;
-                ad.obj= &ob;
-                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL)
-                        return(adp->obj->sn);
-                else
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                }
-        }
-
-const char *OBJ_nid2ln(int n)
-        {
-        ADDED_OBJ ad,*adp;
-        ASN1_OBJECT ob;
-
-        if ((n >= 0) && (n < NUM_NID))
-                {
-                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                return(nid_objs[n].ln);
-                }
-        else if (added == NULL)
-                return(NULL);
-        else
-                {
-                ad.type=ADDED_NID;
-                ad.obj= &ob;
-                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL)
-                        return(adp->obj->ln);
-                else
-                        {
-                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-                        return(NULL);
-                        }
-                }
-        }
-
-int OBJ_obj2nid(const ASN1_OBJECT *a)
-        {
-        ASN1_OBJECT **op;
-        ADDED_OBJ ad,*adp;
-
-        if (a == NULL)
-                return(NID_undef);
-        if (a->nid != 0)
-                return(a->nid);
-
-        if (added != NULL)
-                {
-                ad.type=ADDED_DATA;
-                ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL) return (adp->obj->nid);
-                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
-                sizeof(ASN1_OBJECT *),obj_cmp);
-        if (op == NULL)
-                return(NID_undef);
-        return((*op)->nid);
-        }
-
-/* Convert an object name into an ASN1_OBJECT
- * if "noname" is not set then search for short and long names first.
- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
- * it can be used with any objects, not just registered ones.
- */
-
-ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
-        {
-        int nid = NID_undef;
-        ASN1_OBJECT *op=NULL;
-        unsigned char *buf,*p;
-        int i, j;
-
-        if(!no_name) {
-                if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
-                        ((nid = OBJ_ln2nid(s)) != NID_undef) ) 
-                                        return OBJ_nid2obj(nid);
-        }
-
-        /* Work out size of content octets */
-        i=a2d_ASN1_OBJECT(NULL,0,s,-1);
-        if (i <= 0) {
-                /* Clear the error */
-                ERR_get_error();
-                return NULL;
-        }
-        /* Work out total size */
-        j = ASN1_object_size(0,i,V_ASN1_OBJECT);
-
-        if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
-
-        p = buf;
-        /* Write out tag+length */
-        ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-        /* Write out contents */
-        a2d_ASN1_OBJECT(p,i,s,-1);
-        
-        p=buf;
-        op=d2i_ASN1_OBJECT(NULL,&p,j);
-        OPENSSL_free(buf);
-        return op;
-        }
-
-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
-{
-        int i,idx=0,n=0,len,nid;
-        unsigned long l;
-        unsigned char *p;
-        const char *s;
-        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
-        if (buf_len <= 0) return(0);
-
-        if ((a == NULL) || (a->data == NULL)) {
-                buf[0]='\0';
-                return(0);
-        }
-
-        if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
-                len=a->length;
-                p=a->data;
-
-                idx=0;
-                l=0;
-                while (idx < a->length) {
-                        l|=(p[idx]&0x7f);
-                        if (!(p[idx] & 0x80)) break;
-                        l<<=7L;
-                        idx++;
-                }
-                idx++;
-                i=(int)(l/40);
-                if (i > 2) i=2;
-                l-=(long)(i*40);
-
-                BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
-                i=strlen(tbuf);
-                BUF_strlcpy(buf,tbuf,buf_len);
-                buf_len-=i;
-                buf+=i;
-                n+=i;
-
-                l=0;
-                for (; idx<len; idx++) {
-                        l|=p[idx]&0x7f;
-                        if (!(p[idx] & 0x80)) {
-                                BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-                                i=strlen(tbuf);
-                                if (buf_len > 0)
-                                        BUF_strlcpy(buf,tbuf,buf_len);
-                                buf_len-=i;
-                                buf+=i;
-                                n+=i;
-                                l=0;
-                        }
-                        l<<=7L;
-                }
-        } else {
-                s=OBJ_nid2ln(nid);
-                if (s == NULL)
-                        s=OBJ_nid2sn(nid);
-                BUF_strlcpy(buf,s,buf_len);
-                n=strlen(s);
-        }
-        return(n);
-}
-
-int OBJ_txt2nid(const char *s)
-{
-        ASN1_OBJECT *obj;
-        int nid;
-        obj = OBJ_txt2obj(s, 0);
-        nid = OBJ_obj2nid(obj);
-        ASN1_OBJECT_free(obj);
-        return nid;
-}
-
-int OBJ_ln2nid(const char *s)
-        {
-        ASN1_OBJECT o,*oo= &o,**op;
-        ADDED_OBJ ad,*adp;
-
-        o.ln=s;
-        if (added != NULL)
-                {
-                ad.type=ADDED_LNAME;
-                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL) return (adp->obj->nid);
-                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
-                sizeof(ASN1_OBJECT *),ln_cmp);
-        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
-        }
-
-int OBJ_sn2nid(const char *s)
-        {
-        ASN1_OBJECT o,*oo= &o,**op;
-        ADDED_OBJ ad,*adp;
-
-        o.sn=s;
-        if (added != NULL)
-                {
-                ad.type=ADDED_SNAME;
-                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-                if (adp != NULL) return (adp->obj->nid);
-                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-                sizeof(ASN1_OBJECT *),sn_cmp);
-        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
-        }
-
-static int obj_cmp(const void *ap, const void *bp)
-        {
-        int j;
-        ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
-        ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
-
-        j=(a->length - b->length);
-        if (j) return(j);
-        return(memcmp(a->data,b->data,a->length));
-        }
-
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-        int (*cmp)(const void *, const void *))
-        {
-        int l,h,i,c;
-        const char *p;
-
-        if (num == 0) return(NULL);
-        l=0;
-        h=num;
-        while (l < h)
-                {
-                i=(l+h)/2;
-                p= &(base[i*size]);
-                c=(*cmp)(key,p);
-                if (c < 0)
-                        h=i;
-                else if (c > 0)
-                        l=i+1;
-                else
-                        return(p);
-                }
-#ifdef CHARSET_EBCDIC
-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
- * I don't have perl (yet), we revert to a *LINEAR* search
- * when the object wasn't found in the binary search.
- */
-        for (i=0; i<num; ++i) {
-                p= &(base[i*size]);
-                if ((*cmp)(key,p) == 0)
-                        return p;
-        }
-#endif
-        return(NULL);
-        }
-
-int OBJ_create_objects(BIO *in)
-        {
-        MS_STATIC char buf[512];
-        int i,num=0;
-        char *o,*s,*l=NULL;
-
-        for (;;)
-                {
-                s=o=NULL;
-                i=BIO_gets(in,buf,512);
-                if (i <= 0) return(num);
-                buf[i-1]='\0';
-                if (!isalnum((unsigned char)buf[0])) return(num);
-                o=s=buf;
-                while (isdigit((unsigned char)*s) || (*s == '.'))
-                        s++;
-                if (*s != '\0')
-                        {
-                        *(s++)='\0';
-                        while (isspace((unsigned char)*s))
-                                s++;
-                        if (*s == '\0')
-                                s=NULL;
-                        else
-                                {
-                                l=s;
-                                while ((*l != '\0') && !isspace((unsigned char)*l))
-                                        l++;
-                                if (*l != '\0')
-                                        {
-                                        *(l++)='\0';
-                                        while (isspace((unsigned char)*l))
-                                                l++;
-                                        if (*l == '\0') l=NULL;
-                                        }
-                                else
-                                        l=NULL;
-                                }
-                        }
-                else
-                        s=NULL;
-                if ((o == NULL) || (*o == '\0')) return(num);
-                if (!OBJ_create(o,s,l)) return(num);
-                num++;
-                }
-        /* return(num); */
-        }
-
-int OBJ_create(const char *oid, const char *sn, const char *ln)
-        {
-        int ok=0;
-        ASN1_OBJECT *op=NULL;
-        unsigned char *buf;
-        int i;
-
-        i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
-        if (i <= 0) return(0);
-
-        if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-                {
-                OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        i=a2d_ASN1_OBJECT(buf,i,oid,-1);
-        if (i == 0)
-                goto err;
-        op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
-        if (op == NULL) 
-                goto err;
-        ok=OBJ_add_object(op);
-err:
-        ASN1_OBJECT_free(op);
-        OPENSSL_free(buf);
-        return(ok);
-        }
-
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
deleted file mode 100644
index d0371661f9..0000000000
--- a/src/lib/libcrypto/objects/obj_dat.pl
+++ /dev/null
@@ -1,307 +0,0 @@
-#!/usr/local/bin/perl
-
-# fixes bug in floating point emulation on sparc64 when
-# this script produces off-by-one output on sparc64
-use integer;
-
-sub obj_cmp
-        {
-        local(@a,@b,$_,$r);
-
-        $A=$obj_len{$obj{$nid{$a}}};
-        $B=$obj_len{$obj{$nid{$b}}};
-
-        $r=($A-$B);
-        return($r) if $r != 0;
-
-        $A=$obj_der{$obj{$nid{$a}}};
-        $B=$obj_der{$obj{$nid{$b}}};
-
-        return($A cmp $B);
-        }
-
-sub expand_obj
-        {
-        local(*v)=@_;
-        local($k,$d);
-        local($i);
-
-        do      {
-                $i=0;
-                foreach $k (keys %v)
-                        {
-                        if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))
-                                { $i++; }
-                        }
-                } while($i);
-        foreach $k (keys %v)
-                {
-                @a=split(/,/,$v{$k});
-                $objn{$k}=$#a+1;
-                }
-        return(%objn);
-        }
-
-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
-open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-
-while (<IN>)
-        {
-        next unless /^\#define\s+(\S+)\s+(.*)$/;
-        $v=$1;
-        $d=$2;
-        $d =~ s/^\"//;
-        $d =~ s/\"$//;
-        if ($v =~ /^SN_(.*)$/)
-                {
-                if(defined $snames{$d})
-                        {
-                        print "WARNING: Duplicate short name \"$d\"\n";
-                        }
-                else 
-                        { $snames{$d} = "X"; }
-                $sn{$1}=$d;
-                }
-        elsif ($v =~ /^LN_(.*)$/)
-                {
-                if(defined $lnames{$d})
-                        {
-                        print "WARNING: Duplicate long name \"$d\"\n";
-                        }
-                else 
-                        { $lnames{$d} = "X"; }
-                $ln{$1}=$d;
-                }
-        elsif ($v =~ /^NID_(.*)$/)
-                { $nid{$d}=$1; }
-        elsif ($v =~ /^OBJ_(.*)$/)
-                {
-                $obj{$1}=$v;
-                $objd{$v}=$d;
-                }
-        }
-close IN;
-
-%ob=&expand_obj(*objd);
-
-@a=sort { $a <=> $b } keys %nid;
-$n=$a[$#a]+1;
-
-@lvalues=();
-$lvalues=0;
-
-for ($i=0; $i<$n; $i++)
-        {
-        if (!defined($nid{$i}))
-                {
-                push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
-                }
-        else
-                {
-                $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
-                $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
-
-                if ($sn eq "NULL") {
-                        $sn=$ln;
-                        $sn{$nid{$i}} = $ln;
-                }
-
-                if ($ln eq "NULL") {
-                        $ln=$sn;
-                        $ln{$nid{$i}} = $sn;
-                }
-                        
-                $out ="{";
-                $out.="\"$sn\"";
-                $out.=","."\"$ln\"";
-                $out.=",NID_$nid{$i},";
-                if (defined($obj{$nid{$i}}))
-                        {
-                        $v=$objd{$obj{$nid{$i}}};
-                        $v =~ s/L//g;
-                        $v =~ s/,/ /g;
-                        $r=&der_it($v);
-                        $z="";
-                        $length=0;
-                        foreach (unpack("C*",$r))
-                                {
-                                $z.=sprintf("0x%02X,",$_);
-                                $length++;
-                                }
-                        $obj_der{$obj{$nid{$i}}}=$z;
-                        $obj_len{$obj{$nid{$i}}}=$length;
-
-                        push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
-                                $z,$lvalues,$obj{$nid{$i}}));
-                        $out.="$length,&(lvalues[$lvalues]),0";
-                        $lvalues+=$length;
-                        }
-                else
-                        {
-                        $out.="0,NULL";
-                        }
-                $out.="},\n";
-                push(@out,$out);
-                }
-        }
-
-@a=grep(defined($sn{$nid{$_}}),0 .. $n);
-foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
-        {
-        push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
-        }
-
-@a=grep(defined($ln{$nid{$_}}),0 .. $n);
-foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
-        {
-        push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
-        }
-
-@a=grep(defined($obj{$nid{$_}}),0 .. $n);
-foreach (sort obj_cmp @a)
-        {
-        $m=$obj{$nid{$_}};
-        $v=$objd{$m};
-        $v =~ s/L//g;
-        $v =~ s/,/ /g;
-        push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
-        }
-
-print OUT <<'EOF';
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-EOF
-
-printf OUT "#define NUM_NID %d\n",$n;
-printf OUT "#define NUM_SN %d\n",$#sn+1;
-printf OUT "#define NUM_LN %d\n",$#ln+1;
-printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
-
-printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
-print OUT @lvalues;
-print OUT "};\n\n";
-
-printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
-foreach (@out)
-        {
-        if (length($_) > 75)
-                {
-                $out="";
-                foreach (split(/,/))
-                        {
-                        $t=$out.$_.",";
-                        if (length($t) > 70)
-                                {
-                                print OUT "$out\n";
-                                $t="\t$_,";
-                                }
-                        $out=$t;
-                        }
-                chop $out;
-                print OUT "$out";
-                }
-        else
-                { print OUT $_; }
-        }
-print  OUT "};\n\n";
-
-printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
-print  OUT @sn;
-print  OUT "};\n\n";
-
-printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
-print  OUT @ln;
-print  OUT "};\n\n";
-
-printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
-print  OUT @ob;
-print  OUT "};\n\n";
-
-close OUT;
-
-sub der_it
-        {
-        local($v)=@_;
-        local(@a,$i,$ret,@r);
-
-        @a=split(/\s+/,$v);
-        $ret.=pack("C*",$a[0]*40+$a[1]);
-        shift @a;
-        shift @a;
-        foreach (@a)
-                {
-                @r=();
-                $t=0;
-                while ($_ >= 128)
-                        {
-                        $x=$_%128;
-                        $_/=128;
-                        push(@r,((($t++)?0x80:0)|$x));
-                        }
-                push(@r,((($t++)?0x80:0)|$_));
-                $ret.=pack("C*",reverse(@r));
-                }
-        return($ret);
-        }
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
deleted file mode 100644
index 0682979b38..0000000000
--- a/src/lib/libcrypto/objects/obj_err.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/objects/obj_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
-
-static ERR_STRING_DATA OBJ_str_functs[]=
-        {
-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),        "OBJ_add_object"},
-{ERR_FUNC(OBJ_F_OBJ_CREATE),    "OBJ_create"},
-{ERR_FUNC(OBJ_F_OBJ_DUP),       "OBJ_dup"},
-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),    "OBJ_NAME_new_index"},
-{ERR_FUNC(OBJ_F_OBJ_NID2LN),    "OBJ_nid2ln"},
-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ),   "OBJ_nid2obj"},
-{ERR_FUNC(OBJ_F_OBJ_NID2SN),    "OBJ_nid2sn"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA OBJ_str_reasons[]=
-        {
-{ERR_REASON(OBJ_R_MALLOC_FAILURE)        ,"malloc failure"},
-{ERR_REASON(OBJ_R_UNKNOWN_NID)           ,"unknown nid"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_OBJ_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,OBJ_str_functs);
-                ERR_load_strings(0,OBJ_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
deleted file mode 100644
index b0b0f2ff24..0000000000
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/objects/obj_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
-        {
-        ASN1_OBJECT *r;
-        int i;
-        char *ln=NULL;
-
-        if (o == NULL) return(NULL);
-        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-                return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
-                                             duplication is this??? */
-
-        r=ASN1_OBJECT_new();
-        if (r == NULL)
-                {
-                OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
-                return(NULL);
-                }
-        r->data=OPENSSL_malloc(o->length);
-        if (r->data == NULL)
-                goto err;
-        memcpy(r->data,o->data,o->length);
-        r->length=o->length;
-        r->nid=o->nid;
-        r->ln=r->sn=NULL;
-        if (o->ln != NULL)
-                {
-                i=strlen(o->ln)+1;
-                r->ln=ln=OPENSSL_malloc(i);
-                if (r->ln == NULL) goto err;
-                memcpy(ln,o->ln,i);
-                }
-
-        if (o->sn != NULL)
-                {
-                char *s;
-
-                i=strlen(o->sn)+1;
-                r->sn=s=OPENSSL_malloc(i);
-                if (r->sn == NULL) goto err;
-                memcpy(s,o->sn,i);
-                }
-        r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
-                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-        return(r);
-err:
-        OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
-        if (r != NULL)
-                {
-                if (ln != NULL) OPENSSL_free(ln);
-                if (r->data != NULL) OPENSSL_free(r->data);
-                OPENSSL_free(r);
-                }
-        return(NULL);
-        }
-
-int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
-        {
-        int ret;
-
-        ret=(a->length-b->length);
-        if (ret) return(ret);
-        return(memcmp(a->data,b->data,a->length));
-        }
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
deleted file mode 100644
index 84555d936e..0000000000
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ /dev/null
@@ -1,675 +0,0 @@
-undef           0
-rsadsi          1
-pkcs            2
-md2             3
-md5             4
-rc4             5
-rsaEncryption           6
-md2WithRSAEncryption            7
-md5WithRSAEncryption            8
-pbeWithMD2AndDES_CBC            9
-pbeWithMD5AndDES_CBC            10
-X500            11
-X509            12
-commonName              13
-countryName             14
-localityName            15
-stateOrProvinceName             16
-organizationName                17
-organizationalUnitName          18
-rsa             19
-pkcs7           20
-pkcs7_data              21
-pkcs7_signed            22
-pkcs7_enveloped         23
-pkcs7_signedAndEnveloped                24
-pkcs7_digest            25
-pkcs7_encrypted         26
-pkcs3           27
-dhKeyAgreement          28
-des_ecb         29
-des_cfb64               30
-des_cbc         31
-des_ede_ecb             32
-des_ede3_ecb            33
-idea_cbc                34
-idea_cfb64              35
-idea_ecb                36
-rc2_cbc         37
-rc2_ecb         38
-rc2_cfb64               39
-rc2_ofb64               40
-sha             41
-shaWithRSAEncryption            42
-des_ede_cbc             43
-des_ede3_cbc            44
-des_ofb64               45
-idea_ofb64              46
-pkcs9           47
-pkcs9_emailAddress              48
-pkcs9_unstructuredName          49
-pkcs9_contentType               50
-pkcs9_messageDigest             51
-pkcs9_signingTime               52
-pkcs9_countersignature          53
-pkcs9_challengePassword         54
-pkcs9_unstructuredAddress               55
-pkcs9_extCertAttributes         56
-netscape                57
-netscape_cert_extension         58
-netscape_data_type              59
-des_ede_cfb64           60
-des_ede3_cfb64          61
-des_ede_ofb64           62
-des_ede3_ofb64          63
-sha1            64
-sha1WithRSAEncryption           65
-dsaWithSHA              66
-dsa_2           67
-pbeWithSHA1AndRC2_CBC           68
-id_pbkdf2               69
-dsaWithSHA1_2           70
-netscape_cert_type              71
-netscape_base_url               72
-netscape_revocation_url         73
-netscape_ca_revocation_url              74
-netscape_renewal_url            75
-netscape_ca_policy_url          76
-netscape_ssl_server_name                77
-netscape_comment                78
-netscape_cert_sequence          79
-desx_cbc                80
-id_ce           81
-subject_key_identifier          82
-key_usage               83
-private_key_usage_period                84
-subject_alt_name                85
-issuer_alt_name         86
-basic_constraints               87
-crl_number              88
-certificate_policies            89
-authority_key_identifier                90
-bf_cbc          91
-bf_ecb          92
-bf_cfb64                93
-bf_ofb64                94
-mdc2            95
-mdc2WithRSA             96
-rc4_40          97
-rc2_40_cbc              98
-givenName               99
-surname         100
-initials                101
-uniqueIdentifier                102
-crl_distribution_points         103
-md5WithRSA              104
-serialNumber            105
-title           106
-description             107
-cast5_cbc               108
-cast5_ecb               109
-cast5_cfb64             110
-cast5_ofb64             111
-pbeWithMD5AndCast5_CBC          112
-dsaWithSHA1             113
-md5_sha1                114
-sha1WithRSA             115
-dsa             116
-ripemd160               117
-ripemd160WithRSA                119
-rc5_cbc         120
-rc5_ecb         121
-rc5_cfb64               122
-rc5_ofb64               123
-rle_compression         124
-zlib_compression                125
-ext_key_usage           126
-id_pkix         127
-id_kp           128
-server_auth             129
-client_auth             130
-code_sign               131
-email_protect           132
-time_stamp              133
-ms_code_ind             134
-ms_code_com             135
-ms_ctl_sign             136
-ms_sgc          137
-ms_efs          138
-ns_sgc          139
-delta_crl               140
-crl_reason              141
-invalidity_date         142
-sxnet           143
-pbe_WithSHA1And128BitRC4                144
-pbe_WithSHA1And40BitRC4         145
-pbe_WithSHA1And3_Key_TripleDES_CBC              146
-pbe_WithSHA1And2_Key_TripleDES_CBC              147
-pbe_WithSHA1And128BitRC2_CBC            148
-pbe_WithSHA1And40BitRC2_CBC             149
-keyBag          150
-pkcs8ShroudedKeyBag             151
-certBag         152
-crlBag          153
-secretBag               154
-safeContentsBag         155
-friendlyName            156
-localKeyID              157
-x509Certificate         158
-sdsiCertificate         159
-x509Crl         160
-pbes2           161
-pbmac1          162
-hmacWithSHA1            163
-id_qt_cps               164
-id_qt_unotice           165
-rc2_64_cbc              166
-SMIMECapabilities               167
-pbeWithMD2AndRC2_CBC            168
-pbeWithMD5AndRC2_CBC            169
-pbeWithSHA1AndDES_CBC           170
-ms_ext_req              171
-ext_req         172
-name            173
-dnQualifier             174
-id_pe           175
-id_ad           176
-info_access             177
-ad_OCSP         178
-ad_ca_issuers           179
-OCSP_sign               180
-iso             181
-member_body             182
-ISO_US          183
-X9_57           184
-X9cm            185
-pkcs1           186
-pkcs5           187
-SMIME           188
-id_smime_mod            189
-id_smime_ct             190
-id_smime_aa             191
-id_smime_alg            192
-id_smime_cd             193
-id_smime_spq            194
-id_smime_cti            195
-id_smime_mod_cms                196
-id_smime_mod_ess                197
-id_smime_mod_oid                198
-id_smime_mod_msg_v3             199
-id_smime_mod_ets_eSignature_88          200
-id_smime_mod_ets_eSignature_97          201
-id_smime_mod_ets_eSigPolicy_88          202
-id_smime_mod_ets_eSigPolicy_97          203
-id_smime_ct_receipt             204
-id_smime_ct_authData            205
-id_smime_ct_publishCert         206
-id_smime_ct_TSTInfo             207
-id_smime_ct_TDTInfo             208
-id_smime_ct_contentInfo         209
-id_smime_ct_DVCSRequestData             210
-id_smime_ct_DVCSResponseData            211
-id_smime_aa_receiptRequest              212
-id_smime_aa_securityLabel               213
-id_smime_aa_mlExpandHistory             214
-id_smime_aa_contentHint         215
-id_smime_aa_msgSigDigest                216
-id_smime_aa_encapContentType            217
-id_smime_aa_contentIdentifier           218
-id_smime_aa_macValue            219
-id_smime_aa_equivalentLabels            220
-id_smime_aa_contentReference            221
-id_smime_aa_encrypKeyPref               222
-id_smime_aa_signingCertificate          223
-id_smime_aa_smimeEncryptCerts           224
-id_smime_aa_timeStampToken              225
-id_smime_aa_ets_sigPolicyId             226
-id_smime_aa_ets_commitmentType          227
-id_smime_aa_ets_signerLocation          228
-id_smime_aa_ets_signerAttr              229
-id_smime_aa_ets_otherSigCert            230
-id_smime_aa_ets_contentTimestamp                231
-id_smime_aa_ets_CertificateRefs         232
-id_smime_aa_ets_RevocationRefs          233
-id_smime_aa_ets_certValues              234
-id_smime_aa_ets_revocationValues                235
-id_smime_aa_ets_escTimeStamp            236
-id_smime_aa_ets_certCRLTimestamp                237
-id_smime_aa_ets_archiveTimeStamp                238
-id_smime_aa_signatureType               239
-id_smime_aa_dvcs_dvc            240
-id_smime_alg_ESDHwith3DES               241
-id_smime_alg_ESDHwithRC2                242
-id_smime_alg_3DESwrap           243
-id_smime_alg_RC2wrap            244
-id_smime_alg_ESDH               245
-id_smime_alg_CMS3DESwrap                246
-id_smime_alg_CMSRC2wrap         247
-id_smime_cd_ldap                248
-id_smime_spq_ets_sqt_uri                249
-id_smime_spq_ets_sqt_unotice            250
-id_smime_cti_ets_proofOfOrigin          251
-id_smime_cti_ets_proofOfReceipt         252
-id_smime_cti_ets_proofOfDelivery                253
-id_smime_cti_ets_proofOfSender          254
-id_smime_cti_ets_proofOfApproval                255
-id_smime_cti_ets_proofOfCreation                256
-md4             257
-id_pkix_mod             258
-id_qt           259
-id_it           260
-id_pkip         261
-id_alg          262
-id_cmc          263
-id_on           264
-id_pda          265
-id_aca          266
-id_qcs          267
-id_cct          268
-id_pkix1_explicit_88            269
-id_pkix1_implicit_88            270
-id_pkix1_explicit_93            271
-id_pkix1_implicit_93            272
-id_mod_crmf             273
-id_mod_cmc              274
-id_mod_kea_profile_88           275
-id_mod_kea_profile_93           276
-id_mod_cmp              277
-id_mod_qualified_cert_88                278
-id_mod_qualified_cert_93                279
-id_mod_attribute_cert           280
-id_mod_timestamp_protocol               281
-id_mod_ocsp             282
-id_mod_dvcs             283
-id_mod_cmp2000          284
-biometricInfo           285
-qcStatements            286
-ac_auditEntity          287
-ac_targeting            288
-aaControls              289
-sbgp_ipAddrBlock                290
-sbgp_autonomousSysNum           291
-sbgp_routerIdentifier           292
-textNotice              293
-ipsecEndSystem          294
-ipsecTunnel             295
-ipsecUser               296
-dvcs            297
-id_it_caProtEncCert             298
-id_it_signKeyPairTypes          299
-id_it_encKeyPairTypes           300
-id_it_preferredSymmAlg          301
-id_it_caKeyUpdateInfo           302
-id_it_currentCRL                303
-id_it_unsupportedOIDs           304
-id_it_subscriptionRequest               305
-id_it_subscriptionResponse              306
-id_it_keyPairParamReq           307
-id_it_keyPairParamRep           308
-id_it_revPassphrase             309
-id_it_implicitConfirm           310
-id_it_confirmWaitTime           311
-id_it_origPKIMessage            312
-id_regCtrl              313
-id_regInfo              314
-id_regCtrl_regToken             315
-id_regCtrl_authenticator                316
-id_regCtrl_pkiPublicationInfo           317
-id_regCtrl_pkiArchiveOptions            318
-id_regCtrl_oldCertID            319
-id_regCtrl_protocolEncrKey              320
-id_regInfo_utf8Pairs            321
-id_regInfo_certReq              322
-id_alg_des40            323
-id_alg_noSignature              324
-id_alg_dh_sig_hmac_sha1         325
-id_alg_dh_pop           326
-id_cmc_statusInfo               327
-id_cmc_identification           328
-id_cmc_identityProof            329
-id_cmc_dataReturn               330
-id_cmc_transactionId            331
-id_cmc_senderNonce              332
-id_cmc_recipientNonce           333
-id_cmc_addExtensions            334
-id_cmc_encryptedPOP             335
-id_cmc_decryptedPOP             336
-id_cmc_lraPOPWitness            337
-id_cmc_getCert          338
-id_cmc_getCRL           339
-id_cmc_revokeRequest            340
-id_cmc_regInfo          341
-id_cmc_responseInfo             342
-id_cmc_queryPending             343
-id_cmc_popLinkRandom            344
-id_cmc_popLinkWitness           345
-id_cmc_confirmCertAcceptance            346
-id_on_personalData              347
-id_pda_dateOfBirth              348
-id_pda_placeOfBirth             349
-id_pda_pseudonym                350
-id_pda_gender           351
-id_pda_countryOfCitizenship             352
-id_pda_countryOfResidence               353
-id_aca_authenticationInfo               354
-id_aca_accessIdentity           355
-id_aca_chargingIdentity         356
-id_aca_group            357
-id_aca_role             358
-id_qcs_pkixQCSyntax_v1          359
-id_cct_crs              360
-id_cct_PKIData          361
-id_cct_PKIResponse              362
-ad_timeStamping         363
-ad_dvcs         364
-id_pkix_OCSP_basic              365
-id_pkix_OCSP_Nonce              366
-id_pkix_OCSP_CrlID              367
-id_pkix_OCSP_acceptableResponses                368
-id_pkix_OCSP_noCheck            369
-id_pkix_OCSP_archiveCutoff              370
-id_pkix_OCSP_serviceLocator             371
-id_pkix_OCSP_extendedStatus             372
-id_pkix_OCSP_valid              373
-id_pkix_OCSP_path               374
-id_pkix_OCSP_trustRoot          375
-algorithm               376
-rsaSignature            377
-X500algorithms          378
-org             379
-dod             380
-iana            381
-Directory               382
-Management              383
-Experimental            384
-Private         385
-Security                386
-SNMPv2          387
-Mail            388
-Enterprises             389
-dcObject                390
-domainComponent         391
-Domain          392
-joint_iso_ccitt         393
-selected_attribute_types                394
-clearance               395
-md4WithRSAEncryption            396
-ac_proxying             397
-sinfo_access            398
-id_aca_encAttrs         399
-role            400
-policy_constraints              401
-target_information              402
-no_rev_avail            403
-ccitt           404
-ansi_X9_62              405
-X9_62_prime_field               406
-X9_62_characteristic_two_field          407
-X9_62_id_ecPublicKey            408
-X9_62_prime192v1                409
-X9_62_prime192v2                410
-X9_62_prime192v3                411
-X9_62_prime239v1                412
-X9_62_prime239v2                413
-X9_62_prime239v3                414
-X9_62_prime256v1                415
-ecdsa_with_SHA1         416
-ms_csp_name             417
-aes_128_ecb             418
-aes_128_cbc             419
-aes_128_ofb128          420
-aes_128_cfb128          421
-aes_192_ecb             422
-aes_192_cbc             423
-aes_192_ofb128          424
-aes_192_cfb128          425
-aes_256_ecb             426
-aes_256_cbc             427
-aes_256_ofb128          428
-aes_256_cfb128          429
-hold_instruction_code           430
-hold_instruction_none           431
-hold_instruction_call_issuer            432
-hold_instruction_reject         433
-data            434
-pss             435
-ucl             436
-pilot           437
-pilotAttributeType              438
-pilotAttributeSyntax            439
-pilotObjectClass                440
-pilotGroups             441
-iA5StringSyntax         442
-caseIgnoreIA5StringSyntax               443
-pilotObject             444
-pilotPerson             445
-account         446
-document                447
-room            448
-documentSeries          449
-rFC822localPart         450
-dNSDomain               451
-domainRelatedObject             452
-friendlyCountry         453
-simpleSecurityObject            454
-pilotOrganization               455
-pilotDSA                456
-qualityLabelledData             457
-userId          458
-textEncodedORAddress            459
-rfc822Mailbox           460
-info            461
-favouriteDrink          462
-roomNumber              463
-photo           464
-userClass               465
-host            466
-manager         467
-documentIdentifier              468
-documentTitle           469
-documentVersion         470
-documentAuthor          471
-documentLocation                472
-homeTelephoneNumber             473
-secretary               474
-otherMailbox            475
-lastModifiedTime                476
-lastModifiedBy          477
-aRecord         478
-pilotAttributeType27            479
-mXRecord                480
-nSRecord                481
-sOARecord               482
-cNAMERecord             483
-associatedDomain                484
-associatedName          485
-homePostalAddress               486
-personalTitle           487
-mobileTelephoneNumber           488
-pagerTelephoneNumber            489
-friendlyCountryName             490
-organizationalStatus            491
-janetMailbox            492
-mailPreferenceOption            493
-buildingName            494
-dSAQuality              495
-singleLevelQuality              496
-subtreeMinimumQuality           497
-subtreeMaximumQuality           498
-personalSignature               499
-dITRedirect             500
-audio           501
-documentPublisher               502
-x500UniqueIdentifier            503
-mime_mhs                504
-mime_mhs_headings               505
-mime_mhs_bodies         506
-id_hex_partial_message          507
-id_hex_multipart_message                508
-generationQualifier             509
-pseudonym               510
-InternationalRA         511
-id_set          512
-set_ctype               513
-set_msgExt              514
-set_attr                515
-set_policy              516
-set_certExt             517
-set_brand               518
-setct_PANData           519
-setct_PANToken          520
-setct_PANOnly           521
-setct_OIData            522
-setct_PI                523
-setct_PIData            524
-setct_PIDataUnsigned            525
-setct_HODInput          526
-setct_AuthResBaggage            527
-setct_AuthRevReqBaggage         528
-setct_AuthRevResBaggage         529
-setct_CapTokenSeq               530
-setct_PInitResData              531
-setct_PI_TBS            532
-setct_PResData          533
-setct_AuthReqTBS                534
-setct_AuthResTBS                535
-setct_AuthResTBSX               536
-setct_AuthTokenTBS              537
-setct_CapTokenData              538
-setct_CapTokenTBS               539
-setct_AcqCardCodeMsg            540
-setct_AuthRevReqTBS             541
-setct_AuthRevResData            542
-setct_AuthRevResTBS             543
-setct_CapReqTBS         544
-setct_CapReqTBSX                545
-setct_CapResData                546
-setct_CapRevReqTBS              547
-setct_CapRevReqTBSX             548
-setct_CapRevResData             549
-setct_CredReqTBS                550
-setct_CredReqTBSX               551
-setct_CredResData               552
-setct_CredRevReqTBS             553
-setct_CredRevReqTBSX            554
-setct_CredRevResData            555
-setct_PCertReqData              556
-setct_PCertResTBS               557
-setct_BatchAdminReqData         558
-setct_BatchAdminResData         559
-setct_CardCInitResTBS           560
-setct_MeAqCInitResTBS           561
-setct_RegFormResTBS             562
-setct_CertReqData               563
-setct_CertReqTBS                564
-setct_CertResData               565
-setct_CertInqReqTBS             566
-setct_ErrorTBS          567
-setct_PIDualSignedTBE           568
-setct_PIUnsignedTBE             569
-setct_AuthReqTBE                570
-setct_AuthResTBE                571
-setct_AuthResTBEX               572
-setct_AuthTokenTBE              573
-setct_CapTokenTBE               574
-setct_CapTokenTBEX              575
-setct_AcqCardCodeMsgTBE         576
-setct_AuthRevReqTBE             577
-setct_AuthRevResTBE             578
-setct_AuthRevResTBEB            579
-setct_CapReqTBE         580
-setct_CapReqTBEX                581
-setct_CapResTBE         582
-setct_CapRevReqTBE              583
-setct_CapRevReqTBEX             584
-setct_CapRevResTBE              585
-setct_CredReqTBE                586
-setct_CredReqTBEX               587
-setct_CredResTBE                588
-setct_CredRevReqTBE             589
-setct_CredRevReqTBEX            590
-setct_CredRevResTBE             591
-setct_BatchAdminReqTBE          592
-setct_BatchAdminResTBE          593
-setct_RegFormReqTBE             594
-setct_CertReqTBE                595
-setct_CertReqTBEX               596
-setct_CertResTBE                597
-setct_CRLNotificationTBS                598
-setct_CRLNotificationResTBS             599
-setct_BCIDistributionTBS                600
-setext_genCrypt         601
-setext_miAuth           602
-setext_pinSecure                603
-setext_pinAny           604
-setext_track2           605
-setext_cv               606
-set_policy_root         607
-setCext_hashedRoot              608
-setCext_certType                609
-setCext_merchData               610
-setCext_cCertRequired           611
-setCext_tunneling               612
-setCext_setExt          613
-setCext_setQualf                614
-setCext_PGWYcapabilities                615
-setCext_TokenIdentifier         616
-setCext_Track2Data              617
-setCext_TokenType               618
-setCext_IssuerCapabilities              619
-setAttr_Cert            620
-setAttr_PGWYcap         621
-setAttr_TokenType               622
-setAttr_IssCap          623
-set_rootKeyThumb                624
-set_addPolicy           625
-setAttr_Token_EMV               626
-setAttr_Token_B0Prime           627
-setAttr_IssCap_CVM              628
-setAttr_IssCap_T2               629
-setAttr_IssCap_Sig              630
-setAttr_GenCryptgrm             631
-setAttr_T2Enc           632
-setAttr_T2cleartxt              633
-setAttr_TokICCsig               634
-setAttr_SecDevSig               635
-set_brand_IATA_ATA              636
-set_brand_Diners                637
-set_brand_AmericanExpress               638
-set_brand_JCB           639
-set_brand_Visa          640
-set_brand_MasterCard            641
-set_brand_Novus         642
-des_cdmf                643
-rsaOAEPEncryptionSET            644
-itu_t           645
-joint_iso_itu_t         646
-international_organizations             647
-ms_smartcard_login              648
-ms_upn          649
-aes_128_cfb1            650
-aes_192_cfb1            651
-aes_256_cfb1            652
-aes_128_cfb8            653
-aes_192_cfb8            654
-aes_256_cfb8            655
-des_cfb1                656
-des_cfb8                657
-des_ede3_cfb1           658
-des_ede3_cfb8           659
-streetAddress           660
-postalCode              661
-id_ppl          662
-proxyCertInfo           663
-id_ppl_anyLanguage              664
-id_ppl_inheritAll               665
-name_constraints                666
-Independent             667
-sha256WithRSAEncryption         668
-sha384WithRSAEncryption         669
-sha512WithRSAEncryption         670
-sha224WithRSAEncryption         671
-sha256          672
-sha384          673
-sha512          674
-sha224          675
diff --git a/src/lib/libcrypto/objects/objects.README b/src/lib/libcrypto/objects/objects.README
deleted file mode 100644
index 4d745508d8..0000000000
--- a/src/lib/libcrypto/objects/objects.README
+++ /dev/null
@@ -1,44 +0,0 @@
-objects.txt syntax
-------------------
-
-To cover all the naming hacks that were previously in objects.h needed some
-kind of hacks in objects.txt.
-
-The basic syntax for adding an object is as follows:
-
-        1 2 3 4         : shortName     : Long Name
-
-                If the long name doesn't contain spaces, or no short name
-                exists, the long name is used as basis for the base name
-                in C.  Otherwise, the short name is used.
-
-                The base name (let's call it 'base') will then be used to
-                create the C macros SN_base, LN_base, NID_base and OBJ_base.
-
-                Note that if the base name contains spaces, dashes or periods,
-                those will be converte to underscore.
-
-Then there are some extra commands:
-
-        !Alias foo 1 2 3 4
-
-                This juts makes a name foo for an OID.  The C macro
-                OBJ_foo will be created as a result.
-
-        !Cname foo
-
-                This makes sure that the name foo will be used as base name
-                in C.
-
-        !module foo
-        1 2 3 4         : shortName     : Long Name
-        !global
-
-                The !module command was meant to define a kind of modularity.
-                What it does is to make sure the module name is prepended
-                to the base name.  !global turns this off.  This construction
-                is not recursive.
-
-Lines starting with # are treated as comments, as well as any line starting
-with ! and not matching the commands above.
-
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h
deleted file mode 100644
index f859d859b8..0000000000
--- a/src/lib/libcrypto/objects/objects.h
+++ /dev/null
@@ -1,1044 +0,0 @@
-/* crypto/objects/objects.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_OBJECTS_H
-#define HEADER_OBJECTS_H
-
-#define USE_OBJ_MAC
-
-#ifdef USE_OBJ_MAC
-#include <openssl/obj_mac.h>
-#else
-#define SN_undef                        "UNDEF"
-#define LN_undef                        "undefined"
-#define NID_undef                       0
-#define OBJ_undef                       0L
-
-#define SN_Algorithm                    "Algorithm"
-#define LN_algorithm                    "algorithm"
-#define NID_algorithm                   38
-#define OBJ_algorithm                   1L,3L,14L,3L,2L
-
-#define LN_rsadsi                       "rsadsi"
-#define NID_rsadsi                      1
-#define OBJ_rsadsi                      1L,2L,840L,113549L
-
-#define LN_pkcs                         "pkcs"
-#define NID_pkcs                        2
-#define OBJ_pkcs                        OBJ_rsadsi,1L
-
-#define SN_md2                          "MD2"
-#define LN_md2                          "md2"
-#define NID_md2                         3
-#define OBJ_md2                         OBJ_rsadsi,2L,2L
-
-#define SN_md5                          "MD5"
-#define LN_md5                          "md5"
-#define NID_md5                         4
-#define OBJ_md5                         OBJ_rsadsi,2L,5L
-
-#define SN_rc4                          "RC4"
-#define LN_rc4                          "rc4"
-#define NID_rc4                         5
-#define OBJ_rc4                         OBJ_rsadsi,3L,4L
-
-#define LN_rsaEncryption                "rsaEncryption"
-#define NID_rsaEncryption               6
-#define OBJ_rsaEncryption               OBJ_pkcs,1L,1L
-
-#define SN_md2WithRSAEncryption         "RSA-MD2"
-#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption        7
-#define OBJ_md2WithRSAEncryption        OBJ_pkcs,1L,2L
-
-#define SN_md5WithRSAEncryption         "RSA-MD5"
-#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption        8
-#define OBJ_md5WithRSAEncryption        OBJ_pkcs,1L,4L
-
-#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC        9
-#define OBJ_pbeWithMD2AndDES_CBC        OBJ_pkcs,5L,1L
-
-#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC        10
-#define OBJ_pbeWithMD5AndDES_CBC        OBJ_pkcs,5L,3L
-
-#define LN_X500                         "X500"
-#define NID_X500                        11
-#define OBJ_X500                        2L,5L
-
-#define LN_X509                         "X509"
-#define NID_X509                        12
-#define OBJ_X509                        OBJ_X500,4L
-
-#define SN_commonName                   "CN"
-#define LN_commonName                   "commonName"
-#define NID_commonName                  13
-#define OBJ_commonName                  OBJ_X509,3L
-
-#define SN_countryName                  "C"
-#define LN_countryName                  "countryName"
-#define NID_countryName                 14
-#define OBJ_countryName                 OBJ_X509,6L
-
-#define SN_localityName                 "L"
-#define LN_localityName                 "localityName"
-#define NID_localityName                15
-#define OBJ_localityName                OBJ_X509,7L
-
-/* Postal Address? PA */
-
-/* should be "ST" (rfc1327) but MS uses 'S' */
-#define SN_stateOrProvinceName          "ST"
-#define LN_stateOrProvinceName          "stateOrProvinceName"
-#define NID_stateOrProvinceName         16
-#define OBJ_stateOrProvinceName         OBJ_X509,8L
-
-#define SN_organizationName             "O"
-#define LN_organizationName             "organizationName"
-#define NID_organizationName            17
-#define OBJ_organizationName            OBJ_X509,10L
-
-#define SN_organizationalUnitName       "OU"
-#define LN_organizationalUnitName       "organizationalUnitName"
-#define NID_organizationalUnitName      18
-#define OBJ_organizationalUnitName      OBJ_X509,11L
-
-#define SN_rsa                          "RSA"
-#define LN_rsa                          "rsa"
-#define NID_rsa                         19
-#define OBJ_rsa                         OBJ_X500,8L,1L,1L
-
-#define LN_pkcs7                        "pkcs7"
-#define NID_pkcs7                       20
-#define OBJ_pkcs7                       OBJ_pkcs,7L
-
-#define LN_pkcs7_data                   "pkcs7-data"
-#define NID_pkcs7_data                  21
-#define OBJ_pkcs7_data                  OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed                 "pkcs7-signedData"
-#define NID_pkcs7_signed                22
-#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
-#define NID_pkcs7_enveloped             23
-#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped     "pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped    24
-#define OBJ_pkcs7_signedAndEnveloped    OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest                 "pkcs7-digestData"
-#define NID_pkcs7_digest                25
-#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
-#define NID_pkcs7_encrypted             26
-#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
-
-#define LN_pkcs3                        "pkcs3"
-#define NID_pkcs3                       27
-#define OBJ_pkcs3                       OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement               "dhKeyAgreement"
-#define NID_dhKeyAgreement              28
-#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
-
-#define SN_des_ecb                      "DES-ECB"
-#define LN_des_ecb                      "des-ecb"
-#define NID_des_ecb                     29
-#define OBJ_des_ecb                     OBJ_algorithm,6L
-
-#define SN_des_cfb64                    "DES-CFB"
-#define LN_des_cfb64                    "des-cfb"
-#define NID_des_cfb64                   30
-/* IV + num */
-#define OBJ_des_cfb64                   OBJ_algorithm,9L
-
-#define SN_des_cbc                      "DES-CBC"
-#define LN_des_cbc                      "des-cbc"
-#define NID_des_cbc                     31
-/* IV */
-#define OBJ_des_cbc                     OBJ_algorithm,7L
-
-#define SN_des_ede                      "DES-EDE"
-#define LN_des_ede                      "des-ede"
-#define NID_des_ede                     32
-/* ?? */
-#define OBJ_des_ede                     OBJ_algorithm,17L
-
-#define SN_des_ede3                     "DES-EDE3"
-#define LN_des_ede3                     "des-ede3"
-#define NID_des_ede3                    33
-
-#define SN_idea_cbc                     "IDEA-CBC"
-#define LN_idea_cbc                     "idea-cbc"
-#define NID_idea_cbc                    34
-#define OBJ_idea_cbc                    1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_cfb64                   "IDEA-CFB"
-#define LN_idea_cfb64                   "idea-cfb"
-#define NID_idea_cfb64                  35
-
-#define SN_idea_ecb                     "IDEA-ECB"
-#define LN_idea_ecb                     "idea-ecb"
-#define NID_idea_ecb                    36
-
-#define SN_rc2_cbc                      "RC2-CBC"
-#define LN_rc2_cbc                      "rc2-cbc"
-#define NID_rc2_cbc                     37
-#define OBJ_rc2_cbc                     OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb                      "RC2-ECB"
-#define LN_rc2_ecb                      "rc2-ecb"
-#define NID_rc2_ecb                     38
-
-#define SN_rc2_cfb64                    "RC2-CFB"
-#define LN_rc2_cfb64                    "rc2-cfb"
-#define NID_rc2_cfb64                   39
-
-#define SN_rc2_ofb64                    "RC2-OFB"
-#define LN_rc2_ofb64                    "rc2-ofb"
-#define NID_rc2_ofb64                   40
-
-#define SN_sha                          "SHA"
-#define LN_sha                          "sha"
-#define NID_sha                         41
-#define OBJ_sha                         OBJ_algorithm,18L
-
-#define SN_shaWithRSAEncryption         "RSA-SHA"
-#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption        42
-#define OBJ_shaWithRSAEncryption        OBJ_algorithm,15L
-
-#define SN_des_ede_cbc                  "DES-EDE-CBC"
-#define LN_des_ede_cbc                  "des-ede-cbc"
-#define NID_des_ede_cbc                 43
-
-#define SN_des_ede3_cbc                 "DES-EDE3-CBC"
-#define LN_des_ede3_cbc                 "des-ede3-cbc"
-#define NID_des_ede3_cbc                44
-#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
-
-#define SN_des_ofb64                    "DES-OFB"
-#define LN_des_ofb64                    "des-ofb"
-#define NID_des_ofb64                   45
-#define OBJ_des_ofb64                   OBJ_algorithm,8L
-
-#define SN_idea_ofb64                   "IDEA-OFB"
-#define LN_idea_ofb64                   "idea-ofb"
-#define NID_idea_ofb64                  46
-
-#define LN_pkcs9                        "pkcs9"
-#define NID_pkcs9                       47
-#define OBJ_pkcs9                       OBJ_pkcs,9L
-
-#define SN_pkcs9_emailAddress           "Email"
-#define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
-#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName       "unstructuredName"
-#define NID_pkcs9_unstructuredName      49
-#define OBJ_pkcs9_unstructuredName      OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType            "contentType"
-#define NID_pkcs9_contentType           50
-#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest          "messageDigest"
-#define NID_pkcs9_messageDigest         51
-#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime            "signingTime"
-#define NID_pkcs9_signingTime           52
-#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature       "countersignature"
-#define NID_pkcs9_countersignature      53
-#define OBJ_pkcs9_countersignature      OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword      "challengePassword"
-#define NID_pkcs9_challengePassword     54
-#define OBJ_pkcs9_challengePassword     OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress    "unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress   55
-#define OBJ_pkcs9_unstructuredAddress   OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes      "extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes     56
-#define OBJ_pkcs9_extCertAttributes     OBJ_pkcs9,9L
-
-#define SN_netscape                     "Netscape"
-#define LN_netscape                     "Netscape Communications Corp."
-#define NID_netscape                    57
-#define OBJ_netscape                    2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension      "nsCertExt"
-#define LN_netscape_cert_extension      "Netscape Certificate Extension"
-#define NID_netscape_cert_extension     58
-#define OBJ_netscape_cert_extension     OBJ_netscape,1L
-
-#define SN_netscape_data_type           "nsDataType"
-#define LN_netscape_data_type           "Netscape Data Type"
-#define NID_netscape_data_type          59
-#define OBJ_netscape_data_type          OBJ_netscape,2L
-
-#define SN_des_ede_cfb64                "DES-EDE-CFB"
-#define LN_des_ede_cfb64                "des-ede-cfb"
-#define NID_des_ede_cfb64               60
-
-#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
-#define LN_des_ede3_cfb64               "des-ede3-cfb"
-#define NID_des_ede3_cfb64              61
-
-#define SN_des_ede_ofb64                "DES-EDE-OFB"
-#define LN_des_ede_ofb64                "des-ede-ofb"
-#define NID_des_ede_ofb64               62
-
-#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
-#define LN_des_ede3_ofb64               "des-ede3-ofb"
-#define NID_des_ede3_ofb64              63
-
-/* I'm not sure about the object ID */
-#define SN_sha1                         "SHA1"
-#define LN_sha1                         "sha1"
-#define NID_sha1                        64
-#define OBJ_sha1                        OBJ_algorithm,26L
-/* 28 Jun 1996 - eay */
-/* #define OBJ_sha1                     1L,3L,14L,2L,26L,05L <- wrong */
-
-#define SN_sha1WithRSAEncryption        "RSA-SHA1"
-#define LN_sha1WithRSAEncryption        "sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption       65
-#define OBJ_sha1WithRSAEncryption       OBJ_pkcs,1L,5L
-
-#define SN_dsaWithSHA                   "DSA-SHA"
-#define LN_dsaWithSHA                   "dsaWithSHA"
-#define NID_dsaWithSHA                  66
-#define OBJ_dsaWithSHA                  OBJ_algorithm,13L
-
-#define SN_dsa_2                        "DSA-old"
-#define LN_dsa_2                        "dsaEncryption-old"
-#define NID_dsa_2                       67
-#define OBJ_dsa_2                       OBJ_algorithm,12L
-
-/* proposed by microsoft to RSA */
-#define SN_pbeWithSHA1AndRC2_CBC        "PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC        "pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC       68
-#define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L 
-
-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
- * completely different.
- */
-#define LN_id_pbkdf2                    "PBKDF2"
-#define NID_id_pbkdf2                   69
-#define OBJ_id_pbkdf2                   OBJ_pkcs,5L,12L 
-
-#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
-#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2               70
-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
-
-#define SN_netscape_cert_type           "nsCertType"
-#define LN_netscape_cert_type           "Netscape Cert Type"
-#define NID_netscape_cert_type          71
-#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url            "nsBaseUrl"
-#define LN_netscape_base_url            "Netscape Base Url"
-#define NID_netscape_base_url           72
-#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url      "nsRevocationUrl"
-#define LN_netscape_revocation_url      "Netscape Revocation Url"
-#define NID_netscape_revocation_url     73
-#define OBJ_netscape_revocation_url     OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url   "nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url   "Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url  74
-#define OBJ_netscape_ca_revocation_url  OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url         "nsRenewalUrl"
-#define LN_netscape_renewal_url         "Netscape Renewal Url"
-#define NID_netscape_renewal_url        75
-#define OBJ_netscape_renewal_url        OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url       "nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url       "Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url      76
-#define OBJ_netscape_ca_policy_url      OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name     "nsSslServerName"
-#define LN_netscape_ssl_server_name     "Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name    77
-#define OBJ_netscape_ssl_server_name    OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment             "nsComment"
-#define LN_netscape_comment             "Netscape Comment"
-#define NID_netscape_comment            78
-#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence       "nsCertSequence"
-#define LN_netscape_cert_sequence       "Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence      79
-#define OBJ_netscape_cert_sequence      OBJ_netscape_data_type,5L
-
-#define SN_desx_cbc                     "DESX-CBC"
-#define LN_desx_cbc                     "desx-cbc"
-#define NID_desx_cbc                    80
-
-#define SN_id_ce                        "id-ce"
-#define NID_id_ce                       81
-#define OBJ_id_ce                       2L,5L,29L
-
-#define SN_subject_key_identifier       "subjectKeyIdentifier"
-#define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier      82
-#define OBJ_subject_key_identifier      OBJ_id_ce,14L
-
-#define SN_key_usage                    "keyUsage"
-#define LN_key_usage                    "X509v3 Key Usage"
-#define NID_key_usage                   83
-#define OBJ_key_usage                   OBJ_id_ce,15L
-
-#define SN_private_key_usage_period     "privateKeyUsagePeriod"
-#define LN_private_key_usage_period     "X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period    84
-#define OBJ_private_key_usage_period    OBJ_id_ce,16L
-
-#define SN_subject_alt_name             "subjectAltName"
-#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
-#define NID_subject_alt_name            85
-#define OBJ_subject_alt_name            OBJ_id_ce,17L
-
-#define SN_issuer_alt_name              "issuerAltName"
-#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name             86
-#define OBJ_issuer_alt_name             OBJ_id_ce,18L
-
-#define SN_basic_constraints            "basicConstraints"
-#define LN_basic_constraints            "X509v3 Basic Constraints"
-#define NID_basic_constraints           87
-#define OBJ_basic_constraints           OBJ_id_ce,19L
-
-#define SN_crl_number                   "crlNumber"
-#define LN_crl_number                   "X509v3 CRL Number"
-#define NID_crl_number                  88
-#define OBJ_crl_number                  OBJ_id_ce,20L
-
-#define SN_certificate_policies         "certificatePolicies"
-#define LN_certificate_policies         "X509v3 Certificate Policies"
-#define NID_certificate_policies        89
-#define OBJ_certificate_policies        OBJ_id_ce,32L
-
-#define SN_authority_key_identifier     "authorityKeyIdentifier"
-#define LN_authority_key_identifier     "X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier    90
-#define OBJ_authority_key_identifier    OBJ_id_ce,35L
-
-#define SN_bf_cbc                       "BF-CBC"
-#define LN_bf_cbc                       "bf-cbc"
-#define NID_bf_cbc                      91
-#define OBJ_bf_cbc                      1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb                       "BF-ECB"
-#define LN_bf_ecb                       "bf-ecb"
-#define NID_bf_ecb                      92
-
-#define SN_bf_cfb64                     "BF-CFB"
-#define LN_bf_cfb64                     "bf-cfb"
-#define NID_bf_cfb64                    93
-
-#define SN_bf_ofb64                     "BF-OFB"
-#define LN_bf_ofb64                     "bf-ofb"
-#define NID_bf_ofb64                    94
-
-#define SN_mdc2                         "MDC2"
-#define LN_mdc2                         "mdc2"
-#define NID_mdc2                        95
-#define OBJ_mdc2                        2L,5L,8L,3L,101L
-/* An alternative?                      1L,3L,14L,3L,2L,19L */
-
-#define SN_mdc2WithRSA                  "RSA-MDC2"
-#define LN_mdc2WithRSA                  "mdc2withRSA"
-#define NID_mdc2WithRSA                 96
-#define OBJ_mdc2WithRSA                 2L,5L,8L,3L,100L
-
-#define SN_rc4_40                       "RC4-40"
-#define LN_rc4_40                       "rc4-40"
-#define NID_rc4_40                      97
-
-#define SN_rc2_40_cbc                   "RC2-40-CBC"
-#define LN_rc2_40_cbc                   "rc2-40-cbc"
-#define NID_rc2_40_cbc                  98
-
-#define SN_givenName                    "G"
-#define LN_givenName                    "givenName"
-#define NID_givenName                   99
-#define OBJ_givenName                   OBJ_X509,42L
-
-#define SN_surname                      "S"
-#define LN_surname                      "surname"
-#define NID_surname                     100
-#define OBJ_surname                     OBJ_X509,4L
-
-#define SN_initials                     "I"
-#define LN_initials                     "initials"
-#define NID_initials                    101
-#define OBJ_initials                    OBJ_X509,43L
-
-#define SN_uniqueIdentifier             "UID"
-#define LN_uniqueIdentifier             "uniqueIdentifier"
-#define NID_uniqueIdentifier            102
-#define OBJ_uniqueIdentifier            OBJ_X509,45L
-
-#define SN_crl_distribution_points      "crlDistributionPoints"
-#define LN_crl_distribution_points      "X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points     103
-#define OBJ_crl_distribution_points     OBJ_id_ce,31L
-
-#define SN_md5WithRSA                   "RSA-NP-MD5"
-#define LN_md5WithRSA                   "md5WithRSA"
-#define NID_md5WithRSA                  104
-#define OBJ_md5WithRSA                  OBJ_algorithm,3L
-
-#define SN_serialNumber                 "SN"
-#define LN_serialNumber                 "serialNumber"
-#define NID_serialNumber                105
-#define OBJ_serialNumber                OBJ_X509,5L
-
-#define SN_title                        "T"
-#define LN_title                        "title"
-#define NID_title                       106
-#define OBJ_title                       OBJ_X509,12L
-
-#define SN_description                  "D"
-#define LN_description                  "description"
-#define NID_description                 107
-#define OBJ_description                 OBJ_X509,13L
-
-/* CAST5 is CAST-128, I'm just sticking with the documentation */
-#define SN_cast5_cbc                    "CAST5-CBC"
-#define LN_cast5_cbc                    "cast5-cbc"
-#define NID_cast5_cbc                   108
-#define OBJ_cast5_cbc                   1L,2L,840L,113533L,7L,66L,10L
-
-#define SN_cast5_ecb                    "CAST5-ECB"
-#define LN_cast5_ecb                    "cast5-ecb"
-#define NID_cast5_ecb                   109
-
-#define SN_cast5_cfb64                  "CAST5-CFB"
-#define LN_cast5_cfb64                  "cast5-cfb"
-#define NID_cast5_cfb64                 110
-
-#define SN_cast5_ofb64                  "CAST5-OFB"
-#define LN_cast5_ofb64                  "cast5-ofb"
-#define NID_cast5_ofb64                 111
-
-#define LN_pbeWithMD5AndCast5_CBC       "pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC      112
-#define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
-
-/* This is one sun will soon be using :-(
- * id-dsa-with-sha1 ID  ::= {
- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
- */
-#define SN_dsaWithSHA1                  "DSA-SHA1"
-#define LN_dsaWithSHA1                  "dsaWithSHA1"
-#define NID_dsaWithSHA1                 113
-#define OBJ_dsaWithSHA1                 1L,2L,840L,10040L,4L,3L
-
-#define NID_md5_sha1                    114
-#define SN_md5_sha1                     "MD5-SHA1"
-#define LN_md5_sha1                     "md5-sha1"
-
-#define SN_sha1WithRSA                  "RSA-SHA1-2"
-#define LN_sha1WithRSA                  "sha1WithRSA"
-#define NID_sha1WithRSA                 115
-#define OBJ_sha1WithRSA                 OBJ_algorithm,29L
-
-#define SN_dsa                          "DSA"
-#define LN_dsa                          "dsaEncryption"
-#define NID_dsa                         116
-#define OBJ_dsa                         1L,2L,840L,10040L,4L,1L
-
-#define SN_ripemd160                    "RIPEMD160"
-#define LN_ripemd160                    "ripemd160"
-#define NID_ripemd160                   117
-#define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
-
-/* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to continue using the convention I'm using with the other ciphers */
-#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
-#define LN_ripemd160WithRSA             "ripemd160WithRSA"
-#define NID_ripemd160WithRSA            119
-#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
-
-/* Taken from rfc2040
- *  RC5_CBC_Parameters ::= SEQUENCE {
- *      version           INTEGER (v1_0(16)),
- *      rounds            INTEGER (8..127),
- *      blockSizeInBits   INTEGER (64, 128),
- *      iv                OCTET STRING OPTIONAL
- *      }
- */
-#define SN_rc5_cbc                      "RC5-CBC"
-#define LN_rc5_cbc                      "rc5-cbc"
-#define NID_rc5_cbc                     120
-#define OBJ_rc5_cbc                     OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb                      "RC5-ECB"
-#define LN_rc5_ecb                      "rc5-ecb"
-#define NID_rc5_ecb                     121
-
-#define SN_rc5_cfb64                    "RC5-CFB"
-#define LN_rc5_cfb64                    "rc5-cfb"
-#define NID_rc5_cfb64                   122
-
-#define SN_rc5_ofb64                    "RC5-OFB"
-#define LN_rc5_ofb64                    "rc5-ofb"
-#define NID_rc5_ofb64                   123
-
-#define SN_rle_compression              "RLE"
-#define LN_rle_compression              "run length compression"
-#define NID_rle_compression             124
-#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression             "ZLIB"
-#define LN_zlib_compression             "zlib compression"
-#define NID_zlib_compression            125
-#define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
-
-#define SN_ext_key_usage                "extendedKeyUsage"
-#define LN_ext_key_usage                "X509v3 Extended Key Usage"
-#define NID_ext_key_usage               126
-#define OBJ_ext_key_usage               OBJ_id_ce,37
-
-#define SN_id_pkix                      "PKIX"
-#define NID_id_pkix                     127
-#define OBJ_id_pkix                     1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_kp                        "id-kp"
-#define NID_id_kp                       128
-#define OBJ_id_kp                       OBJ_id_pkix,3L
-
-/* PKIX extended key usage OIDs */
-
-#define SN_server_auth                  "serverAuth"
-#define LN_server_auth                  "TLS Web Server Authentication"
-#define NID_server_auth                 129
-#define OBJ_server_auth                 OBJ_id_kp,1L
-
-#define SN_client_auth                  "clientAuth"
-#define LN_client_auth                  "TLS Web Client Authentication"
-#define NID_client_auth                 130
-#define OBJ_client_auth                 OBJ_id_kp,2L
-
-#define SN_code_sign                    "codeSigning"
-#define LN_code_sign                    "Code Signing"
-#define NID_code_sign                   131
-#define OBJ_code_sign                   OBJ_id_kp,3L
-
-#define SN_email_protect                "emailProtection"
-#define LN_email_protect                "E-mail Protection"
-#define NID_email_protect               132
-#define OBJ_email_protect               OBJ_id_kp,4L
-
-#define SN_time_stamp                   "timeStamping"
-#define LN_time_stamp                   "Time Stamping"
-#define NID_time_stamp                  133
-#define OBJ_time_stamp                  OBJ_id_kp,8L
-
-/* Additional extended key usage OIDs: Microsoft */
-
-#define SN_ms_code_ind                  "msCodeInd"
-#define LN_ms_code_ind                  "Microsoft Individual Code Signing"
-#define NID_ms_code_ind                 134
-#define OBJ_ms_code_ind                 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com                  "msCodeCom"
-#define LN_ms_code_com                  "Microsoft Commercial Code Signing"
-#define NID_ms_code_com                 135
-#define OBJ_ms_code_com                 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign                  "msCTLSign"
-#define LN_ms_ctl_sign                  "Microsoft Trust List Signing"
-#define NID_ms_ctl_sign                 136
-#define OBJ_ms_ctl_sign                 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc                       "msSGC"
-#define LN_ms_sgc                       "Microsoft Server Gated Crypto"
-#define NID_ms_sgc                      137
-#define OBJ_ms_sgc                      1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs                       "msEFS"
-#define LN_ms_efs                       "Microsoft Encrypted File System"
-#define NID_ms_efs                      138
-#define OBJ_ms_efs                      1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-/* Additional usage: Netscape */
-
-#define SN_ns_sgc                       "nsSGC"
-#define LN_ns_sgc                       "Netscape Server Gated Crypto"
-#define NID_ns_sgc                      139
-#define OBJ_ns_sgc                      OBJ_netscape,4L,1L
-
-#define SN_delta_crl                    "deltaCRL"
-#define LN_delta_crl                    "X509v3 Delta CRL Indicator"
-#define NID_delta_crl                   140
-#define OBJ_delta_crl                   OBJ_id_ce,27L
-
-#define SN_crl_reason                   "CRLReason"
-#define LN_crl_reason                   "CRL Reason Code"
-#define NID_crl_reason                  141
-#define OBJ_crl_reason                  OBJ_id_ce,21L
-
-#define SN_invalidity_date              "invalidityDate"
-#define LN_invalidity_date              "Invalidity Date"
-#define NID_invalidity_date             142
-#define OBJ_invalidity_date             OBJ_id_ce,24L
-
-#define SN_sxnet                        "SXNetID"
-#define LN_sxnet                        "Strong Extranet ID"
-#define NID_sxnet                       143
-#define OBJ_sxnet                       1L,3L,101L,1L,4L,1L
-
-/* PKCS12 and related OBJECT IDENTIFIERS */
-
-#define OBJ_pkcs12                      OBJ_pkcs,12L
-#define OBJ_pkcs12_pbeids               OBJ_pkcs12, 1
-
-#define SN_pbe_WithSHA1And128BitRC4     "PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4     "pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4    144
-#define OBJ_pbe_WithSHA1And128BitRC4    OBJ_pkcs12_pbeids, 1L
-
-#define SN_pbe_WithSHA1And40BitRC4      "PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4      "pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4     145
-#define OBJ_pbe_WithSHA1And40BitRC4     OBJ_pkcs12_pbeids, 2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC   "PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC   "pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC  146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC   "PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC   "pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC  147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC        148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC        OBJ_pkcs12_pbeids, 5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC  "PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC  "pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC 149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
-
-#define OBJ_pkcs12_Version1     OBJ_pkcs12, 10L
-
-#define OBJ_pkcs12_BagIds       OBJ_pkcs12_Version1, 1L
-
-#define LN_keyBag               "keyBag"
-#define NID_keyBag              150
-#define OBJ_keyBag              OBJ_pkcs12_BagIds, 1L
-
-#define LN_pkcs8ShroudedKeyBag  "pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag 151
-#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
-
-#define LN_certBag              "certBag"
-#define NID_certBag             152
-#define OBJ_certBag             OBJ_pkcs12_BagIds, 3L
-
-#define LN_crlBag               "crlBag"
-#define NID_crlBag              153
-#define OBJ_crlBag              OBJ_pkcs12_BagIds, 4L
-
-#define LN_secretBag            "secretBag"
-#define NID_secretBag           154
-#define OBJ_secretBag           OBJ_pkcs12_BagIds, 5L
-
-#define LN_safeContentsBag      "safeContentsBag"
-#define NID_safeContentsBag     155
-#define OBJ_safeContentsBag     OBJ_pkcs12_BagIds, 6L
-
-#define LN_friendlyName         "friendlyName"
-#define NID_friendlyName        156
-#define OBJ_friendlyName        OBJ_pkcs9, 20L
-
-#define LN_localKeyID           "localKeyID"
-#define NID_localKeyID          157
-#define OBJ_localKeyID          OBJ_pkcs9, 21L
-
-#define OBJ_certTypes           OBJ_pkcs9, 22L
-
-#define LN_x509Certificate      "x509Certificate"
-#define NID_x509Certificate     158
-#define OBJ_x509Certificate     OBJ_certTypes, 1L
-
-#define LN_sdsiCertificate      "sdsiCertificate"
-#define NID_sdsiCertificate     159
-#define OBJ_sdsiCertificate     OBJ_certTypes, 2L
-
-#define OBJ_crlTypes            OBJ_pkcs9, 23L
-
-#define LN_x509Crl              "x509Crl"
-#define NID_x509Crl             160
-#define OBJ_x509Crl             OBJ_crlTypes, 1L
-
-/* PKCS#5 v2 OIDs */
-
-#define LN_pbes2                "PBES2"
-#define NID_pbes2               161
-#define OBJ_pbes2               OBJ_pkcs,5L,13L
-
-#define LN_pbmac1               "PBMAC1"
-#define NID_pbmac1              162
-#define OBJ_pbmac1              OBJ_pkcs,5L,14L
-
-#define LN_hmacWithSHA1         "hmacWithSHA1"
-#define NID_hmacWithSHA1        163
-#define OBJ_hmacWithSHA1        OBJ_rsadsi,2L,7L
-
-/* Policy Qualifier Ids */
-
-#define LN_id_qt_cps            "Policy Qualifier CPS"
-#define SN_id_qt_cps            "id-qt-cps"
-#define NID_id_qt_cps           164
-#define OBJ_id_qt_cps           OBJ_id_pkix,2L,1L
-
-#define LN_id_qt_unotice        "Policy Qualifier User Notice"
-#define SN_id_qt_unotice        "id-qt-unotice"
-#define NID_id_qt_unotice       165
-#define OBJ_id_qt_unotice       OBJ_id_pkix,2L,2L
-
-#define SN_rc2_64_cbc                   "RC2-64-CBC"
-#define LN_rc2_64_cbc                   "rc2-64-cbc"
-#define NID_rc2_64_cbc                  166
-
-#define SN_SMIMECapabilities            "SMIME-CAPS"
-#define LN_SMIMECapabilities            "S/MIME Capabilities"
-#define NID_SMIMECapabilities           167
-#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
-
-#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC        168
-#define OBJ_pbeWithMD2AndRC2_CBC        OBJ_pkcs,5L,4L
-
-#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC        169
-#define OBJ_pbeWithMD5AndRC2_CBC        OBJ_pkcs,5L,6L
-
-#define SN_pbeWithSHA1AndDES_CBC        "PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC        "pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC       170
-#define OBJ_pbeWithSHA1AndDES_CBC       OBJ_pkcs,5L,10L
-
-/* Extension request OIDs */
-
-#define LN_ms_ext_req                   "Microsoft Extension Request"
-#define SN_ms_ext_req                   "msExtReq"
-#define NID_ms_ext_req                  171
-#define OBJ_ms_ext_req                  1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define LN_ext_req                      "Extension Request"
-#define SN_ext_req                      "extReq"
-#define NID_ext_req                     172
-#define OBJ_ext_req                     OBJ_pkcs9,14L
-
-#define SN_name                         "name"
-#define LN_name                         "name"
-#define NID_name                        173
-#define OBJ_name                        OBJ_X509,41L
-
-#define SN_dnQualifier                  "dnQualifier"
-#define LN_dnQualifier                  "dnQualifier"
-#define NID_dnQualifier                 174
-#define OBJ_dnQualifier                 OBJ_X509,46L
-
-#define SN_id_pe                        "id-pe"
-#define NID_id_pe                       175
-#define OBJ_id_pe                       OBJ_id_pkix,1L
-
-#define SN_id_ad                        "id-ad"
-#define NID_id_ad                       176
-#define OBJ_id_ad                       OBJ_id_pkix,48L
-
-#define SN_info_access                  "authorityInfoAccess"
-#define LN_info_access                  "Authority Information Access"
-#define NID_info_access                 177
-#define OBJ_info_access                 OBJ_id_pe,1L
-
-#define SN_ad_OCSP                      "OCSP"
-#define LN_ad_OCSP                      "OCSP"
-#define NID_ad_OCSP                     178
-#define OBJ_ad_OCSP                     OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers                "caIssuers"
-#define LN_ad_ca_issuers                "CA Issuers"
-#define NID_ad_ca_issuers               179
-#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
-
-#define SN_OCSP_sign                    "OCSPSigning"
-#define LN_OCSP_sign                    "OCSP Signing"
-#define NID_OCSP_sign                   180
-#define OBJ_OCSP_sign                   OBJ_id_kp,9L
-#endif /* USE_OBJ_MAC */
-
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-
-#define OBJ_NAME_TYPE_UNDEF             0x00
-#define OBJ_NAME_TYPE_MD_METH           0x01
-#define OBJ_NAME_TYPE_CIPHER_METH       0x02
-#define OBJ_NAME_TYPE_PKEY_METH         0x03
-#define OBJ_NAME_TYPE_COMP_METH         0x04
-#define OBJ_NAME_TYPE_NUM               0x05
-
-#define OBJ_NAME_ALIAS          0x8000
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct obj_name_st
-        {
-        int type;
-        int alias;
-        const char *name;
-        const char *data;
-        } OBJ_NAME;
-
-#define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
-
-
-int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-                       int (*cmp_func)(const char *, const char *),
-                       void (*free_func)(const char *, int, const char *));
-const char *OBJ_NAME_get(const char *name,int type);
-int OBJ_NAME_add(const char *name,int type,const char *data);
-int OBJ_NAME_remove(const char *name,int type);
-void OBJ_NAME_cleanup(int type); /* -1 for everything */
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
-                     void *arg);
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-                            void *arg);
-
-ASN1_OBJECT *   OBJ_dup(const ASN1_OBJECT *o);
-ASN1_OBJECT *   OBJ_nid2obj(int n);
-const char *    OBJ_nid2ln(int n);
-const char *    OBJ_nid2sn(int n);
-int             OBJ_obj2nid(const ASN1_OBJECT *o);
-ASN1_OBJECT *   OBJ_txt2obj(const char *s, int no_name);
-int     OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-int             OBJ_txt2nid(const char *s);
-int             OBJ_ln2nid(const char *s);
-int             OBJ_sn2nid(const char *s);
-int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
-        int (*cmp)(const void *, const void *));
-
-int             OBJ_new_nid(int num);
-int             OBJ_add_object(const ASN1_OBJECT *obj);
-int             OBJ_create(const char *oid,const char *sn,const char *ln);
-void            OBJ_cleanup(void );
-int             OBJ_create_objects(BIO *in);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OBJ_strings(void);
-
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_ADD_OBJECT                             105
-#define OBJ_F_OBJ_CREATE                                 100
-#define OBJ_F_OBJ_DUP                                    101
-#define OBJ_F_OBJ_NAME_NEW_INDEX                         106
-#define OBJ_F_OBJ_NID2LN                                 102
-#define OBJ_F_OBJ_NID2OBJ                                103
-#define OBJ_F_OBJ_NID2SN                                 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE                             100
-#define OBJ_R_UNKNOWN_NID                                101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl
deleted file mode 100644
index 76bb8da677..0000000000
--- a/src/lib/libcrypto/objects/objects.pl
+++ /dev/null
@@ -1,230 +0,0 @@
-#!/usr/local/bin/perl
-
-open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
-$max_nid=0;
-$o=0;
-while(<NUMIN>)
-        {
-        chop;
-        $o++;
-        s/#.*$//;
-        next if /^\s*$/;
-        $_ = 'X'.$_;
-        ($Cname,$mynum) = split;
-        $Cname =~ s/^X//;
-        if (defined($nidn{$mynum}))
-                { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
-        $nid{$Cname} = $mynum;
-        $nidn{$mynum} = $Cname;
-        $order{$mynum} = $o;
-        $max_nid = $mynum if $mynum > $max_nid;
-        }
-close NUMIN;
-
-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
-$Cname="";
-$o=0;
-while (<IN>)
-        {
-        chop;
-        $o++;
-        if (/^!module\s+(.*)$/)
-                {
-                $module = $1."-";
-                $module =~ s/\./_/g;
-                $module =~ s/-/_/g;
-                }
-        if (/^!global$/)
-                { $module = ""; }
-        if (/^!Cname\s+(.*)$/)
-                { $Cname = $1; }
-        if (/^!Alias\s+(.+?)\s+(.*)$/)
-                {
-                $Cname = $module.$1;
-                $myoid = $2;
-                $myoid = &process_oid($myoid);
-                $Cname =~ s/-/_/g;
-                $ordern{$o} = $Cname;
-                $order{$Cname} = $o;
-                $obj{$Cname} = $myoid;
-                $_ = "";
-                $Cname = "";
-                }
-        s/!.*$//;
-        s/#.*$//;
-        next if /^\s*$/;
-        ($myoid,$mysn,$myln) = split ':';
-        $mysn =~ s/^\s*//;
-        $mysn =~ s/\s*$//;
-        $myln =~ s/^\s*//;
-        $myln =~ s/\s*$//;
-        $myoid =~ s/^\s*//;
-        $myoid =~ s/\s*$//;
-        if ($myoid ne "")
-                {
-                $myoid = &process_oid($myoid);
-                }
-
-        if ($Cname eq "" && !($myln =~ / /))
-                {
-                $Cname = $myln;
-                $Cname =~ s/\./_/g;
-                $Cname =~ s/-/_/g;
-                if ($Cname ne "" && defined($ln{$module.$Cname}))
-                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-                }
-        if ($Cname eq "")
-                {
-                $Cname = $mysn;
-                $Cname =~ s/-/_/g;
-                if ($Cname ne "" && defined($sn{$module.$Cname}))
-                        { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-                }
-        if ($Cname eq "")
-                {
-                $Cname = $myln;
-                $Cname =~ s/-/_/g;
-                $Cname =~ s/\./_/g;
-                $Cname =~ s/ /_/g;
-                if ($Cname ne "" && defined($ln{$module.$Cname}))
-                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-                }
-        $Cname =~ s/\./_/g;
-        $Cname =~ s/-/_/g;
-        $Cname = $module.$Cname;
-        $ordern{$o} = $Cname;
-        $order{$Cname} = $o;
-        $sn{$Cname} = $mysn;
-        $ln{$Cname} = $myln;
-        $obj{$Cname} = $myoid;
-        if (!defined($nid{$Cname}))
-                {
-                $max_nid++;
-                $nid{$Cname} = $max_nid;
-                $nidn{$max_nid} = $Cname;
-                }
-        $Cname="";
-        }
-close IN;
-
-#XXX don't modify input files
-#open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-#foreach (sort { $a <=> $b } keys %nidn)
-#       {
-#       print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-#       }
-#close NUMOUT;
-
-open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
-print OUT <<'EOF';
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef                        "UNDEF"
-#define LN_undef                        "undefined"
-#define NID_undef                       0
-#define OBJ_undef                       0L
-
-EOF
-
-foreach (sort { $a <=> $b } keys %ordern)
-        {
-        $Cname=$ordern{$_};
-        print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
-        print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
-        print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
-        print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
-        print OUT "\n";
-        }
-
-close OUT;
-
-sub process_oid
-        {
-        local($oid)=@_;
-        local(@a,$oid_pref);
-
-        @a = split(/\s+/,$myoid);
-        $pref_oid = "";
-        $pref_sep = "";
-        if (!($a[0] =~ /^[0-9]+$/))
-                {
-                $a[0] =~ s/-/_/g;
-                if (!defined($obj{$a[0]}))
-                        { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
-                $pref_oid = "OBJ_" . $a[0];
-                $pref_sep = ",";
-                shift @a;
-                }
-        $oids = join('L,',@a) . "L";
-        if ($oids ne "L")
-                {
-                $oids = $pref_oid . $pref_sep . $oids;
-                }
-        else
-                {
-                $oids = $pref_oid;
-                }
-        return($oids);
-        }
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
deleted file mode 100644
index 2635c4e667..0000000000
--- a/src/lib/libcrypto/objects/objects.txt
+++ /dev/null
@@ -1,952 +0,0 @@
-0                       : CCITT                 : ccitt
-
-1                       : ISO                   : iso
-
-2                       : JOINT-ISO-CCITT       : joint-iso-ccitt
-
-iso 2                   : member-body           : ISO Member Body
-
-joint-iso-ccitt 5 1 5   : selected-attribute-types      : Selected Attribute Types
-
-selected-attribute-types 55     : clearance
-
-member-body 840         : ISO-US                : ISO US Member Body
-ISO-US 10040            : X9-57                 : X9.57
-X9-57 4                 : X9cm                  : X9.57 CM ?
-
-!Cname dsa
-X9cm 1                  : DSA                   : dsaEncryption
-X9cm 3                  : DSA-SHA1              : dsaWithSHA1
-
-
-ISO-US 10045            : ansi-X9-62            : ANSI X9.62
-!module X9-62
-!Alias id-fieldType ansi-X9-62 1
-X9-62_id-fieldType 1            : prime-field
-X9-62_id-fieldType 2            : characteristic-two-field
-# ... characteristic-two-field OID subtree
-!Alias id-publicKeyType ansi-X9-62 2
-X9-62_id-publicKeyType 1        : id-ecPublicKey
-!Alias ellipticCurve ansi-X9-62 3
-!Alias c-TwoCurve X9-62_ellipticCurve 0
-# ... characteristic 2 curve OIDs
-!Alias primeCurve X9-62_ellipticCurve 1
-X9-62_primeCurve 1              : prime192v1
-X9-62_primeCurve 2              : prime192v2
-X9-62_primeCurve 3              : prime192v3
-X9-62_primeCurve 4              : prime239v1
-X9-62_primeCurve 5              : prime239v2
-X9-62_primeCurve 6              : prime239v3
-X9-62_primeCurve 7              : prime256v1
-!Alias id-ecSigType ansi-X9-62 4
-!global
-X9-62_id-ecSigType 1            : ecdsa-with-SHA1
-
-
-
-ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
-                        : CAST5-ECB             : cast5-ecb
-!Cname cast5-cfb64
-                        : CAST5-CFB             : cast5-cfb
-!Cname cast5-ofb64
-                        : CAST5-OFB             : cast5-ofb
-!Cname pbeWithMD5AndCast5-CBC
-ISO-US 113533 7 66 12   :                       : pbeWithMD5AndCast5CBC
-
-ISO-US 113549           : rsadsi                : RSA Data Security, Inc.
-
-rsadsi 1                : pkcs                  : RSA Data Security, Inc. PKCS
-
-pkcs 1                  : pkcs1
-pkcs1 1                 :                       : rsaEncryption
-pkcs1 2                 : RSA-MD2               : md2WithRSAEncryption
-pkcs1 3                 : RSA-MD4               : md4WithRSAEncryption
-pkcs1 4                 : RSA-MD5               : md5WithRSAEncryption
-pkcs1 5                 : RSA-SHA1              : sha1WithRSAEncryption
-# According to PKCS #1 version 2.1
-pkcs1 11                : RSA-SHA256            : sha256WithRSAEncryption
-pkcs1 12                : RSA-SHA384            : sha384WithRSAEncryption
-pkcs1 13                : RSA-SHA512            : sha512WithRSAEncryption
-pkcs1 14                : RSA-SHA224            : sha224WithRSAEncryption
-
-pkcs 3                  : pkcs3
-pkcs3 1                 :                       : dhKeyAgreement
-
-pkcs 5                  : pkcs5
-pkcs5 1                 : PBE-MD2-DES           : pbeWithMD2AndDES-CBC
-pkcs5 3                 : PBE-MD5-DES           : pbeWithMD5AndDES-CBC
-pkcs5 4                 : PBE-MD2-RC2-64        : pbeWithMD2AndRC2-CBC
-pkcs5 6                 : PBE-MD5-RC2-64        : pbeWithMD5AndRC2-CBC
-pkcs5 10                : PBE-SHA1-DES          : pbeWithSHA1AndDES-CBC
-pkcs5 11                : PBE-SHA1-RC2-64       : pbeWithSHA1AndRC2-CBC
-!Cname id_pbkdf2
-pkcs5 12                :                       : PBKDF2
-!Cname pbes2
-pkcs5 13                :                       : PBES2
-!Cname pbmac1
-pkcs5 14                :                       : PBMAC1
-
-pkcs 7                  : pkcs7
-pkcs7 1                 :                       : pkcs7-data
-!Cname pkcs7-signed
-pkcs7 2                 :                       : pkcs7-signedData
-!Cname pkcs7-enveloped
-pkcs7 3                 :                       : pkcs7-envelopedData
-!Cname pkcs7-signedAndEnveloped
-pkcs7 4                 :                       : pkcs7-signedAndEnvelopedData
-!Cname pkcs7-digest
-pkcs7 5                 :                       : pkcs7-digestData
-!Cname pkcs7-encrypted
-pkcs7 6                 :                       : pkcs7-encryptedData
-
-pkcs 9                  : pkcs9
-!module pkcs9
-pkcs9 1                 :                       : emailAddress
-pkcs9 2                 :                       : unstructuredName
-pkcs9 3                 :                       : contentType
-pkcs9 4                 :                       : messageDigest
-pkcs9 5                 :                       : signingTime
-pkcs9 6                 :                       : countersignature
-pkcs9 7                 :                       : challengePassword
-pkcs9 8                 :                       : unstructuredAddress
-!Cname extCertAttributes
-pkcs9 9                 :                       : extendedCertificateAttributes
-!global
-
-!Cname ext-req
-pkcs9 14                : extReq                : Extension Request
-
-!Cname SMIMECapabilities
-pkcs9 15                : SMIME-CAPS            : S/MIME Capabilities
-
-# S/MIME
-!Cname SMIME
-pkcs9 16                : SMIME                 : S/MIME
-SMIME 0                 : id-smime-mod
-SMIME 1                 : id-smime-ct
-SMIME 2                 : id-smime-aa
-SMIME 3                 : id-smime-alg
-SMIME 4                 : id-smime-cd
-SMIME 5                 : id-smime-spq
-SMIME 6                 : id-smime-cti
-
-# S/MIME Modules
-id-smime-mod 1          : id-smime-mod-cms
-id-smime-mod 2          : id-smime-mod-ess
-id-smime-mod 3          : id-smime-mod-oid
-id-smime-mod 4          : id-smime-mod-msg-v3
-id-smime-mod 5          : id-smime-mod-ets-eSignature-88
-id-smime-mod 6          : id-smime-mod-ets-eSignature-97
-id-smime-mod 7          : id-smime-mod-ets-eSigPolicy-88
-id-smime-mod 8          : id-smime-mod-ets-eSigPolicy-97
-
-# S/MIME Content Types
-id-smime-ct 1           : id-smime-ct-receipt
-id-smime-ct 2           : id-smime-ct-authData
-id-smime-ct 3           : id-smime-ct-publishCert
-id-smime-ct 4           : id-smime-ct-TSTInfo
-id-smime-ct 5           : id-smime-ct-TDTInfo
-id-smime-ct 6           : id-smime-ct-contentInfo
-id-smime-ct 7           : id-smime-ct-DVCSRequestData
-id-smime-ct 8           : id-smime-ct-DVCSResponseData
-
-# S/MIME Attributes
-id-smime-aa 1           : id-smime-aa-receiptRequest
-id-smime-aa 2           : id-smime-aa-securityLabel
-id-smime-aa 3           : id-smime-aa-mlExpandHistory
-id-smime-aa 4           : id-smime-aa-contentHint
-id-smime-aa 5           : id-smime-aa-msgSigDigest
-# obsolete
-id-smime-aa 6           : id-smime-aa-encapContentType
-id-smime-aa 7           : id-smime-aa-contentIdentifier
-# obsolete
-id-smime-aa 8           : id-smime-aa-macValue
-id-smime-aa 9           : id-smime-aa-equivalentLabels
-id-smime-aa 10          : id-smime-aa-contentReference
-id-smime-aa 11          : id-smime-aa-encrypKeyPref
-id-smime-aa 12          : id-smime-aa-signingCertificate
-id-smime-aa 13          : id-smime-aa-smimeEncryptCerts
-id-smime-aa 14          : id-smime-aa-timeStampToken
-id-smime-aa 15          : id-smime-aa-ets-sigPolicyId
-id-smime-aa 16          : id-smime-aa-ets-commitmentType
-id-smime-aa 17          : id-smime-aa-ets-signerLocation
-id-smime-aa 18          : id-smime-aa-ets-signerAttr
-id-smime-aa 19          : id-smime-aa-ets-otherSigCert
-id-smime-aa 20          : id-smime-aa-ets-contentTimestamp
-id-smime-aa 21          : id-smime-aa-ets-CertificateRefs
-id-smime-aa 22          : id-smime-aa-ets-RevocationRefs
-id-smime-aa 23          : id-smime-aa-ets-certValues
-id-smime-aa 24          : id-smime-aa-ets-revocationValues
-id-smime-aa 25          : id-smime-aa-ets-escTimeStamp
-id-smime-aa 26          : id-smime-aa-ets-certCRLTimestamp
-id-smime-aa 27          : id-smime-aa-ets-archiveTimeStamp
-id-smime-aa 28          : id-smime-aa-signatureType
-id-smime-aa 29          : id-smime-aa-dvcs-dvc
-
-# S/MIME Algorithm Identifiers
-# obsolete
-id-smime-alg 1          : id-smime-alg-ESDHwith3DES
-# obsolete
-id-smime-alg 2          : id-smime-alg-ESDHwithRC2
-# obsolete
-id-smime-alg 3          : id-smime-alg-3DESwrap
-# obsolete
-id-smime-alg 4          : id-smime-alg-RC2wrap
-id-smime-alg 5          : id-smime-alg-ESDH
-id-smime-alg 6          : id-smime-alg-CMS3DESwrap
-id-smime-alg 7          : id-smime-alg-CMSRC2wrap
-
-# S/MIME Certificate Distribution
-id-smime-cd 1           : id-smime-cd-ldap
-
-# S/MIME Signature Policy Qualifier
-id-smime-spq 1          : id-smime-spq-ets-sqt-uri
-id-smime-spq 2          : id-smime-spq-ets-sqt-unotice
-
-# S/MIME Commitment Type Identifier
-id-smime-cti 1          : id-smime-cti-ets-proofOfOrigin
-id-smime-cti 2          : id-smime-cti-ets-proofOfReceipt
-id-smime-cti 3          : id-smime-cti-ets-proofOfDelivery
-id-smime-cti 4          : id-smime-cti-ets-proofOfSender
-id-smime-cti 5          : id-smime-cti-ets-proofOfApproval
-id-smime-cti 6          : id-smime-cti-ets-proofOfCreation
-
-pkcs9 20                :                       : friendlyName
-pkcs9 21                :                       : localKeyID
-!Cname ms-csp-name
-1 3 6 1 4 1 311 17 1    : CSPName               : Microsoft CSP Name
-!Alias certTypes pkcs9 22
-certTypes 1             :                       : x509Certificate
-certTypes 2             :                       : sdsiCertificate
-!Alias crlTypes pkcs9 23
-crlTypes 1              :                       : x509Crl
-
-!Alias pkcs12 pkcs 12
-!Alias pkcs12-pbeids pkcs12 1
-
-!Cname pbe-WithSHA1And128BitRC4
-pkcs12-pbeids 1         : PBE-SHA1-RC4-128      : pbeWithSHA1And128BitRC4
-!Cname pbe-WithSHA1And40BitRC4
-pkcs12-pbeids 2         : PBE-SHA1-RC4-40       : pbeWithSHA1And40BitRC4
-!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
-pkcs12-pbeids 3         : PBE-SHA1-3DES         : pbeWithSHA1And3-KeyTripleDES-CBC
-!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
-pkcs12-pbeids 4         : PBE-SHA1-2DES         : pbeWithSHA1And2-KeyTripleDES-CBC
-!Cname pbe-WithSHA1And128BitRC2-CBC
-pkcs12-pbeids 5         : PBE-SHA1-RC2-128      : pbeWithSHA1And128BitRC2-CBC
-!Cname pbe-WithSHA1And40BitRC2-CBC
-pkcs12-pbeids 6         : PBE-SHA1-RC2-40       : pbeWithSHA1And40BitRC2-CBC
-
-!Alias pkcs12-Version1 pkcs12 10
-!Alias pkcs12-BagIds pkcs12-Version1 1
-pkcs12-BagIds 1         :                       : keyBag
-pkcs12-BagIds 2         :                       : pkcs8ShroudedKeyBag
-pkcs12-BagIds 3         :                       : certBag
-pkcs12-BagIds 4         :                       : crlBag
-pkcs12-BagIds 5         :                       : secretBag
-pkcs12-BagIds 6         :                       : safeContentsBag
-
-rsadsi 2 2              : MD2                   : md2
-rsadsi 2 4              : MD4                   : md4
-rsadsi 2 5              : MD5                   : md5
-                        : MD5-SHA1              : md5-sha1
-rsadsi 2 7              :                       : hmacWithSHA1
-rsadsi 3 2              : RC2-CBC               : rc2-cbc
-                        : RC2-ECB               : rc2-ecb
-!Cname rc2-cfb64
-                        : RC2-CFB               : rc2-cfb
-!Cname rc2-ofb64
-                        : RC2-OFB               : rc2-ofb
-                        : RC2-40-CBC            : rc2-40-cbc
-                        : RC2-64-CBC            : rc2-64-cbc
-rsadsi 3 4              : RC4                   : rc4
-                        : RC4-40                : rc4-40
-rsadsi 3 7              : DES-EDE3-CBC          : des-ede3-cbc
-rsadsi 3 8              : RC5-CBC               : rc5-cbc
-                        : RC5-ECB               : rc5-ecb
-!Cname rc5-cfb64
-                        : RC5-CFB               : rc5-cfb
-!Cname rc5-ofb64
-                        : RC5-OFB               : rc5-ofb
-
-!Cname ms-ext-req
-1 3 6 1 4 1 311 2 1 14  : msExtReq              : Microsoft Extension Request
-!Cname ms-code-ind
-1 3 6 1 4 1 311 2 1 21  : msCodeInd             : Microsoft Individual Code Signing
-!Cname ms-code-com
-1 3 6 1 4 1 311 2 1 22  : msCodeCom             : Microsoft Commercial Code Signing
-!Cname ms-ctl-sign
-1 3 6 1 4 1 311 10 3 1  : msCTLSign             : Microsoft Trust List Signing
-!Cname ms-sgc
-1 3 6 1 4 1 311 10 3 3  : msSGC                 : Microsoft Server Gated Crypto
-!Cname ms-efs
-1 3 6 1 4 1 311 10 3 4  : msEFS                 : Microsoft Encrypted File System
-!Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2  : msSmartcardLogin      : Microsoft Smartcardlogin
-!Cname ms-upn
-1 3 6 1 4 1 311 20 2 3  : msUPN                 : Microsoft Universal Principal Name
-
-1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC              : idea-cbc
-                        : IDEA-ECB              : idea-ecb
-!Cname idea-cfb64
-                        : IDEA-CFB              : idea-cfb
-!Cname idea-ofb64
-                        : IDEA-OFB              : idea-ofb
-
-1 3 6 1 4 1 3029 1 2    : BF-CBC                : bf-cbc
-                        : BF-ECB                : bf-ecb
-!Cname bf-cfb64
-                        : BF-CFB                : bf-cfb
-!Cname bf-ofb64
-                        : BF-OFB                : bf-ofb
-
-!Cname id-pkix
-1 3 6 1 5 5 7           : PKIX
-
-# PKIX Arcs
-id-pkix 0               : id-pkix-mod
-id-pkix 1               : id-pe
-id-pkix 2               : id-qt
-id-pkix 3               : id-kp
-id-pkix 4               : id-it
-id-pkix 5               : id-pkip
-id-pkix 6               : id-alg
-id-pkix 7               : id-cmc
-id-pkix 8               : id-on
-id-pkix 9               : id-pda
-id-pkix 10              : id-aca
-id-pkix 11              : id-qcs
-id-pkix 12              : id-cct
-id-pkix 21              : id-ppl
-id-pkix 48              : id-ad
-
-# PKIX Modules
-id-pkix-mod 1           : id-pkix1-explicit-88
-id-pkix-mod 2           : id-pkix1-implicit-88
-id-pkix-mod 3           : id-pkix1-explicit-93
-id-pkix-mod 4           : id-pkix1-implicit-93
-id-pkix-mod 5           : id-mod-crmf
-id-pkix-mod 6           : id-mod-cmc
-id-pkix-mod 7           : id-mod-kea-profile-88
-id-pkix-mod 8           : id-mod-kea-profile-93
-id-pkix-mod 9           : id-mod-cmp
-id-pkix-mod 10          : id-mod-qualified-cert-88
-id-pkix-mod 11          : id-mod-qualified-cert-93
-id-pkix-mod 12          : id-mod-attribute-cert
-id-pkix-mod 13          : id-mod-timestamp-protocol
-id-pkix-mod 14          : id-mod-ocsp
-id-pkix-mod 15          : id-mod-dvcs
-id-pkix-mod 16          : id-mod-cmp2000
-
-# PKIX Private Extensions
-!Cname info-access
-id-pe 1                 : authorityInfoAccess   : Authority Information Access
-id-pe 2                 : biometricInfo         : Biometric Info
-id-pe 3                 : qcStatements
-id-pe 4                 : ac-auditEntity
-id-pe 5                 : ac-targeting
-id-pe 6                 : aaControls
-id-pe 7                 : sbgp-ipAddrBlock
-id-pe 8                 : sbgp-autonomousSysNum
-id-pe 9                 : sbgp-routerIdentifier
-id-pe 10                : ac-proxying
-!Cname sinfo-access
-id-pe 11                : subjectInfoAccess     : Subject Information Access
-id-pe 14                : proxyCertInfo         : Proxy Certificate Information
-
-# PKIX policyQualifiers for Internet policy qualifiers
-id-qt 1                 : id-qt-cps             : Policy Qualifier CPS
-id-qt 2                 : id-qt-unotice         : Policy Qualifier User Notice
-id-qt 3                 : textNotice
-
-# PKIX key purpose identifiers
-!Cname server-auth
-id-kp 1                 : serverAuth            : TLS Web Server Authentication
-!Cname client-auth
-id-kp 2                 : clientAuth            : TLS Web Client Authentication
-!Cname code-sign
-id-kp 3                 : codeSigning           : Code Signing
-!Cname email-protect
-id-kp 4                 : emailProtection       : E-mail Protection
-id-kp 5                 : ipsecEndSystem        : IPSec End System
-id-kp 6                 : ipsecTunnel           : IPSec Tunnel
-id-kp 7                 : ipsecUser             : IPSec User
-!Cname time-stamp
-id-kp 8                 : timeStamping          : Time Stamping
-# From OCSP spec RFC2560
-!Cname OCSP-sign
-id-kp 9                 : OCSPSigning           : OCSP Signing
-id-kp 10                : DVCS                  : dvcs
-
-# CMP information types
-id-it 1                 : id-it-caProtEncCert
-id-it 2                 : id-it-signKeyPairTypes
-id-it 3                 : id-it-encKeyPairTypes
-id-it 4                 : id-it-preferredSymmAlg
-id-it 5                 : id-it-caKeyUpdateInfo
-id-it 6                 : id-it-currentCRL
-id-it 7                 : id-it-unsupportedOIDs
-# obsolete
-id-it 8                 : id-it-subscriptionRequest
-# obsolete
-id-it 9                 : id-it-subscriptionResponse
-id-it 10                : id-it-keyPairParamReq
-id-it 11                : id-it-keyPairParamRep
-id-it 12                : id-it-revPassphrase
-id-it 13                : id-it-implicitConfirm
-id-it 14                : id-it-confirmWaitTime
-id-it 15                : id-it-origPKIMessage
-
-# CRMF registration
-id-pkip 1               : id-regCtrl
-id-pkip 2               : id-regInfo
-
-# CRMF registration controls
-id-regCtrl 1            : id-regCtrl-regToken
-id-regCtrl 2            : id-regCtrl-authenticator
-id-regCtrl 3            : id-regCtrl-pkiPublicationInfo
-id-regCtrl 4            : id-regCtrl-pkiArchiveOptions
-id-regCtrl 5            : id-regCtrl-oldCertID
-id-regCtrl 6            : id-regCtrl-protocolEncrKey
-
-# CRMF registration information
-id-regInfo 1            : id-regInfo-utf8Pairs
-id-regInfo 2            : id-regInfo-certReq
-
-# algorithms
-id-alg 1                : id-alg-des40
-id-alg 2                : id-alg-noSignature
-id-alg 3                : id-alg-dh-sig-hmac-sha1
-id-alg 4                : id-alg-dh-pop
-
-# CMC controls
-id-cmc 1                : id-cmc-statusInfo
-id-cmc 2                : id-cmc-identification
-id-cmc 3                : id-cmc-identityProof
-id-cmc 4                : id-cmc-dataReturn
-id-cmc 5                : id-cmc-transactionId
-id-cmc 6                : id-cmc-senderNonce
-id-cmc 7                : id-cmc-recipientNonce
-id-cmc 8                : id-cmc-addExtensions
-id-cmc 9                : id-cmc-encryptedPOP
-id-cmc 10               : id-cmc-decryptedPOP
-id-cmc 11               : id-cmc-lraPOPWitness
-id-cmc 15               : id-cmc-getCert
-id-cmc 16               : id-cmc-getCRL
-id-cmc 17               : id-cmc-revokeRequest
-id-cmc 18               : id-cmc-regInfo
-id-cmc 19               : id-cmc-responseInfo
-id-cmc 21               : id-cmc-queryPending
-id-cmc 22               : id-cmc-popLinkRandom
-id-cmc 23               : id-cmc-popLinkWitness
-id-cmc 24               : id-cmc-confirmCertAcceptance 
-
-# other names
-id-on 1                 : id-on-personalData
-
-# personal data attributes
-id-pda 1                : id-pda-dateOfBirth
-id-pda 2                : id-pda-placeOfBirth
-id-pda 3                : id-pda-gender
-id-pda 4                : id-pda-countryOfCitizenship
-id-pda 5                : id-pda-countryOfResidence
-
-# attribute certificate attributes
-id-aca 1                : id-aca-authenticationInfo
-id-aca 2                : id-aca-accessIdentity
-id-aca 3                : id-aca-chargingIdentity
-id-aca 4                : id-aca-group
-# attention : the following seems to be obsolete, replace by 'role'
-id-aca 5                : id-aca-role
-id-aca 6                : id-aca-encAttrs
-
-# qualified certificate statements
-id-qcs 1                : id-qcs-pkixQCSyntax-v1
-
-# CMC content types
-id-cct 1                : id-cct-crs
-id-cct 2                : id-cct-PKIData
-id-cct 3                : id-cct-PKIResponse
-
-# Predefined Proxy Certificate policy languages
-id-ppl 0                : id-ppl-anyLanguage    : Any language
-id-ppl 1                : id-ppl-inheritAll     : Inherit all
-id-ppl 2                : id-ppl-independent    : Independent
-
-# access descriptors for authority info access extension
-!Cname ad-OCSP
-id-ad 1                 : OCSP                  : OCSP
-!Cname ad-ca-issuers
-id-ad 2                 : caIssuers             : CA Issuers
-!Cname ad-timeStamping
-id-ad 3                 : ad_timestamping       : AD Time Stamping
-!Cname ad-dvcs
-id-ad 4                 : AD_DVCS               : ad dvcs
-
-
-!Alias id-pkix-OCSP ad-OCSP
-!module id-pkix-OCSP
-!Cname basic
-id-pkix-OCSP 1          : basicOCSPResponse     : Basic OCSP Response
-id-pkix-OCSP 2          : Nonce                 : OCSP Nonce
-id-pkix-OCSP 3          : CrlID                 : OCSP CRL ID
-id-pkix-OCSP 4          : acceptableResponses   : Acceptable OCSP Responses
-id-pkix-OCSP 5          : noCheck               : OCSP No Check
-id-pkix-OCSP 6          : archiveCutoff         : OCSP Archive Cutoff
-id-pkix-OCSP 7          : serviceLocator        : OCSP Service Locator
-id-pkix-OCSP 8          : extendedStatus        : Extended OCSP Status
-id-pkix-OCSP 9          : valid
-id-pkix-OCSP 10         : path
-id-pkix-OCSP 11         : trustRoot             : Trust Root
-!global
-
-1 3 14 3 2              : algorithm             : algorithm
-algorithm 3             : RSA-NP-MD5            : md5WithRSA
-algorithm 6             : DES-ECB               : des-ecb
-algorithm 7             : DES-CBC               : des-cbc
-!Cname des-ofb64
-algorithm 8             : DES-OFB               : des-ofb
-!Cname des-cfb64
-algorithm 9             : DES-CFB               : des-cfb
-algorithm 11            : rsaSignature
-!Cname dsa-2
-algorithm 12            : DSA-old               : dsaEncryption-old
-algorithm 13            : DSA-SHA               : dsaWithSHA
-algorithm 15            : RSA-SHA               : shaWithRSAEncryption
-!Cname des-ede-ecb
-algorithm 17            : DES-EDE               : des-ede
-!Cname des-ede3-ecb
-                        : DES-EDE3              : des-ede3
-                        : DES-EDE-CBC           : des-ede-cbc
-!Cname des-ede-cfb64
-                        : DES-EDE-CFB           : des-ede-cfb
-!Cname des-ede3-cfb64
-                        : DES-EDE3-CFB          : des-ede3-cfb
-!Cname des-ede-ofb64
-                        : DES-EDE-OFB           : des-ede-ofb
-!Cname des-ede3-ofb64
-                        : DES-EDE3-OFB          : des-ede3-ofb
-                        : DESX-CBC              : desx-cbc
-algorithm 18            : SHA                   : sha
-algorithm 26            : SHA1                  : sha1
-!Cname dsaWithSHA1-2
-algorithm 27            : DSA-SHA1-old          : dsaWithSHA1-old
-algorithm 29            : RSA-SHA1-2            : sha1WithRSA
-
-1 3 36 3 2 1            : RIPEMD160             : ripemd160
-1 3 36 3 3 1 2          : RSA-RIPEMD160         : ripemd160WithRSA
-
-!Cname sxnet
-1 3 101 1 4 1           : SXNetID               : Strong Extranet ID
-
-2 5                     : X500                  : directory services (X.500)
-
-X500 4                  : X509
-X509 3                  : CN                    : commonName
-X509 4                  : SN                    : surname
-X509 5                  :                       : serialNumber
-X509 6                  : C                     : countryName
-X509 7                  : L                     : localityName
-X509 8                  : ST                    : stateOrProvinceName
-X509 9                  :                       : streetAddress
-X509 10                 : O                     : organizationName
-X509 11                 : OU                    : organizationalUnitName
-X509 12                 :                       : title
-X509 13                 :                       : description
-X509 17                 :                       : postalCode
-X509 41                 : name                  : name
-X509 42                 : GN                    : givenName
-X509 43                 :                       : initials
-X509 44                 :                       : generationQualifier
-X509 45                 :                       : x500UniqueIdentifier
-X509 46                 : dnQualifier           : dnQualifier
-X509 65                 :                       : pseudonym
-X509 72                 : role                  : role
-
-X500 8                  : X500algorithms        : directory services - algorithms
-X500algorithms 1 1      : RSA                   : rsa
-X500algorithms 3 100    : RSA-MDC2              : mdc2WithRSA
-X500algorithms 3 101    : MDC2                  : mdc2
-
-X500 29                 : id-ce
-!Cname subject-key-identifier
-id-ce 14                : subjectKeyIdentifier  : X509v3 Subject Key Identifier
-!Cname key-usage
-id-ce 15                : keyUsage              : X509v3 Key Usage
-!Cname private-key-usage-period
-id-ce 16                : privateKeyUsagePeriod : X509v3 Private Key Usage Period
-!Cname subject-alt-name
-id-ce 17                : subjectAltName        : X509v3 Subject Alternative Name
-!Cname issuer-alt-name
-id-ce 18                : issuerAltName         : X509v3 Issuer Alternative Name
-!Cname basic-constraints
-id-ce 19                : basicConstraints      : X509v3 Basic Constraints
-!Cname crl-number
-id-ce 20                : crlNumber             : X509v3 CRL Number
-!Cname crl-reason
-id-ce 21                : CRLReason             : X509v3 CRL Reason Code
-!Cname invalidity-date
-id-ce 24                : invalidityDate        : Invalidity Date
-!Cname delta-crl
-id-ce 27                : deltaCRL              : X509v3 Delta CRL Indicator
-!Cname name-constraints
-id-ce 30                : nameConstraints       : X509v3 Name Constraints
-!Cname crl-distribution-points
-id-ce 31                : crlDistributionPoints : X509v3 CRL Distribution Points
-!Cname certificate-policies
-id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
-!Cname authority-key-identifier
-id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
-!Cname policy-constraints
-id-ce 36                : policyConstraints     : X509v3 Policy Constraints
-!Cname ext-key-usage
-id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
-!Cname target-information
-id-ce 55                : targetInformation     : X509v3 AC Targeting
-!Cname no-rev-avail
-id-ce 56                : noRevAvail            : X509v3 No Revocation Available
-
-!Cname netscape
-2 16 840 1 113730       : Netscape              : Netscape Communications Corp.
-!Cname netscape-cert-extension
-netscape 1              : nsCertExt             : Netscape Certificate Extension
-!Cname netscape-data-type
-netscape 2              : nsDataType            : Netscape Data Type
-!Cname netscape-cert-type
-netscape-cert-extension 1 : nsCertType          : Netscape Cert Type
-!Cname netscape-base-url
-netscape-cert-extension 2 : nsBaseUrl           : Netscape Base Url
-!Cname netscape-revocation-url
-netscape-cert-extension 3 : nsRevocationUrl     : Netscape Revocation Url
-!Cname netscape-ca-revocation-url
-netscape-cert-extension 4 : nsCaRevocationUrl   : Netscape CA Revocation Url
-!Cname netscape-renewal-url
-netscape-cert-extension 7 : nsRenewalUrl        : Netscape Renewal Url
-!Cname netscape-ca-policy-url
-netscape-cert-extension 8 : nsCaPolicyUrl       : Netscape CA Policy Url
-!Cname netscape-ssl-server-name
-netscape-cert-extension 12 : nsSslServerName    : Netscape SSL Server Name
-!Cname netscape-comment
-netscape-cert-extension 13 : nsComment          : Netscape Comment
-!Cname netscape-cert-sequence
-netscape-data-type 5    : nsCertSequence        : Netscape Certificate Sequence
-!Cname ns-sgc
-netscape 4 1            : nsSGC                 : Netscape Server Gated Crypto
-
-# iso(1)
-iso 3                   : ORG                   : org
-org 6                   : DOD                   : dod
-dod 1                   : IANA                  : iana
-!Alias internet iana
-
-internet 1              : directory             : Directory
-internet 2              : mgmt                  : Management
-internet 3              : experimental          : Experimental
-internet 4              : private               : Private
-internet 5              : security              : Security
-internet 6              : snmpv2                : SNMPv2
-# Documents refer to "internet 7" as "mail". This however leads to ambiguities
-# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
-# rfc822Mailbox. The short name is therefore here left out for a reason.
-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
-# references are realized via long name "Mail" (with capital M).
-internet 7              :                       : Mail
-
-Private 1               : enterprises           : Enterprises
-
-# RFC 2247
-Enterprises 1466 344    : dcobject              : dcObject
-
-# RFC 1495
-Mail 1                  : mime-mhs              : MIME MHS
-mime-mhs 1              : mime-mhs-headings     : mime-mhs-headings
-mime-mhs 2              : mime-mhs-bodies       : mime-mhs-bodies
-mime-mhs-headings 1     : id-hex-partial-message : id-hex-partial-message
-mime-mhs-headings 2     : id-hex-multipart-message : id-hex-multipart-message
-
-# What the hell are these OIDs, really?
-!Cname rle-compression
-1 1 1 1 666 1           : RLE                   : run length compression
-!Cname zlib-compression
-1 1 1 1 666 2           : ZLIB                  : zlib compression
-
-# AES aka Rijndael
-
-!Alias csor 2 16 840 1 101 3
-!Alias nistAlgorithms csor 4
-!Alias aes nistAlgorithms 1
-
-aes 1                   : AES-128-ECB           : aes-128-ecb
-aes 2                   : AES-128-CBC           : aes-128-cbc
-!Cname aes-128-ofb128
-aes 3                   : AES-128-OFB           : aes-128-ofb
-!Cname aes-128-cfb128
-aes 4                   : AES-128-CFB           : aes-128-cfb
-
-aes 21                  : AES-192-ECB           : aes-192-ecb
-aes 22                  : AES-192-CBC           : aes-192-cbc
-!Cname aes-192-ofb128
-aes 23                  : AES-192-OFB           : aes-192-ofb
-!Cname aes-192-cfb128
-aes 24                  : AES-192-CFB           : aes-192-cfb
-
-aes 41                  : AES-256-ECB           : aes-256-ecb
-aes 42                  : AES-256-CBC           : aes-256-cbc
-!Cname aes-256-ofb128
-aes 43                  : AES-256-OFB           : aes-256-ofb
-!Cname aes-256-cfb128
-aes 44                  : AES-256-CFB           : aes-256-cfb
-
-# There are no OIDs for these modes...
-
-                        : AES-128-CFB1          : aes-128-cfb1
-                        : AES-192-CFB1          : aes-192-cfb1
-                        : AES-256-CFB1          : aes-256-cfb1
-                        : AES-128-CFB8          : aes-128-cfb8
-                        : AES-192-CFB8          : aes-192-cfb8
-                        : AES-256-CFB8          : aes-256-cfb8
-                        : DES-CFB1              : des-cfb1
-                        : DES-CFB8              : des-cfb8
-                        : DES-EDE3-CFB1         : des-ede3-cfb1
-                        : DES-EDE3-CFB8         : des-ede3-cfb8
-
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
-!Alias nist_hashalgs nistAlgorithms 2
-nist_hashalgs 1         : SHA256                : sha256
-nist_hashalgs 2         : SHA384                : sha384
-nist_hashalgs 3         : SHA512                : sha512
-nist_hashalgs 4         : SHA224                : sha224
-
-# Hold instruction CRL entry extension
-!Cname hold-instruction-code
-id-ce 23                : holdInstructionCode   : Hold Instruction Code
-!Alias holdInstruction  X9-57 2
-!Cname hold-instruction-none
-holdInstruction 1       : holdInstructionNone   : Hold Instruction None
-!Cname hold-instruction-call-issuer
-holdInstruction 2       : holdInstructionCallIssuer : Hold Instruction Call Issuer
-!Cname hold-instruction-reject
-holdInstruction 3       : holdInstructionReject : Hold Instruction Reject
-
-# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
-# them are also mentioned in RFC 2247
-ccitt 9                 : data
-data 2342               : pss
-pss 19200300            : ucl
-ucl 100                 : pilot
-pilot 1                 :                       : pilotAttributeType
-pilot 3                 :                       : pilotAttributeSyntax
-pilot 4                 :                       : pilotObjectClass
-pilot 10                :                       : pilotGroups
-pilotAttributeSyntax 4  :                       : iA5StringSyntax
-pilotAttributeSyntax 5  :                       : caseIgnoreIA5StringSyntax
-pilotObjectClass 3      :                       : pilotObject
-pilotObjectClass 4      :                       : pilotPerson
-pilotObjectClass 5      : account
-pilotObjectClass 6      : document
-pilotObjectClass 7      : room
-pilotObjectClass 9      :                       : documentSeries
-pilotObjectClass 13     : domain                : Domain
-pilotObjectClass 14     :                       : rFC822localPart
-pilotObjectClass 15     :                       : dNSDomain
-pilotObjectClass 17     :                       : domainRelatedObject
-pilotObjectClass 18     :                       : friendlyCountry
-pilotObjectClass 19     :                       : simpleSecurityObject
-pilotObjectClass 20     :                       : pilotOrganization
-pilotObjectClass 21     :                       : pilotDSA
-pilotObjectClass 22     :                       : qualityLabelledData
-pilotAttributeType 1    : UID                   : userId
-pilotAttributeType 2    :                       : textEncodedORAddress
-pilotAttributeType 3    : mail                  : rfc822Mailbox
-pilotAttributeType 4    : info
-pilotAttributeType 5    :                       : favouriteDrink
-pilotAttributeType 6    :                       : roomNumber
-pilotAttributeType 7    : photo
-pilotAttributeType 8    :                       : userClass
-pilotAttributeType 9    : host
-pilotAttributeType 10   : manager
-pilotAttributeType 11   :                       : documentIdentifier
-pilotAttributeType 12   :                       : documentTitle
-pilotAttributeType 13   :                       : documentVersion
-pilotAttributeType 14   :                       : documentAuthor
-pilotAttributeType 15   :                       : documentLocation
-pilotAttributeType 20   :                       : homeTelephoneNumber
-pilotAttributeType 21   : secretary
-pilotAttributeType 22   :                       : otherMailbox
-pilotAttributeType 23   :                       : lastModifiedTime
-pilotAttributeType 24   :                       : lastModifiedBy
-pilotAttributeType 25   : DC                    : domainComponent
-pilotAttributeType 26   :                       : aRecord
-pilotAttributeType 27   :                       : pilotAttributeType27
-pilotAttributeType 28   :                       : mXRecord
-pilotAttributeType 29   :                       : nSRecord
-pilotAttributeType 30   :                       : sOARecord
-pilotAttributeType 31   :                       : cNAMERecord
-pilotAttributeType 37   :                       : associatedDomain
-pilotAttributeType 38   :                       : associatedName
-pilotAttributeType 39   :                       : homePostalAddress
-pilotAttributeType 40   :                       : personalTitle
-pilotAttributeType 41   :                       : mobileTelephoneNumber
-pilotAttributeType 42   :                       : pagerTelephoneNumber
-pilotAttributeType 43   :                       : friendlyCountryName
-# The following clashes with 2.5.4.45, so commented away
-#pilotAttributeType 44  : uid                   : uniqueIdentifier
-pilotAttributeType 45   :                       : organizationalStatus
-pilotAttributeType 46   :                       : janetMailbox
-pilotAttributeType 47   :                       : mailPreferenceOption
-pilotAttributeType 48   :                       : buildingName
-pilotAttributeType 49   :                       : dSAQuality
-pilotAttributeType 50   :                       : singleLevelQuality
-pilotAttributeType 51   :                       : subtreeMinimumQuality
-pilotAttributeType 52   :                       : subtreeMaximumQuality
-pilotAttributeType 53   :                       : personalSignature
-pilotAttributeType 54   :                       : dITRedirect
-pilotAttributeType 55   : audio
-pilotAttributeType 56   :                       : documentPublisher
-
-2 23 42                 : id-set                : Secure Electronic Transactions
-
-id-set 0                : set-ctype             : content types
-id-set 1                : set-msgExt            : message extensions
-id-set 3                : set-attr
-id-set 5                : set-policy
-id-set 7                : set-certExt           : certificate extensions
-id-set 8                : set-brand
-
-set-ctype 0             : setct-PANData
-set-ctype 1             : setct-PANToken
-set-ctype 2             : setct-PANOnly
-set-ctype 3             : setct-OIData
-set-ctype 4             : setct-PI
-set-ctype 5             : setct-PIData
-set-ctype 6             : setct-PIDataUnsigned
-set-ctype 7             : setct-HODInput
-set-ctype 8             : setct-AuthResBaggage
-set-ctype 9             : setct-AuthRevReqBaggage
-set-ctype 10            : setct-AuthRevResBaggage
-set-ctype 11            : setct-CapTokenSeq
-set-ctype 12            : setct-PInitResData
-set-ctype 13            : setct-PI-TBS
-set-ctype 14            : setct-PResData
-set-ctype 16            : setct-AuthReqTBS
-set-ctype 17            : setct-AuthResTBS
-set-ctype 18            : setct-AuthResTBSX
-set-ctype 19            : setct-AuthTokenTBS
-set-ctype 20            : setct-CapTokenData
-set-ctype 21            : setct-CapTokenTBS
-set-ctype 22            : setct-AcqCardCodeMsg
-set-ctype 23            : setct-AuthRevReqTBS
-set-ctype 24            : setct-AuthRevResData
-set-ctype 25            : setct-AuthRevResTBS
-set-ctype 26            : setct-CapReqTBS
-set-ctype 27            : setct-CapReqTBSX
-set-ctype 28            : setct-CapResData
-set-ctype 29            : setct-CapRevReqTBS
-set-ctype 30            : setct-CapRevReqTBSX
-set-ctype 31            : setct-CapRevResData
-set-ctype 32            : setct-CredReqTBS
-set-ctype 33            : setct-CredReqTBSX
-set-ctype 34            : setct-CredResData
-set-ctype 35            : setct-CredRevReqTBS
-set-ctype 36            : setct-CredRevReqTBSX
-set-ctype 37            : setct-CredRevResData
-set-ctype 38            : setct-PCertReqData
-set-ctype 39            : setct-PCertResTBS
-set-ctype 40            : setct-BatchAdminReqData
-set-ctype 41            : setct-BatchAdminResData
-set-ctype 42            : setct-CardCInitResTBS
-set-ctype 43            : setct-MeAqCInitResTBS
-set-ctype 44            : setct-RegFormResTBS
-set-ctype 45            : setct-CertReqData
-set-ctype 46            : setct-CertReqTBS
-set-ctype 47            : setct-CertResData
-set-ctype 48            : setct-CertInqReqTBS
-set-ctype 49            : setct-ErrorTBS
-set-ctype 50            : setct-PIDualSignedTBE
-set-ctype 51            : setct-PIUnsignedTBE
-set-ctype 52            : setct-AuthReqTBE
-set-ctype 53            : setct-AuthResTBE
-set-ctype 54            : setct-AuthResTBEX
-set-ctype 55            : setct-AuthTokenTBE
-set-ctype 56            : setct-CapTokenTBE
-set-ctype 57            : setct-CapTokenTBEX
-set-ctype 58            : setct-AcqCardCodeMsgTBE
-set-ctype 59            : setct-AuthRevReqTBE
-set-ctype 60            : setct-AuthRevResTBE
-set-ctype 61            : setct-AuthRevResTBEB
-set-ctype 62            : setct-CapReqTBE
-set-ctype 63            : setct-CapReqTBEX
-set-ctype 64            : setct-CapResTBE
-set-ctype 65            : setct-CapRevReqTBE
-set-ctype 66            : setct-CapRevReqTBEX
-set-ctype 67            : setct-CapRevResTBE
-set-ctype 68            : setct-CredReqTBE
-set-ctype 69            : setct-CredReqTBEX
-set-ctype 70            : setct-CredResTBE
-set-ctype 71            : setct-CredRevReqTBE
-set-ctype 72            : setct-CredRevReqTBEX
-set-ctype 73            : setct-CredRevResTBE
-set-ctype 74            : setct-BatchAdminReqTBE
-set-ctype 75            : setct-BatchAdminResTBE
-set-ctype 76            : setct-RegFormReqTBE
-set-ctype 77            : setct-CertReqTBE
-set-ctype 78            : setct-CertReqTBEX
-set-ctype 79            : setct-CertResTBE
-set-ctype 80            : setct-CRLNotificationTBS
-set-ctype 81            : setct-CRLNotificationResTBS
-set-ctype 82            : setct-BCIDistributionTBS
-
-set-msgExt 1            : setext-genCrypt       : generic cryptogram
-set-msgExt 3            : setext-miAuth         : merchant initiated auth
-set-msgExt 4            : setext-pinSecure
-set-msgExt 5            : setext-pinAny
-set-msgExt 7            : setext-track2
-set-msgExt 8            : setext-cv             : additional verification
-
-set-policy 0            : set-policy-root
-
-set-certExt 0           : setCext-hashedRoot
-set-certExt 1           : setCext-certType
-set-certExt 2           : setCext-merchData
-set-certExt 3           : setCext-cCertRequired
-set-certExt 4           : setCext-tunneling
-set-certExt 5           : setCext-setExt
-set-certExt 6           : setCext-setQualf
-set-certExt 7           : setCext-PGWYcapabilities
-set-certExt 8           : setCext-TokenIdentifier
-set-certExt 9           : setCext-Track2Data
-set-certExt 10          : setCext-TokenType
-set-certExt 11          : setCext-IssuerCapabilities
-
-set-attr 0              : setAttr-Cert
-set-attr 1              : setAttr-PGWYcap       : payment gateway capabilities
-set-attr 2              : setAttr-TokenType
-set-attr 3              : setAttr-IssCap        : issuer capabilities
-
-setAttr-Cert 0          : set-rootKeyThumb
-setAttr-Cert 1          : set-addPolicy
-
-setAttr-TokenType 1     : setAttr-Token-EMV
-setAttr-TokenType 2     : setAttr-Token-B0Prime
-
-setAttr-IssCap 3        : setAttr-IssCap-CVM
-setAttr-IssCap 4        : setAttr-IssCap-T2
-setAttr-IssCap 5        : setAttr-IssCap-Sig
-
-setAttr-IssCap-CVM 1    : setAttr-GenCryptgrm   : generate cryptogram
-setAttr-IssCap-T2 1     : setAttr-T2Enc         : encrypted track 2
-setAttr-IssCap-T2 2     : setAttr-T2cleartxt    : cleartext track 2
-
-setAttr-IssCap-Sig 1    : setAttr-TokICCsig     : ICC or token signature
-setAttr-IssCap-Sig 2    : setAttr-SecDevSig     : secure device signature
-
-set-brand 1             : set-brand-IATA-ATA
-set-brand 30            : set-brand-Diners
-set-brand 34            : set-brand-AmericanExpress
-set-brand 35            : set-brand-JCB
-set-brand 4             : set-brand-Visa
-set-brand 5             : set-brand-MasterCard
-set-brand 6011          : set-brand-Novus
-
-rsadsi 3 10             : DES-CDMF              : des-cdmf
-rsadsi 1 1 6            : rsaOAEPEncryptionSET
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
deleted file mode 100644
index fab3c03182..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ /dev/null
@@ -1,619 +0,0 @@
-/* ocsp.h */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OCSP_H
-#define HEADER_OCSP_H
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Various flags and values */
-
-#define OCSP_DEFAULT_NONCE_LENGTH       16
-
-#define OCSP_NOCERTS                    0x1
-#define OCSP_NOINTERN                   0x2
-#define OCSP_NOSIGS                     0x4
-#define OCSP_NOCHAIN                    0x8
-#define OCSP_NOVERIFY                   0x10
-#define OCSP_NOEXPLICIT                 0x20
-#define OCSP_NOCASIGN                   0x40
-#define OCSP_NODELEGATED                0x80
-#define OCSP_NOCHECKS                   0x100
-#define OCSP_TRUSTOTHER                 0x200
-#define OCSP_RESPID_KEY                 0x400
-#define OCSP_NOTIME                     0x800
-
-/*   CertID ::= SEQUENCE {
- *       hashAlgorithm            AlgorithmIdentifier,
- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- *       serialNumber       CertificateSerialNumber }
- */
-typedef struct ocsp_cert_id_st
-        {
-        X509_ALGOR *hashAlgorithm;
-        ASN1_OCTET_STRING *issuerNameHash;
-        ASN1_OCTET_STRING *issuerKeyHash;
-        ASN1_INTEGER *serialNumber;
-        } OCSP_CERTID;
-
-DECLARE_STACK_OF(OCSP_CERTID)
-
-/*   Request ::=     SEQUENCE {
- *       reqCert                    CertID,
- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_one_request_st
-        {
-        OCSP_CERTID *reqCert;
-        STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-        } OCSP_ONEREQ;
-
-DECLARE_STACK_OF(OCSP_ONEREQ)
-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
-
-/*   TBSRequest      ::=     SEQUENCE {
- *       version             [0] EXPLICIT Version DEFAULT v1,
- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
- *       requestList             SEQUENCE OF Request,
- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_req_info_st
-        {
-        ASN1_INTEGER *version;
-        GENERAL_NAME *requestorName;
-        STACK_OF(OCSP_ONEREQ) *requestList;
-        STACK_OF(X509_EXTENSION) *requestExtensions;
-        } OCSP_REQINFO;
-
-/*   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm   AlgorithmIdentifier,
- *       signature            BIT STRING,
- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-typedef struct ocsp_signature_st
-        {
-        X509_ALGOR *signatureAlgorithm;
-        ASN1_BIT_STRING *signature;
-        STACK_OF(X509) *certs;
-        } OCSP_SIGNATURE;
-
-/*   OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- */
-typedef struct ocsp_request_st
-        {
-        OCSP_REQINFO *tbsRequest;
-        OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
-        } OCSP_REQUEST;
-
-/*   OCSPResponseStatus ::= ENUMERATED {
- *       successful            (0),      --Response has valid confirmations
- *       malformedRequest      (1),      --Illegal confirmation request
- *       internalError         (2),      --Internal error in issuer
- *       tryLater              (3),      --Try again later
- *                                       --(4) is not used
- *       sigRequired           (5),      --Must sign the request
- *       unauthorized          (6)       --Request unauthorized
- *   }
- */
-#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
-#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
-#define OCSP_RESPONSE_STATUS_TRYLATER             3
-#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
-
-/*   ResponseBytes ::=       SEQUENCE {
- *       responseType   OBJECT IDENTIFIER,
- *       response       OCTET STRING }
- */
-typedef struct ocsp_resp_bytes_st
-        {
-        ASN1_OBJECT *responseType;
-        ASN1_OCTET_STRING *response;
-        } OCSP_RESPBYTES;
-
-/*   OCSPResponse ::= SEQUENCE {
- *      responseStatus         OCSPResponseStatus,
- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-typedef struct ocsp_response_st
-        {
-        ASN1_ENUMERATED *responseStatus;
-        OCSP_RESPBYTES  *responseBytes;
-        } OCSP_RESPONSE;
-
-/*   ResponderID ::= CHOICE {
- *      byName   [1] Name,
- *      byKey    [2] KeyHash }
- */
-#define V_OCSP_RESPID_NAME 0
-#define V_OCSP_RESPID_KEY  1
-typedef struct ocsp_responder_id_st
-        {
-        int type;
-        union   {
-                X509_NAME* byName;
-                ASN1_OCTET_STRING *byKey;
-                } value;
-        } OCSP_RESPID;
-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- *                            --(excluding the tag and length fields)
- */
-
-/*   RevokedInfo ::= SEQUENCE {
- *       revocationTime              GeneralizedTime,
- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
- */
-typedef struct ocsp_revoked_info_st
-        {
-        ASN1_GENERALIZEDTIME *revocationTime;
-        ASN1_ENUMERATED *revocationReason;
-        } OCSP_REVOKEDINFO;
-
-/*   CertStatus ::= CHOICE {
- *       good                [0]     IMPLICIT NULL,
- *       revoked             [1]     IMPLICIT RevokedInfo,
- *       unknown             [2]     IMPLICIT UnknownInfo }
- */
-#define V_OCSP_CERTSTATUS_GOOD    0
-#define V_OCSP_CERTSTATUS_REVOKED 1
-#define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st
-        {
-        int type;
-        union   {
-                ASN1_NULL *good;
-                OCSP_REVOKEDINFO *revoked;
-                ASN1_NULL *unknown;
-                } value;
-        } OCSP_CERTSTATUS;
-
-/*   SingleResponse ::= SEQUENCE {
- *      certID                       CertID,
- *      certStatus                   CertStatus,
- *      thisUpdate                   GeneralizedTime,
- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_single_response_st
-        {
-        OCSP_CERTID *certId;
-        OCSP_CERTSTATUS *certStatus;
-        ASN1_GENERALIZEDTIME *thisUpdate;
-        ASN1_GENERALIZEDTIME *nextUpdate;
-        STACK_OF(X509_EXTENSION) *singleExtensions;
-        } OCSP_SINGLERESP;
-
-DECLARE_STACK_OF(OCSP_SINGLERESP)
-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-
-/*   ResponseData ::= SEQUENCE {
- *      version              [0] EXPLICIT Version DEFAULT v1,
- *      responderID              ResponderID,
- *      producedAt               GeneralizedTime,
- *      responses                SEQUENCE OF SingleResponse,
- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_response_data_st
-        {
-        ASN1_INTEGER *version;
-        OCSP_RESPID  *responderId;
-        ASN1_GENERALIZEDTIME *producedAt;
-        STACK_OF(OCSP_SINGLERESP) *responses;
-        STACK_OF(X509_EXTENSION) *responseExtensions;
-        } OCSP_RESPDATA;
-
-/*   BasicOCSPResponse       ::= SEQUENCE {
- *      tbsResponseData      ResponseData,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signature            BIT STRING,
- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-  /* Note 1:
-     The value for "signature" is specified in the OCSP rfc2560 as follows:
-     "The value for the signature SHALL be computed on the hash of the DER
-     encoding ResponseData."  This means that you must hash the DER-encoded
-     tbsResponseData, and then run it through a crypto-signing function, which
-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
-     a bit odd, but that's the spec.  Also note that the data structures do not
-     leave anywhere to independently specify the algorithm used for the initial
-     hash. So, we look at the signature-specification algorithm, and try to do
-     something intelligent.     -- Kathy Weinhold, CertCo */
-  /* Note 2:
-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
-     for interpretation.  I've done tests against another responder, and found
-     that it doesn't do the double hashing that the RFC seems to say one
-     should.  Therefore, all relevant functions take a flag saying which
-     variant should be used.    -- Richard Levitte, OpenSSL team and CeloCom */
-typedef struct ocsp_basic_response_st
-        {
-        OCSP_RESPDATA *tbsResponseData;
-        X509_ALGOR *signatureAlgorithm;
-        ASN1_BIT_STRING *signature;
-        STACK_OF(X509) *certs;
-        } OCSP_BASICRESP;
-
-/*
- *   CRLReason ::= ENUMERATED {
- *        unspecified             (0),
- *        keyCompromise           (1),
- *        cACompromise            (2),
- *        affiliationChanged      (3),
- *        superseded              (4),
- *        cessationOfOperation    (5),
- *        certificateHold         (6),
- *        removeFromCRL           (8) }
- */
-#define OCSP_REVOKED_STATUS_NOSTATUS               -1
-#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
-#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
-#define OCSP_REVOKED_STATUS_SUPERSEDED              4
-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
-
-/* CrlID ::= SEQUENCE {
- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
- */
-typedef struct ocsp_crl_id_st
-        {
-        ASN1_IA5STRING *crlUrl;
-        ASN1_INTEGER *crlNum;
-        ASN1_GENERALIZEDTIME *crlTime;
-        } OCSP_CRLID;
-
-/* ServiceLocator ::= SEQUENCE {
- *      issuer    Name,
- *      locator   AuthorityInfoAccessSyntax OPTIONAL }
- */
-typedef struct ocsp_service_locator_st
-        {
-        X509_NAME* issuer;
-        STACK_OF(ACCESS_DESCRIPTION) *locator;
-        } OCSP_SERVICELOC;
- 
-#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
-#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
-                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
-                (unsigned char **)(p))
-
-#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
-                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
-                (unsigned char **)(p))
-
-#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
-#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
-#define PEM_write_bio_OCSP_REQUEST(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
-                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
-                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
-                (unsigned char *)o)
-
-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
-                (unsigned char *)o)
-
-#define OCSP_REQUEST_sign(o,pkey,md) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-                o->optionalSignature->signatureAlgorithm,NULL,\
-                o->optionalSignature->signature,o->tbsRequest,pkey,md)
-
-#define OCSP_BASICRESP_sign(o,pkey,md,d) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
-                o->signature,o->tbsResponseData,pkey,md)
-
-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        a->optionalSignature->signatureAlgorithm,\
-        a->optionalSignature->signature,a->tbsRequest,r)
-
-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-        a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
-
-#define ASN1_BIT_STRING_digest(data,type,md,len) \
-        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
-#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
-                (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
-
-#define OCSP_CERTSTATUS_dup(cs)\
-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
-                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-                              X509_NAME *issuerName, 
-                              ASN1_BIT_STRING* issuerKey, 
-                              ASN1_INTEGER *serialNumber);
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
-
-int OCSP_request_sign(OCSP_REQUEST   *req,
-                      X509           *signer,
-                      EVP_PKEY       *key,
-                      const EVP_MD   *dgst,
-                      STACK_OF(X509) *certs,
-                      unsigned long flags);
-
-int OCSP_response_status(OCSP_RESPONSE *resp);
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
-
-int OCSP_resp_count(OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-                                ASN1_GENERALIZEDTIME **revtime,
-                                ASN1_GENERALIZEDTIME **thisupd,
-                                ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-                                int *reason,
-                                ASN1_GENERALIZEDTIME **revtime,
-                                ASN1_GENERALIZEDTIME **thisupd,
-                                ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-                        ASN1_GENERALIZEDTIME *nextupd,
-                        long sec, long maxsec);
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req);
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-                        ASN1_OCTET_STRING **pikeyHash,
-                        ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-int OCSP_request_is_signed(OCSP_REQUEST *req);
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-                                                OCSP_CERTID *cid,
-                                                int status, int reason,
-                                                ASN1_TIME *revtime,
-                                        ASN1_TIME *thisupd, ASN1_TIME *nextupd);
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-                        STACK_OF(X509) *certs, unsigned long flags);
-
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
-                                char *data, STACK_OF(ASN1_OBJECT) *sk);
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
-
-X509_EXTENSION *OCSP_accept_responses_new(char **oids);
-
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
-
-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-
-char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OCSP_strings(void);
-
-/* Error codes for the OCSP functions. */
-
-/* Function codes. */
-#define OCSP_F_ASN1_STRING_ENCODE                        100
-#define OCSP_F_CERT_ID_NEW                               101
-#define OCSP_F_D2I_OCSP_NONCE                            102
-#define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
-#define OCSP_F_OCSP_BASIC_SIGN                           104
-#define OCSP_F_OCSP_BASIC_VERIFY                         105
-#define OCSP_F_OCSP_CHECK_DELEGATED                      106
-#define OCSP_F_OCSP_CHECK_IDS                            107
-#define OCSP_F_OCSP_CHECK_ISSUER                         108
-#define OCSP_F_OCSP_CHECK_VALIDITY                       115
-#define OCSP_F_OCSP_MATCH_ISSUERID                       109
-#define OCSP_F_OCSP_PARSE_URL                            114
-#define OCSP_F_OCSP_REQUEST_SIGN                         110
-#define OCSP_F_OCSP_REQUEST_VERIFY                       116
-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
-#define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_REQUEST_VERIFY                            113
-
-/* Reason codes. */
-#define OCSP_R_BAD_DATA                                  100
-#define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
-#define OCSP_R_DIGEST_ERR                                102
-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
-#define OCSP_R_ERROR_PARSING_URL                         121
-#define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
-#define OCSP_R_NOT_BASIC_RESPONSE                        104
-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
-#define OCSP_R_NO_CONTENT                                106
-#define OCSP_R_NO_PUBLIC_KEY                             107
-#define OCSP_R_NO_RESPONSE_DATA                          108
-#define OCSP_R_NO_REVOKED_TIME                           109
-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
-#define OCSP_R_REQUEST_NOT_SIGNED                        128
-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
-#define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
-#define OCSP_R_SERVER_READ_ERROR                         113
-#define OCSP_R_SERVER_RESPONSE_ERROR                     114
-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
-#define OCSP_R_SERVER_WRITE_ERROR                        116
-#define OCSP_R_SIGNATURE_FAILURE                         117
-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
-#define OCSP_R_STATUS_EXPIRED                            125
-#define OCSP_R_STATUS_NOT_YET_VALID                      126
-#define OCSP_R_STATUS_TOO_OLD                            127
-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
-#define OCSP_R_UNKNOWN_NID                               120
-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c
deleted file mode 100644
index 6a3a360d54..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_asn.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* ocsp_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/ocsp.h>
-
-ASN1_SEQUENCE(OCSP_SIGNATURE) = {
-        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
-        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-        ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-
-ASN1_SEQUENCE(OCSP_CERTID) = {
-        ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
-        ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(OCSP_CERTID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
-
-ASN1_SEQUENCE(OCSP_ONEREQ) = {
-        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
-        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(OCSP_ONEREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
-
-ASN1_SEQUENCE(OCSP_REQINFO) = {
-        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
-        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
-        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
-        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(OCSP_REQINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
-
-ASN1_SEQUENCE(OCSP_REQUEST) = {
-        ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
-        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
-} ASN1_SEQUENCE_END(OCSP_REQUEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
-
-/* OCSP_RESPONSE templates */
-
-ASN1_SEQUENCE(OCSP_RESPBYTES) = {
-            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
-            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-
-ASN1_SEQUENCE(OCSP_RESPONSE) = {
-        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
-        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
-} ASN1_SEQUENCE_END(OCSP_RESPONSE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
-
-ASN1_CHOICE(OCSP_RESPID) = {
-           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
-           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(OCSP_RESPID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
-
-ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
-        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
-        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-
-ASN1_CHOICE(OCSP_CERTSTATUS) = {
-        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
-        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
-        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(OCSP_CERTSTATUS)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-
-ASN1_SEQUENCE(OCSP_SINGLERESP) = {
-           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
-           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
-           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
-           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
-           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-
-ASN1_SEQUENCE(OCSP_RESPDATA) = {
-           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
-           ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
-           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
-           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
-           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_RESPDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
-
-ASN1_SEQUENCE(OCSP_BASICRESP) = {
-           ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
-           ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
-           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
-           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_BASICRESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
-
-ASN1_SEQUENCE(OCSP_CRLID) = {
-           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
-           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
-           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
-} ASN1_SEQUENCE_END(OCSP_CRLID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
-
-ASN1_SEQUENCE(OCSP_SERVICELOC) = {
-        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
-} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
deleted file mode 100644
index 9b3e6dd8ca..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/* ocsp_cl.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP requests and extracting
- * relevant information from the response.
- */
-
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
- * pointer: useful if we want to add extensions.
- */
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
-        {
-        OCSP_ONEREQ *one = NULL;
-
-        if (!(one = OCSP_ONEREQ_new())) goto err;
-        if (one->reqCert) OCSP_CERTID_free(one->reqCert);
-        one->reqCert = cid;
-        if (req &&
-                !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
-                                goto err;
-        return one;
-err:
-        OCSP_ONEREQ_free(one);
-        return NULL;
-        }
-
-/* Set requestorName from an X509_NAME structure */
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
-        {
-        GENERAL_NAME *gen;
-        gen = GENERAL_NAME_new();
-        if (!X509_NAME_set(&gen->d.directoryName, nm))
-                {
-                GENERAL_NAME_free(gen);
-                return 0;
-                }
-        gen->type = GEN_DIRNAME;
-        if (req->tbsRequest->requestorName)
-                GENERAL_NAME_free(req->tbsRequest->requestorName);
-        req->tbsRequest->requestorName = gen;
-        return 1;
-        }
-        
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
-        {
-        OCSP_SIGNATURE *sig;
-        if (!req->optionalSignature)
-                req->optionalSignature = OCSP_SIGNATURE_new();
-        sig = req->optionalSignature;
-        if (!sig) return 0;
-        if (!cert) return 1;
-        if (!sig->certs && !(sig->certs = sk_X509_new_null()))
-                return 0;
-
-        if(!sk_X509_push(sig->certs, cert)) return 0;
-        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-        return 1;
-        }
-
-/* Sign an OCSP request set the requestorName to the subjec
- * name of an optional signers certificate and include one
- * or more optional certificates in the request. Behaves
- * like PKCS7_sign().
- */
-
-int OCSP_request_sign(OCSP_REQUEST   *req,
-                      X509           *signer,
-                      EVP_PKEY       *key,
-                      const EVP_MD   *dgst,
-                      STACK_OF(X509) *certs,
-                      unsigned long flags)
-        {
-        int i;
-        OCSP_SIGNATURE *sig;
-        X509 *x;
-
-        if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
-                        goto err;
-
-        if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-        if (!dgst) dgst = EVP_sha1();
-        if (key)
-                {
-                if (!X509_check_private_key(signer, key))
-                        {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                        goto err;
-                        }
-                if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
-                }
-
-        if (!(flags & OCSP_NOCERTS))
-                {
-                if(!OCSP_request_add1_cert(req, signer)) goto err;
-                for (i = 0; i < sk_X509_num(certs); i++)
-                        {
-                        x = sk_X509_value(certs, i);
-                        if (!OCSP_request_add1_cert(req, x)) goto err;
-                        }
-                }
-
-        return 1;
-err:
-        OCSP_SIGNATURE_free(req->optionalSignature);
-        req->optionalSignature = NULL;
-        return 0;
-        }
-
-/* Get response status */
-
-int OCSP_response_status(OCSP_RESPONSE *resp)
-        {
-        return ASN1_ENUMERATED_get(resp->responseStatus);
-        }
-
-/* Extract basic response from OCSP_RESPONSE or NULL if
- * no basic response present.
- */
- 
-
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
-        {
-        OCSP_RESPBYTES *rb;
-        rb = resp->responseBytes;
-        if (!rb)
-                {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
-                return NULL;
-                }
-        if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
-                {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
-                return NULL;
-                }
-
-        return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
-        }
-
-/* Return number of OCSP_SINGLERESP reponses present in
- * a basic response.
- */
-
-int OCSP_resp_count(OCSP_BASICRESP *bs)
-        {
-        if (!bs) return -1;
-        return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
-        }
-
-/* Extract an OCSP_SINGLERESP response with a given index */
-
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
-        {
-        if (!bs) return NULL;
-        return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
-        }
-
-/* Look single response matching a given certificate ID */
-
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
-        {
-        int i;
-        STACK_OF(OCSP_SINGLERESP) *sresp;
-        OCSP_SINGLERESP *single;
-        if (!bs) return -1;
-        if (last < 0) last = 0;
-        else last++;
-        sresp = bs->tbsResponseData->responses;
-        for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-                {
-                single = sk_OCSP_SINGLERESP_value(sresp, i);
-                if (!OCSP_id_cmp(id, single->certId)) return i;
-                }
-        return -1;
-        }
-
-/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the 
- * certificate status is revoked. Returns numerical value of
- * status.
- */
-
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-                                ASN1_GENERALIZEDTIME **revtime,
-                                ASN1_GENERALIZEDTIME **thisupd,
-                                ASN1_GENERALIZEDTIME **nextupd)
-        {
-        int ret;
-        OCSP_CERTSTATUS *cst;
-        if(!single) return -1;
-        cst = single->certStatus;
-        ret = cst->type;
-        if (ret == V_OCSP_CERTSTATUS_REVOKED)
-                {
-                OCSP_REVOKEDINFO *rev = cst->value.revoked;
-                if (revtime) *revtime = rev->revocationTime;
-                if (reason) 
-                        {
-                        if(rev->revocationReason)
-                                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
-                        else *reason = -1;
-                        }
-                }
-        if(thisupd) *thisupd = single->thisUpdate;
-        if(nextupd) *nextupd = single->nextUpdate;
-        return ret;
-        }
-
-/* This function combines the previous ones: look up a certificate ID and
- * if found extract status information. Return 0 is successful.
- */
-
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-                                int *reason,
-                                ASN1_GENERALIZEDTIME **revtime,
-                                ASN1_GENERALIZEDTIME **thisupd,
-                                ASN1_GENERALIZEDTIME **nextupd)
-        {
-        int i;
-        OCSP_SINGLERESP *single;
-        i = OCSP_resp_find(bs, id, -1);
-        /* Maybe check for multiple responses and give an error? */
-        if(i < 0) return 0;
-        single = OCSP_resp_get0(bs, i);
-        i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
-        if(status) *status = i;
-        return 1;
-        }
-
-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
- * parameter specifies the maximum age the thisUpdate field can be.
- */
-
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
-        {
-        int ret = 1;
-        time_t t_now, t_tmp;
-        time(&t_now);
-        /* Check thisUpdate is valid and not more than nsec in the future */
-        if (!ASN1_GENERALIZEDTIME_check(thisupd))
-                {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
-                ret = 0;
-                }
-        else 
-                {
-                        t_tmp = t_now + nsec;
-                        if (X509_cmp_time(thisupd, &t_tmp) > 0)
-                        {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
-                        ret = 0;
-                        }
-
-                /* If maxsec specified check thisUpdate is not more than maxsec in the past */
-                if (maxsec >= 0)
-                        {
-                        t_tmp = t_now - maxsec;
-                        if (X509_cmp_time(thisupd, &t_tmp) < 0)
-                                {
-                                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
-                                ret = 0;
-                                }
-                        }
-                }
-                
-
-        if (!nextupd) return ret;
-
-        /* Check nextUpdate is valid and not more than nsec in the past */
-        if (!ASN1_GENERALIZEDTIME_check(nextupd))
-                {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
-                ret = 0;
-                }
-        else 
-                {
-                t_tmp = t_now - nsec;
-                if (X509_cmp_time(nextupd, &t_tmp) < 0)
-                        {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
-                        ret = 0;
-                        }
-                }
-
-        /* Also don't allow nextUpdate to precede thisUpdate */
-        if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
-                {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
-                ret = 0;
-                }
-
-        return ret;
-        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
deleted file mode 100644
index 65e6093fbc..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* crypto/ocsp/ocsp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
-static ERR_STRING_DATA OCSP_str_functs[]=
-        {
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),   "ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_CERT_ID_NEW),  "CERT_ID_NEW"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),       "D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),       "OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),      "OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),    "OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),       "OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),    "OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),  "OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),  "OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL),       "OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),    "OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA OCSP_str_reasons[]=
-        {
-{ERR_REASON(OCSP_R_BAD_DATA)             ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR)           ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL)    ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE)   ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT)           ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY)        ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA)     ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME)      ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED)   ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED)  ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR)    ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR)   ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE)    ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED)       ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD)       ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_OCSP_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,OCSP_str_functs);
-                ERR_load_strings(0,OCSP_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
deleted file mode 100644
index 57399433fc..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* ocsp_ext.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-
-/* Standard wrapper functions for extensions */
-
-/* OCSP request extensions */
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
-        {
-        return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
-        }
-
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
-        }
-
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
-        }
-
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
-        }
-
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
-        {
-        return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
-        }
-
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
-        {
-        return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
-        }
-
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
-        {
-        return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
-        }
-
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-        {
-        return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
-        }
-
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
-        }
-
-/* Single extensions */
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
-        {
-        return(X509v3_get_ext_count(x->singleRequestExtensions));
-        }
-
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
-        }
-
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
-        }
-
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
-        }
-
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
-        {
-        return(X509v3_get_ext(x->singleRequestExtensions,loc));
-        }
-
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
-        {
-        return(X509v3_delete_ext(x->singleRequestExtensions,loc));
-        }
-
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
-        {
-        return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
-        }
-
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-        {
-        return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
-        }
-
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
-        }
-
-/* OCSP Basic response */
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
-        {
-        return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
-        }
-
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
-        }
-
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
-        }
-
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
-        }
-
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
-        {
-        return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
-        }
-
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
-        {
-        return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
-        }
-
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
-        {
-        return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
-        }
-
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-        {
-        return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
-        }
-
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
-        }
-
-/* OCSP single response extensions */
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
-        {
-        return(X509v3_get_ext_count(x->singleExtensions));
-        }
-
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
-        }
-
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
-        }
-
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
-        }
-
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
-        {
-        return(X509v3_get_ext(x->singleExtensions,loc));
-        }
-
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
-        {
-        return(X509v3_delete_ext(x->singleExtensions,loc));
-        }
-
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
-        {
-        return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
-        }
-
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-        {
-        return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
-        }
-
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
-        }
-
-/* also CRL Entry Extensions */
-
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
-                                char *data, STACK_OF(ASN1_OBJECT) *sk)
-        {
-        int i;
-        unsigned char *p, *b = NULL;
-
-        if (data)
-                {
-                if ((i=i2d(data,NULL)) <= 0) goto err;
-                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
-                        goto err;
-                if (i2d(data, &p) <= 0) goto err;
-                }
-        else if (sk)
-                {
-                if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
-                                   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
-                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
-                        goto err;
-                if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
-                                 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
-                }
-        else
-                {
-                OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
-                goto err;
-                }
-        if (!s && !(s = ASN1_STRING_new())) goto err;
-        if (!(ASN1_STRING_set(s, b, i))) goto err;
-        OPENSSL_free(b);
-        return s;
-err:
-        if (b) OPENSSL_free(b);
-        return NULL;
-        }
-
-/* Nonce handling functions */
-
-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
- * a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 
- * nonce, previous versions used the raw nonce.
- */
-
-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
-        {
-        unsigned char *tmpval;
-        ASN1_OCTET_STRING os;
-        int ret = 0;
-        if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
-        /* Create the OCTET STRING manually by writing out the header and
-         * appending the content octets. This avoids an extra memory allocation
-         * operation in some cases. Applications should *NOT* do this because
-         * it relies on library internals.
-         */
-        os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
-        os.data = OPENSSL_malloc(os.length);
-        if (os.data == NULL)
-                goto err;
-        tmpval = os.data;
-        ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
-        if (val)
-                memcpy(tmpval, val, len);
-        else
-                RAND_pseudo_bytes(tmpval, len);
-        if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
-                        &os, 0, X509V3_ADD_REPLACE))
-                                goto err;
-        ret = 1;
-        err:
-        if (os.data)
-                OPENSSL_free(os.data);
-        return ret;
-        }
-
-
-/* Add nonce to an OCSP request */
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
-        {
-        return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
-        }
-
-/* Same as above but for a response */
-
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
-        {
-        return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
-        }
-
-/* Check nonce validity in a request and response.
- * Return value reflects result:
- *  1: nonces present and equal.
- *  2: nonces both absent.
- *  3: nonce present in response only.
- *  0: nonces both present and not equal.
- * -1: nonce in request only.
- *
- *  For most responders clients can check return > 0.
- *  If responder doesn't handle nonces return != 0 may be
- *  necessary. return == 0 is always an error.
- */
-
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
-        {
-        /*
-         * Since we are only interested in the presence or absence of
-         * the nonce and comparing its value there is no need to use
-         * the X509V3 routines: this way we can avoid them allocating an
-         * ASN1_OCTET_STRING structure for the value which would be
-         * freed immediately anyway.
-         */
-
-        int req_idx, resp_idx;
-        X509_EXTENSION *req_ext, *resp_ext;
-        req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-        resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
-        /* Check both absent */
-        if((req_idx < 0) && (resp_idx < 0))
-                return 2;
-        /* Check in request only */
-        if((req_idx >= 0) && (resp_idx < 0))
-                return -1;
-        /* Check in response but not request */
-        if((req_idx < 0) && (resp_idx >= 0))
-                return 3;
-        /* Otherwise nonce in request and response so retrieve the extensions */
-        req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-        resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
-        if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
-                return 0;
-        return 1;
-        }
-
-/* Copy the nonce value (if any) from an OCSP request to 
- * a response.
- */
-
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
-        {
-        X509_EXTENSION *req_ext;
-        int req_idx;
-        /* Check for nonce in request */
-        req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-        /* If no nonce that's OK */
-        if (req_idx < 0) return 2;
-        req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-        return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
-        }
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
-        {
-        X509_EXTENSION *x = NULL;
-        OCSP_CRLID *cid = NULL;
-        
-        if (!(cid = OCSP_CRLID_new())) goto err;
-        if (url)
-                {
-                if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
-                if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
-                }
-        if (n)
-                {
-                if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
-                if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
-                }
-        if (tim)
-                {
-                if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
-                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
-                        goto err;
-                }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-        if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
-                goto err;
-        OCSP_CRLID_free(cid);
-        return x;
-err:
-        if (x) X509_EXTENSION_free(x);
-        if (cid) OCSP_CRLID_free(cid);
-        return NULL;
-        }
-
-/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
-X509_EXTENSION *OCSP_accept_responses_new(char **oids)
-        {
-        int nid;
-        STACK_OF(ASN1_OBJECT) *sk = NULL;
-        ASN1_OBJECT *o = NULL;
-        X509_EXTENSION *x = NULL;
-
-        if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
-        while (oids && *oids)
-                {
-                if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
-                        sk_ASN1_OBJECT_push(sk, o);
-                oids++;
-                }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-                goto err;
-        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
-                goto err;
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return x;
-err:
-        if (x) X509_EXTENSION_free(x);
-        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return NULL;
-        }
-
-/*  ArchiveCutoff ::= GeneralizedTime */
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
-        {
-        X509_EXTENSION *x=NULL;
-        ASN1_GENERALIZEDTIME *gt = NULL;
-
-        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
-        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
-                                 (char*)gt,NULL))) goto err;
-        ASN1_GENERALIZEDTIME_free(gt);
-        return x;
-err:
-        if (gt) ASN1_GENERALIZEDTIME_free(gt);
-        if (x) X509_EXTENSION_free(x);
-        return NULL;
-        }
-
-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
- */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
-        {
-        X509_EXTENSION *x = NULL;
-        ASN1_IA5STRING *ia5 = NULL;
-        OCSP_SERVICELOC *sloc = NULL;
-        ACCESS_DESCRIPTION *ad = NULL;
-        
-        if (!(sloc = OCSP_SERVICELOC_new())) goto err;
-        if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
-        if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
-        while (urls && *urls)
-                {
-                if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
-                if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
-                if (!(ad->location = GENERAL_NAME_new())) goto err;
-                if (!(ia5 = ASN1_IA5STRING_new())) goto err;
-                if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
-                ad->location->type = GEN_URI;
-                ad->location->d.ia5 = ia5;
-                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
-                urls++;
-                }
-        if (!(x = X509_EXTENSION_new())) goto err;
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-                goto err;
-        if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
-                                 (char*)sloc, NULL))) goto err;
-        OCSP_SERVICELOC_free(sloc);
-        return x;
-err:
-        if (x) X509_EXTENSION_free(x);
-        if (sloc) OCSP_SERVICELOC_free(sloc);
-        return NULL;
-        }
-
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
deleted file mode 100644
index 2c48171883..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* ocsp_ht.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/asn1.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-#ifdef OPENSSL_SYS_SUNOS
-#define strtoul (unsigned long)strtol
-#endif /* OPENSSL_SYS_SUNOS */
-
-/* Quick and dirty HTTP OCSP request handler.
- * Could make this a bit cleverer by adding
- * support for non blocking BIOs and a few
- * other refinements.
- */
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
-{
-        BIO *mem = NULL;
-        char tmpbuf[1024];
-        OCSP_RESPONSE *resp = NULL;
-        char *p, *q, *r;
-        int len, retcode;
-        static char req_txt[] =
-"POST %s HTTP/1.0\r\n\
-Content-Type: application/ocsp-request\r\n\
-Content-Length: %d\r\n\r\n";
-
-        len = i2d_OCSP_REQUEST(req, NULL);
-        if(BIO_printf(b, req_txt, path, len) < 0) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
-                goto err;
-        }
-        if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
-                goto err;
-        }
-        if(!(mem = BIO_new(BIO_s_mem()))) goto err;
-        /* Copy response to a memory BIO: socket bios can't do gets! */
-        while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
-                if(len < 0) {
-                        OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
-                        goto err;
-                }
-                BIO_write(mem, tmpbuf, len);
-        }
-        if(BIO_gets(mem, tmpbuf, 512) <= 0) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                goto err;
-        }
-        /* Parse the HTTP response. This will look like this:
-         * "HTTP/1.0 200 OK". We need to obtain the numeric code and
-         * (optional) informational message.
-         */
-
-        /* Skip to first white space (passed protocol info) */
-        for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
-        if(!*p) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                goto err;
-        }
-        /* Skip past white space to start of response code */
-        while(isspace((unsigned char)*p)) p++;
-        if(!*p) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                goto err;
-        }
-        /* Find end of response code: first whitespace after start of code */
-        for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
-        if(!*q) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                goto err;
-        }
-        /* Set end of response code and start of message */ 
-        *q++ = 0;
-        /* Attempt to parse numeric code */
-        retcode = strtoul(p, &r, 10);
-        if(*r) goto err;
-        /* Skip over any leading white space in message */
-        while(isspace((unsigned char)*q))  q++;
-        if(*q) {
-        /* Finally zap any trailing white space in message (include CRLF) */
-        /* We know q has a non white space character so this is OK */
-                for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
-        }
-        if(retcode != 200) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
-                if(!*q) { 
-                        ERR_add_error_data(2, "Code=", p);
-                }
-                else {
-                        ERR_add_error_data(4, "Code=", p, ",Reason=", q);
-                }
-                goto err;
-        }
-        /* Find blank line marking beginning of content */      
-        while(BIO_gets(mem, tmpbuf, 512) > 0)
-        {
-                for(p = tmpbuf; isspace((unsigned char)*p); p++) continue;
-                if(!*p) break;
-        }
-        if(*p) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
-                goto err;
-        }
-        if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
-                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-        }
-        err:
-        BIO_free(mem);
-        return resp;
-}
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
deleted file mode 100644
index 9e87fc7895..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/* ocsp_lib.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Convert a certificate and its issuer to an OCSP_CERTID */
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
-{
-        X509_NAME *iname;
-        ASN1_INTEGER *serial;
-        ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
-        if(!dgst) dgst = EVP_sha1();
-#endif
-        if (subject)
-                {
-                iname = X509_get_issuer_name(subject);
-                serial = X509_get_serialNumber(subject);
-                }
-        else
-                {
-                iname = X509_get_subject_name(issuer);
-                serial = NULL;
-                }
-        ikey = X509_get0_pubkey_bitstr(issuer);
-        return OCSP_cert_id_new(dgst, iname, ikey, serial);
-}
-
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-                              X509_NAME *issuerName, 
-                              ASN1_BIT_STRING* issuerKey, 
-                              ASN1_INTEGER *serialNumber)
-        {
-        int nid;
-        unsigned int i;
-        X509_ALGOR *alg;
-        OCSP_CERTID *cid = NULL;
-        unsigned char md[EVP_MAX_MD_SIZE];
-
-        if (!(cid = OCSP_CERTID_new())) goto err;
-
-        alg = cid->hashAlgorithm;
-        if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
-        if ((nid = EVP_MD_type(dgst)) == NID_undef)
-                {
-                OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
-                goto err;
-                }
-        if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
-        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        alg->parameter->type=V_ASN1_NULL;
-
-        if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
-        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
-
-        /* Calculate the issuerKey hash, excluding tag and length */
-        EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
-
-        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-
-        if (serialNumber)
-                {
-                ASN1_INTEGER_free(cid->serialNumber);
-                if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
-                }
-        return cid;
-digerr:
-        OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
-err:
-        if (cid) OCSP_CERTID_free(cid);
-        return NULL;
-        }
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-        {
-        int ret;
-        ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
-        if (ret) return ret;
-        ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
-        if (ret) return ret;
-        return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
-        }
-
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-        {
-        int ret;
-        ret = OCSP_id_issuer_cmp(a, b);
-        if (ret) return ret;
-        return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
-        }
-
-
-/* Parse a URL and split it up into host, port and path components and whether
- * it is SSL.
- */
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
-        {
-        char *p, *buf;
-
-        char *host, *port;
-
-        /* dup the buffer since we are going to mess with it */
-        buf = BUF_strdup(url);
-        if (!buf) goto mem_err;
-
-        *phost = NULL;
-        *pport = NULL;
-        *ppath = NULL;
-
-        /* Check for initial colon */
-        p = strchr(buf, ':');
-
-        if (!p) goto parse_err;
-
-        *(p++) = '\0';
-
-        if (!strcmp(buf, "http"))
-                {
-                *pssl = 0;
-                port = "80";
-                }
-        else if (!strcmp(buf, "https"))
-                {
-                *pssl = 1;
-                port = "443";
-                }
-        else
-                goto parse_err;
-
-        /* Check for double slash */
-        if ((p[0] != '/') || (p[1] != '/'))
-                goto parse_err;
-
-        p += 2;
-
-        host = p;
-
-        /* Check for trailing part of path */
-
-        p = strchr(p, '/');
-
-        if (!p) 
-                *ppath = BUF_strdup("/");
-        else
-                {
-                *ppath = BUF_strdup(p);
-                /* Set start of path to 0 so hostname is valid */
-                *p = '\0';
-                }
-
-        if (!*ppath) goto mem_err;
-
-        /* Look for optional ':' for port number */
-        if ((p = strchr(host, ':')))
-                {
-                *p = 0;
-                port = p + 1;
-                }
-        else
-                {
-                /* Not found: set default port */
-                if (*pssl) port = "443";
-                else port = "80";
-                }
-
-        *pport = BUF_strdup(port);
-        if (!*pport) goto mem_err;
-
-        *phost = BUF_strdup(host);
-
-        if (!*phost) goto mem_err;
-
-        OPENSSL_free(buf);
-
-        return 1;
-
-        mem_err:
-        OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
-        goto err;
-
-        parse_err:
-        OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
-
-
-        err:
-        if (buf) OPENSSL_free(buf);
-        if (*ppath) OPENSSL_free(*ppath);
-        if (*pport) OPENSSL_free(*pport);
-        if (*phost) OPENSSL_free(*phost);
-        return 0;
-
-        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
deleted file mode 100644
index 4b7bc28769..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* ocsp_prn.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was originally part of ocsp.c and was transfered to Richard
-   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
-   in OpenSSL or released as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
-        {
-        BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
-        indent += 2;
-        BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-        i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
-        BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
-        i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
-        BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
-        i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
-        BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
-        i2a_ASN1_INTEGER(bp, a->serialNumber);
-        BIO_printf(bp, "\n");
-        return 1;
-        }
-
-typedef struct
-        {
-        long t;
-        char *m;
-        } OCSP_TBLSTR;
-
-static char *table2string(long s, OCSP_TBLSTR *ts, int len)
-{
-        OCSP_TBLSTR *p;
-        for (p=ts; p < ts + len; p++)
-                if (p->t == s)
-                         return p->m;
-        return "(UNKNOWN)";
-}
-
-char *OCSP_response_status_str(long s)
-        {
-        static OCSP_TBLSTR rstat_tbl[] = {
-                { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
-                { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
-                { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
-                { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
-                { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
-                { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
-        return table2string(s, rstat_tbl, 6);
-        } 
-
-char *OCSP_cert_status_str(long s)
-        {
-        static OCSP_TBLSTR cstat_tbl[] = {
-                { V_OCSP_CERTSTATUS_GOOD, "good" },
-                { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
-                { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
-        return table2string(s, cstat_tbl, 3);
-        } 
-
-char *OCSP_crl_reason_str(long s)
-        {
-        OCSP_TBLSTR reason_tbl[] = {
-          { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
-          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
-          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
-          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
-          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
-          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
-          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
-          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
-        return table2string(s, reason_tbl, 8);
-        } 
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
-        {
-        int i;
-        long l;
-        OCSP_CERTID* cid = NULL;
-        OCSP_ONEREQ *one = NULL;
-        OCSP_REQINFO *inf = o->tbsRequest;
-        OCSP_SIGNATURE *sig = o->optionalSignature;
-
-        if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
-        l=ASN1_INTEGER_get(inf->version);
-        if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
-        if (inf->requestorName != NULL)
-                {
-                if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
-                        goto err;
-                GENERAL_NAME_print(bp, inf->requestorName);
-                }
-        if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
-        for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
-                {
-                one = sk_OCSP_ONEREQ_value(inf->requestList, i);
-                cid = one->reqCert;
-                ocsp_certid_print(bp, cid, 8);
-                if (!X509V3_extensions_print(bp,
-                                        "Request Single Extensions",
-                                        one->singleRequestExtensions, flags, 8))
-                                                        goto err;
-                }
-        if (!X509V3_extensions_print(bp, "Request Extensions",
-                        inf->requestExtensions, flags, 4))
-                                                        goto err;
-        if (sig)
-                {
-                X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-                for (i=0; i<sk_X509_num(sig->certs); i++)
-                        {
-                        X509_print(bp, sk_X509_value(sig->certs,i));
-                        PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-                        }
-                }
-        return 1;
-err:
-        return 0;
-        }
-
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
-        {
-        int i, ret = 0;
-        long l;
-        unsigned char *p;
-        OCSP_CERTID *cid = NULL;
-        OCSP_BASICRESP *br = NULL;
-        OCSP_RESPID *rid = NULL;
-        OCSP_RESPDATA  *rd = NULL;
-        OCSP_CERTSTATUS *cst = NULL;
-        OCSP_REVOKEDINFO *rev = NULL;
-        OCSP_SINGLERESP *single = NULL;
-        OCSP_RESPBYTES *rb = o->responseBytes;
-
-        if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
-        l=ASN1_ENUMERATED_get(o->responseStatus);
-        if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
-                       OCSP_response_status_str(l), l) <= 0) goto err;
-        if (rb == NULL) return 1;
-        if (BIO_puts(bp,"    Response Type: ") <= 0)
-                goto err;
-        if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
-                goto err;
-        if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
-                {
-                BIO_puts(bp," (unknown response type)\n");
-                return 1;
-                }
-
-        p = ASN1_STRING_data(rb->response);
-        i = ASN1_STRING_length(rb->response);
-        if (!(br = OCSP_response_get1_basic(o))) goto err;
-        rd = br->tbsResponseData;
-        l=ASN1_INTEGER_get(rd->version);
-        if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
-                       l+1,l) <= 0) goto err;
-        if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
-
-        rid =  rd->responderId;
-        switch (rid->type)
-                {
-                case V_OCSP_RESPID_NAME:
-                        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
-                        break;
-                case V_OCSP_RESPID_KEY:
-                        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
-                        break;
-                }
-
-        if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
-        if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
-        if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
-        for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
-                {
-                if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
-                single = sk_OCSP_SINGLERESP_value(rd->responses, i);
-                cid = single->certId;
-                if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
-                cst = single->certStatus;
-                if (BIO_printf(bp,"    Cert Status: %s",
-                               OCSP_cert_status_str(cst->type)) <= 0)
-                        goto err;
-                if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
-                        {
-                        rev = cst->value.revoked;
-                        if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
-                                goto err;
-                        if (!ASN1_GENERALIZEDTIME_print(bp, 
-                                                        rev->revocationTime)) 
-                                goto err;
-                        if (rev->revocationReason) 
-                                {
-                                l=ASN1_ENUMERATED_get(rev->revocationReason);
-                                if (BIO_printf(bp, 
-                                         "\n    Revocation Reason: %s (0x%x)",
-                                               OCSP_crl_reason_str(l), l) <= 0)
-                                        goto err;
-                                }
-                        }
-                if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
-                if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
-                        goto err;
-                if (single->nextUpdate)
-                        {
-                        if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
-                        if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
-                                goto err;
-                        }
-                if (!BIO_write(bp,"\n",1)) goto err;
-                if (!X509V3_extensions_print(bp,
-                                        "Response Single Extensions",
-                                        single->singleExtensions, flags, 8))
-                                                        goto err;
-                if (!BIO_write(bp,"\n",1)) goto err;
-                }
-        if (!X509V3_extensions_print(bp, "Response Extensions",
-                                        rd->responseExtensions, flags, 4))
-        if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
-                                                        goto err;
-
-        for (i=0; i<sk_X509_num(br->certs); i++)
-                {
-                X509_print(bp, sk_X509_value(br->certs,i));
-                PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-                }
-
-        ret = 1;
-err:
-        OCSP_BASICRESP_free(br);
-        return ret;
-        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
deleted file mode 100644
index fffa134e75..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_srv.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP responses and extracting
- * relevant information from the request.
- */
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req)
-        {
-        return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
-        }
-
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
-        {
-        return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
-        }
-
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
-        {
-        return one->reqCert;
-        }
-
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-                        ASN1_OCTET_STRING **pikeyHash,
-                        ASN1_INTEGER **pserial, OCSP_CERTID *cid)
-        {
-        if (!cid) return 0;
-        if (pmd) *pmd = cid->hashAlgorithm->algorithm;
-        if(piNameHash) *piNameHash = cid->issuerNameHash;
-        if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
-        if (pserial) *pserial = cid->serialNumber;
-        return 1;
-        }
-
-int OCSP_request_is_signed(OCSP_REQUEST *req)
-        {
-        if(req->optionalSignature) return 1;
-        return 0;
-        }
-
-/* Create an OCSP response and encode an optional basic response */
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
-        {
-        OCSP_RESPONSE *rsp = NULL;
-
-        if (!(rsp = OCSP_RESPONSE_new())) goto err;
-        if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
-        if (!bs) return rsp;
-        if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
-        rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-        if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
-                                goto err;
-        return rsp;
-err:
-        if (rsp) OCSP_RESPONSE_free(rsp);
-        return NULL;
-        }
-
-
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-                                                OCSP_CERTID *cid,
-                                                int status, int reason,
-                                                ASN1_TIME *revtime,
-                                        ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-        {
-        OCSP_SINGLERESP *single = NULL;
-        OCSP_CERTSTATUS *cs;
-        OCSP_REVOKEDINFO *ri;
-
-        if(!rsp->tbsResponseData->responses &&
-            !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
-                goto err;
-
-        if (!(single = OCSP_SINGLERESP_new()))
-                goto err;
-
-
-
-        if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
-                goto err;
-        if (nextupd &&
-                !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
-                goto err;
-
-        OCSP_CERTID_free(single->certId);
-
-        if(!(single->certId = OCSP_CERTID_dup(cid)))
-                goto err;
-
-        cs = single->certStatus;
-        switch(cs->type = status)
-                {
-        case V_OCSP_CERTSTATUS_REVOKED:
-                if (!revtime)
-                        {
-                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
-                        goto err;
-                        }
-                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
-                if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
-                        goto err;       
-                if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
-                        {
-                        if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
-                                goto err;
-                        if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
-                                                  reason)))
-                                goto err;       
-                        }
-                break;
-
-        case V_OCSP_CERTSTATUS_GOOD:
-                cs->value.good = ASN1_NULL_new();
-                break;
-
-        case V_OCSP_CERTSTATUS_UNKNOWN:
-                cs->value.unknown = ASN1_NULL_new();
-                break;
-
-        default:
-                goto err;
-
-                }
-        if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
-                goto err;
-        return single;
-err:
-        OCSP_SINGLERESP_free(single);
-        return NULL;
-        }
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
-        {
-        if (!resp->certs && !(resp->certs = sk_X509_new_null()))
-                return 0;
-
-        if(!sk_X509_push(resp->certs, cert)) return 0;
-        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-        return 1;
-        }
-
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-                        STACK_OF(X509) *certs, unsigned long flags)
-        {
-        int i;
-        OCSP_RESPID *rid;
-
-        if (!X509_check_private_key(signer, key))
-                {
-                OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                goto err;
-                }
-
-        if(!(flags & OCSP_NOCERTS))
-                {
-                if(!OCSP_basic_add1_cert(brsp, signer))
-                        goto err;
-                for (i = 0; i < sk_X509_num(certs); i++)
-                        {
-                        X509 *tmpcert = sk_X509_value(certs, i);
-                        if(!OCSP_basic_add1_cert(brsp, tmpcert))
-                                goto err;
-                        }
-                }
-
-        rid = brsp->tbsResponseData->responderId;
-        if (flags & OCSP_RESPID_KEY)
-                {
-                unsigned char md[SHA_DIGEST_LENGTH];
-                X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-                if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-                        goto err;
-                if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
-                                goto err;
-                rid->type = V_OCSP_RESPID_KEY;
-                }
-        else
-                {
-                if (!X509_NAME_set(&rid->value.byName,
-                                        X509_get_subject_name(signer)))
-                                goto err;
-                rid->type = V_OCSP_RESPID_NAME;
-                }
-
-        if (!(flags & OCSP_NOTIME) &&
-                !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
-                goto err;
-
-        /* Right now, I think that not doing double hashing is the right
-           thing.       -- Richard Levitte */
-
-        if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
-
-        return 1;
-err:
-        return 0;
-        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
deleted file mode 100644
index 3d58dfb06c..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/* ocsp_vfy.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <string.h>
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags);
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags);
-
-/* Verify a basic response message */
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags)
-        {
-        X509 *signer, *x;
-        STACK_OF(X509) *chain = NULL;
-        X509_STORE_CTX ctx;
-        int i, ret = 0;
-        ret = ocsp_find_signer(&signer, bs, certs, st, flags);
-        if (!ret)
-                {
-                OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                goto end;
-                }
-        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-                flags |= OCSP_NOVERIFY;
-        if (!(flags & OCSP_NOSIGS))
-                {
-                EVP_PKEY *skey;
-                skey = X509_get_pubkey(signer);
-                ret = OCSP_BASICRESP_verify(bs, skey, 0);
-                EVP_PKEY_free(skey);
-                if(ret <= 0)
-                        {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-                        goto end;
-                        }
-                }
-        if (!(flags & OCSP_NOVERIFY))
-                {
-                int init_res;
-                if(flags & OCSP_NOCHAIN)
-                        init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
-                else
-                        init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
-                if(!init_res)
-                        {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
-                        goto end;
-                        }
-
-                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-                ret = X509_verify_cert(&ctx);
-                chain = X509_STORE_CTX_get1_chain(&ctx);
-                X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-                        {
-                        i = X509_STORE_CTX_get_error(&ctx);     
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-                        ERR_add_error_data(2, "Verify error:",
-                                        X509_verify_cert_error_string(i));
-                        goto end;
-                        }
-                if(flags & OCSP_NOCHECKS)
-                        {
-                        ret = 1;
-                        goto end;
-                        }
-                /* At this point we have a valid certificate chain
-                 * need to verify it against the OCSP issuer criteria.
-                 */
-                ret = ocsp_check_issuer(bs, chain, flags);
-
-                /* If fatal error or valid match then finish */
-                if (ret != 0) goto end;
-
-                /* Easy case: explicitly trusted. Get root CA and
-                 * check for explicit trust
-                 */
-                if(flags & OCSP_NOEXPLICIT) goto end;
-
-                x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-                if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
-                        {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
-                        goto end;
-                        }
-                ret = 1;
-                }
-
-
-
-        end:
-        if(chain) sk_X509_pop_free(chain, X509_free);
-        return ret;
-        }
-
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags)
-        {
-        X509 *signer;
-        OCSP_RESPID *rid = bs->tbsResponseData->responderId;
-        if ((signer = ocsp_find_signer_sk(certs, rid)))
-                {
-                *psigner = signer;
-                return 2;
-                }
-        if(!(flags & OCSP_NOINTERN) &&
-            (signer = ocsp_find_signer_sk(bs->certs, rid)))
-                {
-                *psigner = signer;
-                return 1;
-                }
-        /* Maybe lookup from store if by subject name */
-
-        *psigner = NULL;
-        return 0;
-        }
-
-
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
-        {
-        int i;
-        unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
-        X509 *x;
-
-        /* Easy if lookup by name */
-        if (id->type == V_OCSP_RESPID_NAME)
-                return X509_find_by_subject(certs, id->value.byName);
-
-        /* Lookup by key hash */
-
-        /* If key hash isn't SHA1 length then forget it */
-        if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
-        keyhash = id->value.byKey->data;
-        /* Calculate hash of each key and compare */
-        for (i = 0; i < sk_X509_num(certs); i++)
-                {
-                x = sk_X509_value(certs, i);
-                X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
-                if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
-                        return x;
-                }
-        return NULL;
-        }
-
-
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
-        {
-        STACK_OF(OCSP_SINGLERESP) *sresp;
-        X509 *signer, *sca;
-        OCSP_CERTID *caid = NULL;
-        int i;
-        sresp = bs->tbsResponseData->responses;
-
-        if (sk_X509_num(chain) <= 0)
-                {
-                OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
-                return -1;
-                }
-
-        /* See if the issuer IDs match. */
-        i = ocsp_check_ids(sresp, &caid);
-
-        /* If ID mismatch or other error then return */
-        if (i <= 0) return i;
-
-        signer = sk_X509_value(chain, 0);
-        /* Check to see if OCSP responder CA matches request CA */
-        if (sk_X509_num(chain) > 1)
-                {
-                sca = sk_X509_value(chain, 1);
-                i = ocsp_match_issuerid(sca, caid, sresp);
-                if (i < 0) return i;
-                if (i)
-                        {
-                        /* We have a match, if extensions OK then success */
-                        if (ocsp_check_delegated(signer, flags)) return 1;
-                        return 0;
-                        }
-                }
-
-        /* Otherwise check if OCSP request signed directly by request CA */
-        return ocsp_match_issuerid(signer, caid, sresp);
-        }
-
-
-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
- * algorithm then there's no point trying to match any certificates against the issuer.
- * If the issuer IDs all match then we just need to check equality against one of them.
- */
-        
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
-        {
-        OCSP_CERTID *tmpid, *cid;
-        int i, idcount;
-
-        idcount = sk_OCSP_SINGLERESP_num(sresp);
-        if (idcount <= 0)
-                {
-                OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
-                return -1;
-                }
-
-        cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
-
-        *ret = NULL;
-
-        for (i = 1; i < idcount; i++)
-                {
-                tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-                /* Check to see if IDs match */
-                if (OCSP_id_issuer_cmp(cid, tmpid))
-                        {
-                        /* If algoritm mismatch let caller deal with it */
-                        if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
-                                        cid->hashAlgorithm->algorithm))
-                                        return 2;
-                        /* Else mismatch */
-                        return 0;
-                        }
-                }
-
-        /* All IDs match: only need to check one ID */
-        *ret = cid;
-        return 1;
-        }
-
-
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
-                        STACK_OF(OCSP_SINGLERESP) *sresp)
-        {
-        /* If only one ID to match then do it */
-        if(cid)
-                {
-                const EVP_MD *dgst;
-                X509_NAME *iname;
-                int mdlen;
-                unsigned char md[EVP_MAX_MD_SIZE];
-                if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
-                        {
-                        OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
-                        return -1;
-                        }
-
-                mdlen = EVP_MD_size(dgst);
-                if ((cid->issuerNameHash->length != mdlen) ||
-                   (cid->issuerKeyHash->length != mdlen))
-                        return 0;
-                iname = X509_get_subject_name(cert);
-                if (!X509_NAME_digest(iname, dgst, md, NULL))
-                        return -1;
-                if (memcmp(md, cid->issuerNameHash->data, mdlen))
-                        return 0;
-                X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
-                if (memcmp(md, cid->issuerKeyHash->data, mdlen))
-                        return 0;
-
-                return 1;
-
-                }
-        else
-                {
-                /* We have to match the whole lot */
-                int i, ret;
-                OCSP_CERTID *tmpid;
-                for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-                        {
-                        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-                        ret = ocsp_match_issuerid(cert, tmpid, NULL);
-                        if (ret <= 0) return ret;
-                        }
-                return 1;
-                }
-                        
-        }
-
-static int ocsp_check_delegated(X509 *x, int flags)
-        {
-        X509_check_purpose(x, -1, 0);
-        if ((x->ex_flags & EXFLAG_XKUSAGE) &&
-            (x->ex_xkusage & XKU_OCSP_SIGN))
-                return 1;
-        OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
-        return 0;
-        }
-
-/* Verify an OCSP request. This is fortunately much easier than OCSP
- * response verify. Just find the signers certificate and verify it
- * against a given trust value.
- */
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
-        {
-        X509 *signer;
-        X509_NAME *nm;
-        GENERAL_NAME *gen;
-        int ret;
-        X509_STORE_CTX ctx;
-        if (!req->optionalSignature) 
-                {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
-                return 0;
-                }
-        gen = req->tbsRequest->requestorName;
-        if (gen->type != GEN_DIRNAME)
-                {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
-                return 0;
-                }
-        nm = gen->d.directoryName;
-        ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
-        if (ret <= 0)
-                {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                return 0;
-                }
-        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-                flags |= OCSP_NOVERIFY;
-        if (!(flags & OCSP_NOSIGS))
-                {
-                EVP_PKEY *skey;
-                skey = X509_get_pubkey(signer);
-                ret = OCSP_REQUEST_verify(req, skey);
-                EVP_PKEY_free(skey);
-                if(ret <= 0)
-                        {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-                        return 0;
-                        }
-                }
-        if (!(flags & OCSP_NOVERIFY))
-                {
-                int init_res;
-                if(flags & OCSP_NOCHAIN)
-                        init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
-                else
-                        init_res = X509_STORE_CTX_init(&ctx, store, signer,
-                                        req->optionalSignature->certs);
-                if(!init_res)
-                        {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
-                        return 0;
-                        }
-
-                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-                X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
-                ret = X509_verify_cert(&ctx);
-                X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-                        {
-                        ret = X509_STORE_CTX_get_error(&ctx);   
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-                        ERR_add_error_data(2, "Verify error:",
-                                        X509_verify_cert_error_string(ret));
-                        return 0;
-                        }
-                }
-        return 1;
-        }
-
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-                                X509_STORE *st, unsigned long flags)
-        {
-        X509 *signer;
-        if(!(flags & OCSP_NOINTERN))
-                {
-                signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-                *psigner = signer;
-                return 1;
-                }
-
-        signer = X509_find_by_subject(certs, nm);
-        if (signer)
-                {
-                *psigner = signer;
-                return 2;
-                }
-        return 0;
-        }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
deleted file mode 100644
index e50c1baf00..0000000000
--- a/src/lib/libcrypto/opensslv.h
+++ /dev/null
@@ -1,89 +0,0 @@
-#ifndef HEADER_OPENSSLV_H
-#define HEADER_OPENSSLV_H
-
-/* Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release.  The patch level is exactly that.
- * For example:
- * 0.9.3-dev      0x00903000
- * 0.9.3-beta1    0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
- * 0.9.3          0x0090300f
- * 0.9.3a         0x0090301f
- * 0.9.4          0x0090400f
- * 1.2.3z         0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit.  This means
- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- *  major minor fix final patch/beta)
- */
-#define OPENSSL_VERSION_NUMBER  0x009070afL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7j-fips 04 May 2006"
-#else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7j 04 May 2006"
-#endif
-#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
-
-
-/* The macros below are to be used for shared library (.so, .dll, ...)
- * versioning.  That kind of versioning works a bit differently between
- * operating systems.  The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time.  With this
- * scheme, the version number is usually part of the file name, like this:
- *
- *      libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major verson number only:
- *
- *      libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons.  The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time.  When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired.  However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string.  Consecutive builds would
- * give the following versions strings:
- *
- *      3.0
- *      3.0:3.1
- *      3.0:3.1:3.2
- *      4.0
- *      4.0:4.1
- *
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
- *
- * There may be other schemes as well that I haven't yet discovered.
- *
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
- */
-#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.7"
-
-
-#endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libcrypto/ossl_typ.h b/src/lib/libcrypto/ossl_typ.h
deleted file mode 100644
index 285fd0b1d9..0000000000
--- a/src/lib/libcrypto/ossl_typ.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OPENSSL_TYPES_H
-#define HEADER_OPENSSL_TYPES_H
-
-#include <openssl/e_os2.h>
-
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER            ASN1_STRING
-#define ASN1_ENUMERATED         ASN1_STRING
-#define ASN1_BIT_STRING         ASN1_STRING
-#define ASN1_OCTET_STRING       ASN1_STRING
-#define ASN1_PRINTABLESTRING    ASN1_STRING
-#define ASN1_T61STRING          ASN1_STRING
-#define ASN1_IA5STRING          ASN1_STRING
-#define ASN1_UTCTIME            ASN1_STRING
-#define ASN1_GENERALIZEDTIME    ASN1_STRING
-#define ASN1_TIME               ASN1_STRING
-#define ASN1_GENERALSTRING      ASN1_STRING
-#define ASN1_UNIVERSALSTRING    ASN1_STRING
-#define ASN1_BMPSTRING          ASN1_STRING
-#define ASN1_VISIBLESTRING      ASN1_STRING
-#define ASN1_UTF8STRING         ASN1_STRING
-#define ASN1_BOOLEAN            int
-#define ASN1_NULL               int
-#else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef int ASN1_BOOLEAN;
-typedef int ASN1_NULL;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-#undef X509_NAME
-#undef PKCS7_ISSUER_AND_SERIAL
-#endif
-
-typedef struct evp_cipher_st EVP_CIPHER;
-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
-typedef struct env_md_st EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
-typedef struct evp_pkey_st EVP_PKEY;
-
-typedef struct x509_st X509;
-typedef struct X509_algor_st X509_ALGOR;
-typedef struct X509_crl_st X509_CRL;
-typedef struct X509_name_st X509_NAME;
-typedef struct x509_store_st X509_STORE;
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-
-typedef struct engine_st ENGINE;
-
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-
-#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/src/lib/libcrypto/pem/message b/src/lib/libcrypto/pem/message
deleted file mode 100644
index e8bf9d7592..0000000000
--- a/src/lib/libcrypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-Proc-Type: 4,ENCRYPTED
-Proc-Type: 4,MIC-ONLY
-Proc-Type: 4,MIC-CLEAR
-Content-Domain: RFC822
-DEK-Info: DES-CBC,0123456789abcdef
-Originator-Certificate
- xxxx
-Issuer-Certificate
- xxxx
-MIC-Info: RSA-MD5,RSA,
- xxxx
-
-
------END PRIVACY-ENHANCED MESSAGE-----
-
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
deleted file mode 100644
index d330cbf9a3..0000000000
--- a/src/lib/libcrypto/pem/pem.h
+++ /dev/null
@@ -1,672 +0,0 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_STACK
-#include <openssl/stack.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem2.h>
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define PEM_BUFSIZE             1024
-
-#define PEM_OBJ_UNDEF           0
-#define PEM_OBJ_X509            1
-#define PEM_OBJ_X509_REQ        2
-#define PEM_OBJ_CRL             3
-#define PEM_OBJ_SSL_SESSION     4
-#define PEM_OBJ_PRIV_KEY        10
-#define PEM_OBJ_PRIV_RSA        11
-#define PEM_OBJ_PRIV_DSA        12
-#define PEM_OBJ_PRIV_DH         13
-#define PEM_OBJ_PUB_RSA         14
-#define PEM_OBJ_PUB_DSA         15
-#define PEM_OBJ_PUB_DH          16
-#define PEM_OBJ_DHPARAMS        17
-#define PEM_OBJ_DSAPARAMS       18
-#define PEM_OBJ_PRIV_RSA_PUBLIC 19
-
-#define PEM_ERROR               30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2              NID_md2
-#define PEM_MD_MD5              NID_md5
-#define PEM_MD_SHA              NID_sha
-#define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
-#define PEM_STRING_X509         "CERTIFICATE"
-#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL     "X509 CRL"
-#define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
-#define PEM_STRING_PUBLIC       "PUBLIC KEY"
-#define PEM_STRING_RSA          "RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
-#define PEM_STRING_DSA          "DSA PRIVATE KEY"
-#define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
-#define PEM_STRING_PKCS7        "PKCS7"
-#define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
-#define PEM_STRING_PKCS8INF     "PRIVATE KEY"
-#define PEM_STRING_DHPARAMS     "DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
-
-  /* Note that this structure is initialised by PEM_SealInit and cleaned up
-     by PEM_SealFinal (at least for now) */
-typedef struct PEM_Encode_Seal_st
-        {
-        EVP_ENCODE_CTX encode;
-        EVP_MD_CTX md;
-        EVP_CIPHER_CTX cipher;
-        } PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR          40
-
-typedef struct pem_recip_st
-        {
-        char *name;
-        X509_NAME *dn;
-
-        int cipher;
-        int key_enc;
-        /*      char iv[8]; unused and wrong size */
-        } PEM_USER;
-
-typedef struct pem_ctx_st
-        {
-        int type;               /* what type of object */
-
-        struct  {
-                int version;    
-                int mode;               
-                } proc_type;
-
-        char *domain;
-
-        struct  {
-                int cipher;
-        /* unused, and wrong size
-           unsigned char iv[8]; */
-                } DEK_info;
-                
-        PEM_USER *originator;
-
-        int num_recipient;
-        PEM_USER **recipient;
-
-#ifndef OPENSSL_NO_STACK
-        STACK *x509_chain;      /* certificate chain */
-#else
-        char *x509_chain;       /* certificate chain */
-#endif
-        EVP_MD *md;             /* signature type */
-
-        int md_enc;             /* is the md encrypted or not? */
-        int md_len;             /* length of md_data */
-        char *md_data;          /* message digest, could be pkey encrypted */
-
-        EVP_CIPHER *dec;        /* date encryption cipher */
-        int key_len;            /* key length */
-        unsigned char *key;     /* key */
-        /* unused, and wrong size
-           unsigned char iv[8]; */
-
-        
-        int  data_enc;          /* is the data encrypted */
-        int data_len;
-        unsigned char *data;
-        } PEM_CTX;
-
-/* These macros make the PEM_read/PEM_write functions easier to maintain and
- * write. Now they are all implemented with either:
- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
- */
-
-#ifdef OPENSSL_NO_FP_API
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
-
-#else
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
-        cb,u)); \
-} \
-
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
-{ \
-return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
-                                                         NULL,NULL,0,NULL,NULL)); \
-} 
-
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, \
-                  void *u) \
-        { \
-        return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
-                (char *)x,enc,kstr,klen,cb,u)); \
-        }
-
-#endif
-
-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
-                                                        (char **)x,cb,u)); \
-}
-
-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
-return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
-                                                         NULL,NULL,0,NULL,NULL)); \
-}
-
-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-        { \
-        return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
-                (char *)x,enc,kstr,klen,cb,u)); \
-        }
-
-#define IMPLEMENT_PEM_write(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
-
-/* These are the same except they are for the declarations */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
-
-#define DECLARE_PEM_read_fp(name, type) /**/
-#define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_cb_fp(name, type) /**/
-
-#else
-
-#define DECLARE_PEM_read_fp(name, type) \
-        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_fp(name, type) \
-        int PEM_write_##name(FILE *fp, type *x);
-
-#define DECLARE_PEM_write_cb_fp(name, type) \
-        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#define DECLARE_PEM_read_bio(name, type) \
-        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_bio(name, type) \
-        int PEM_write_bio_##name(BIO *bp, type *x);
-
-#define DECLARE_PEM_write_cb_bio(name, type) \
-        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#else
-
-#define DECLARE_PEM_read_bio(name, type) /**/
-#define DECLARE_PEM_write_bio(name, type) /**/
-#define DECLARE_PEM_write_cb_bio(name, type) /**/
-
-#endif
-
-#define DECLARE_PEM_write(name, type) \
-        DECLARE_PEM_write_bio(name, type) \
-        DECLARE_PEM_write_fp(name, type) 
-
-#define DECLARE_PEM_write_cb(name, type) \
-        DECLARE_PEM_write_cb_bio(name, type) \
-        DECLARE_PEM_write_cb_fp(name, type) 
-
-#define DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_read_bio(name, type) \
-        DECLARE_PEM_read_fp(name, type)
-
-#define DECLARE_PEM_rw(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write(name, type)
-
-#define DECLARE_PEM_rw_cb(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write_cb(name, type)
-
-#ifdef SSLEAY_MACROS
-
-#define PEM_write_SSL_SESSION(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_RSAPublicKey(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PKCS7(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_DHparams(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
-#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
-#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
-#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
-#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
-#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
-#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
-#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
-#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
-
-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
-                                                        (char **)x,cb,u)
-
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_RSAPublicKey(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-                        PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PKCS7(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
-
-#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
-#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
-
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
-                                                        (char **)x,cb,u)
-
-#endif
-
-#if 1
-/* "userdata": new with OpenSSL 0.9.4 */
-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-#else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb(char *buf, int size, int rwflag);
-#endif
-
-int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-        pem_password_cb *callback,void *u);
-
-#ifndef OPENSSL_NO_BIO
-int     PEM_read_bio(BIO *bp, char **name, char **header,
-                unsigned char **data,long *len);
-int     PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
-                long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-             pem_password_cb *cb, void *u);
-char *  PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
-                pem_password_cb *cb, void *u);
-int     PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
-                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
-                           pem_password_cb *cb, void *u);
-STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
-#endif
-
-#ifndef OPENSSL_SYS_WIN16
-int     PEM_read(FILE *fp, char **name, char **header,
-                unsigned char **data,long *len);
-int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *  PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
-        pem_password_cb *cb, void *u);
-int     PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
-                       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
-                       pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
-        pem_password_cb *cb, void *u);
-#endif
-
-int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-                EVP_MD *md_type, unsigned char **ek, int *ekl,
-                unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void    PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-                unsigned char *in, int inl);
-int     PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-                unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int     PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-                unsigned int *siglen, EVP_PKEY *pkey);
-
-int     PEM_def_callback(char *buf, int num, int w, void *key);
-void    PEM_proc_type(char *buf, int type);
-void    PEM_dek_info(char *buf, const char *type, int len, char *str);
-
-#ifndef SSLEAY_MACROS
-
-#include <openssl/symhacks.h>
-
-DECLARE_PEM_rw(X509, X509)
-
-DECLARE_PEM_rw(X509_AUX, X509)
-
-DECLARE_PEM_rw(X509_REQ, X509_REQ)
-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
-
-DECLARE_PEM_rw(X509_CRL, X509_CRL)
-
-DECLARE_PEM_rw(PKCS7, PKCS7)
-
-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-DECLARE_PEM_rw(PKCS8, X509_SIG)
-
-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-#ifndef OPENSSL_NO_RSA
-
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-
-DECLARE_PEM_rw(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-
-DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-
-DECLARE_PEM_rw(DSAparams, DSA)
-
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-DECLARE_PEM_rw(DHparams, DH)
-
-#endif
-
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
-
-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
-                                  char *, int, pem_password_cb *, void *);
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
-                              char *kstr,int klen, pem_password_cb *cd, void *u);
-
-#endif /* SSLEAY_MACROS */
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
-#define PEM_F_DEF_CALLBACK                               100
-#define PEM_F_LOAD_IV                                    101
-#define PEM_F_PEM_ASN1_READ                              102
-#define PEM_F_PEM_ASN1_READ_BIO                          103
-#define PEM_F_PEM_ASN1_WRITE                             104
-#define PEM_F_PEM_ASN1_WRITE_BIO                         105
-#define PEM_F_PEM_DO_HEADER                              106
-#define PEM_F_PEM_F_DO_PK8KEY_FP                         122
-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-#define PEM_F_PEM_READ                                   108
-#define PEM_F_PEM_READ_BIO                               109
-#define PEM_F_PEM_SEALFINAL                              110
-#define PEM_F_PEM_SEALINIT                               111
-#define PEM_F_PEM_SIGNFINAL                              112
-#define PEM_F_PEM_WRITE                                  113
-#define PEM_F_PEM_WRITE_BIO                              114
-#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY              119
-#define PEM_F_PEM_X509_INFO_READ                         115
-#define PEM_F_PEM_X509_INFO_READ_BIO                     116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE                          100
-#define PEM_R_BAD_DECRYPT                                101
-#define PEM_R_BAD_END_LINE                               102
-#define PEM_R_BAD_IV_CHARS                               103
-#define PEM_R_BAD_PASSWORD_READ                          104
-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
-#define PEM_R_NOT_DEK_INFO                               105
-#define PEM_R_NOT_ENCRYPTED                              106
-#define PEM_R_NOT_PROC_TYPE                              107
-#define PEM_R_NO_START_LINE                              108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
-#define PEM_R_PUBLIC_KEY_NO_RSA                          110
-#define PEM_R_READ_KEY                                   111
-#define PEM_R_SHORT_HEADER                               112
-#define PEM_R_UNSUPPORTED_CIPHER                         113
-#define PEM_R_UNSUPPORTED_ENCRYPTION                     114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
deleted file mode 100644
index f31790d69c..0000000000
--- a/src/lib/libcrypto/pem/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This header only exists to break a circular dependency between pem and err
- * Ben 30 Jan 1999.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HEADER_PEM_H
-void ERR_load_PEM_strings(void);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
deleted file mode 100644
index 07963314c9..0000000000
--- a/src/lib/libcrypto/pem/pem_all.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/* crypto/pem/pem_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/fips.h>
-
-#ifndef OPENSSL_NO_RSA
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
-#endif
-
-IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
-
-IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
-
-IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
-
-IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
-
-IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
-                                        PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
-
-
-#ifndef OPENSSL_NO_RSA
-
-/* We treat RSA or DSA private keys as a special case.
- *
- * For private keys we read in an EVP_PKEY structure with
- * PEM_read_bio_PrivateKey() and extract the relevant private
- * key: this means can handle "traditional" and PKCS#8 formats
- * transparently.
- */
-
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
-{
-        RSA *rtmp;
-        if(!key) return NULL;
-        rtmp = EVP_PKEY_get1_RSA(key);
-        EVP_PKEY_free(key);
-        if(!rtmp) return NULL;
-        if(rsa) {
-                RSA_free(*rsa);
-                *rsa = rtmp;
-        }
-        return rtmp;
-}
-
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
-                                                                void *u)
-{
-        EVP_PKEY *pktmp;
-        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_rsa(pktmp, rsa);
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
-                                                                void *u)
-{
-        EVP_PKEY *pktmp;
-        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_rsa(pktmp, rsa);
-}
-
-#endif
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_RSA(k, x);
-
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-
-        EVP_PKEY_set1_RSA(k, x);
-
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
-{
-        DSA *dtmp;
-        if(!key) return NULL;
-        dtmp = EVP_PKEY_get1_DSA(key);
-        EVP_PKEY_free(key);
-        if(!dtmp) return NULL;
-        if(dsa) {
-                DSA_free(*dsa);
-                *dsa = dtmp;
-        }
-        return dtmp;
-}
-
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
-                                                                void *u)
-{
-        EVP_PKEY *pktmp;
-        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
-}
-
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
-
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
-                                                                void *u)
-{
-        EVP_PKEY *pktmp;
-        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
-}
-
-#endif
-
-IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
-
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
-
-#endif
-
-
-/* The PrivateKey case is not that straightforward.
- *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
- * does not work, RSA and DSA keys have specific strings.
- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
- * appropriate.)
- */
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                        bp,(char *)x,enc,kstr,klen,cb,u);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write((int (*)())i2d_PrivateKey,
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                        fp,(char *)x,enc,kstr,klen,cb,u);
-        }
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
-
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
deleted file mode 100644
index 8527028ebc..0000000000
--- a/src/lib/libcrypto/pem/pem_err.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* crypto/pem/pem_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[]=
-        {
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),       "d2i_PKCS8PrivateKey_bio"},
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),        "d2i_PKCS8PrivateKey_fp"},
-{ERR_FUNC(PEM_F_DEF_CALLBACK),  "DEF_CALLBACK"},
-{ERR_FUNC(PEM_F_LOAD_IV),       "LOAD_IV"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),     "PEM_ASN1_read_bio"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE),        "PEM_ASN1_write"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),    "PEM_ASN1_write_bio"},
-{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP),    "PEM_F_DO_PK8KEY_FP"},
-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),       "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),       "PEM_get_EVP_CIPHER_INFO"},
-{ERR_FUNC(PEM_F_PEM_READ),      "PEM_read"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO),  "PEM_read_bio"},
-{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
-{ERR_FUNC(PEM_F_PEM_SEALINIT),  "PEM_SealInit"},
-{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-{ERR_FUNC(PEM_F_PEM_WRITE),     "PEM_write"},
-{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ),    "PEM_X509_INFO_read"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),        "PEM_X509_INFO_read_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),       "PEM_X509_INFO_write_bio"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA PEM_str_reasons[]=
-        {
-{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     ,"bad base64 decode"},
-{ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},
-{ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},
-{ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},
-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
-{ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},
-{ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},
-{ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},
-{ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},
-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},
-{ERR_REASON(PEM_R_READ_KEY)              ,"read key"},
-{ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},
-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_PEM_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,PEM_str_functs);
-                ERR_load_strings(0,PEM_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
deleted file mode 100644
index 9e4af29c95..0000000000
--- a/src/lib/libcrypto/pem/pem_info.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/* crypto/pem/pem_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_FP_API
-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-        {
-        BIO *b;
-        STACK_OF(X509_INFO) *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-        {
-        X509_INFO *xi=NULL;
-        char *name=NULL,*header=NULL,**pp;
-        unsigned char *data=NULL,*p;
-        long len,error=0;
-        int ok=0;
-        STACK_OF(X509_INFO) *ret=NULL;
-        unsigned int i,raw;
-        char *(*d2i)();
-
-        if (sk == NULL)
-                {
-                if ((ret=sk_X509_INFO_new_null()) == NULL)
-                        {
-                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        else
-                ret=sk;
-
-        if ((xi=X509_INFO_new()) == NULL) goto err;
-        for (;;)
-                {
-                raw=0;
-                i=PEM_read_bio(bp,&name,&header,&data,&len);
-                if (i == 0)
-                        {
-                        error=ERR_GET_REASON(ERR_peek_last_error());
-                        if (error == PEM_R_NO_START_LINE)
-                                {
-                                ERR_clear_error();
-                                break;
-                                }
-                        goto err;
-                        }
-start:
-                if (    (strcmp(name,PEM_STRING_X509) == 0) ||
-                        (strcmp(name,PEM_STRING_X509_OLD) == 0))
-                        {
-                        d2i=(char *(*)())d2i_X509;
-                        if (xi->x509 != NULL)
-                                {
-                                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                if ((xi=X509_INFO_new()) == NULL) goto err;
-                                goto start;
-                                }
-                        pp=(char **)&(xi->x509);
-                        }
-                else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
-                        {
-                        d2i=(char *(*)())d2i_X509_AUX;
-                        if (xi->x509 != NULL)
-                                {
-                                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                if ((xi=X509_INFO_new()) == NULL) goto err;
-                                goto start;
-                                }
-                        pp=(char **)&(xi->x509);
-                        }
-                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
-                        {
-                        d2i=(char *(*)())d2i_X509_CRL;
-                        if (xi->crl != NULL)
-                                {
-                                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                if ((xi=X509_INFO_new()) == NULL) goto err;
-                                goto start;
-                                }
-                        pp=(char **)&(xi->crl);
-                        }
-                else
-#ifndef OPENSSL_NO_RSA
-                        if (strcmp(name,PEM_STRING_RSA) == 0)
-                        {
-                        d2i=(char *(*)())d2i_RSAPrivateKey;
-                        if (xi->x_pkey != NULL) 
-                                {
-                                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                if ((xi=X509_INFO_new()) == NULL) goto err;
-                                goto start;
-                                }
-
-                        xi->enc_data=NULL;
-                        xi->enc_len=0;
-
-                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
-                                goto err;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
-                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
-                        if ((int)strlen(header) > 10) /* assume encrypted */
-                                raw=1;
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                        if (strcmp(name,PEM_STRING_DSA) == 0)
-                        {
-                        d2i=(char *(*)())d2i_DSAPrivateKey;
-                        if (xi->x_pkey != NULL) 
-                                {
-                                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                if ((xi=X509_INFO_new()) == NULL) goto err;
-                                goto start;
-                                }
-
-                        xi->enc_data=NULL;
-                        xi->enc_len=0;
-
-                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
-                                goto err;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
-                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
-                        if ((int)strlen(header) > 10) /* assume encrypted */
-                                raw=1;
-                        }
-                else
-#endif
-                        {
-                        d2i=NULL;
-                        pp=NULL;
-                        }
-
-                if (d2i != NULL)
-                        {
-                        if (!raw)
-                                {
-                                EVP_CIPHER_INFO cipher;
-
-                                if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
-                                        goto err;
-                                if (!PEM_do_header(&cipher,data,&len,cb,u))
-                                        goto err;
-                                p=data;
-                                if (d2i(pp,&p,len) == NULL)
-                                        {
-                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
-                                        goto err;
-                                        }
-                                }
-                        else
-                                { /* encrypted RSA data */
-                                if (!PEM_get_EVP_CIPHER_INFO(header,
-                                        &xi->enc_cipher)) goto err;
-                                xi->enc_data=(char *)data;
-                                xi->enc_len=(int)len;
-                                data=NULL;
-                                }
-                        }
-                else    {
-                        /* unknown */
-                        }
-                if (name != NULL) OPENSSL_free(name);
-                if (header != NULL) OPENSSL_free(header);
-                if (data != NULL) OPENSSL_free(data);
-                name=NULL;
-                header=NULL;
-                data=NULL;
-                }
-
-        /* if the last one hasn't been pushed yet and there is anything
-         * in it then add it to the stack ... 
-         */
-        if ((xi->x509 != NULL) || (xi->crl != NULL) ||
-                (xi->x_pkey != NULL) || (xi->enc_data != NULL))
-                {
-                if (!sk_X509_INFO_push(ret,xi)) goto err;
-                xi=NULL;
-                }
-        ok=1;
-err:
-        if (xi != NULL) X509_INFO_free(xi);
-        if (!ok)
-                {
-                for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
-                        {
-                        xi=sk_X509_INFO_value(ret,i);
-                        X509_INFO_free(xi);
-                        }
-                if (ret != sk) sk_X509_INFO_free(ret);
-                ret=NULL;
-                }
-                
-        if (name != NULL) OPENSSL_free(name);
-        if (header != NULL) OPENSSL_free(header);
-        if (data != NULL) OPENSSL_free(data);
-        return(ret);
-        }
-
-
-/* A TJH addition */
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
-        {
-        EVP_CIPHER_CTX ctx;
-        int i,ret=0;
-        unsigned char *data=NULL;
-        const char *objstr=NULL;
-        char buf[PEM_BUFSIZE];
-        unsigned char *iv=NULL;
-        
-        if (enc != NULL)
-                {
-                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-                if (objstr == NULL)
-                        {
-                        PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-                        goto err;
-                        }
-                }
-
-        /* now for the fun part ... if we have a private key then 
-         * we have to be able to handle a not-yet-decrypted key
-         * being written out correctly ... if it is decrypted or
-         * it is non-encrypted then we use the base code
-         */
-        if (xi->x_pkey!=NULL)
-                {
-                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
-                        {
-                        /* copy from weirdo names into more normal things */
-                        iv=xi->enc_cipher.iv;
-                        data=(unsigned char *)xi->enc_data;
-                        i=xi->enc_len;
-
-                        /* we take the encryption data from the
-                         * internal stuff rather than what the
-                         * user has passed us ... as we have to 
-                         * match exactly for some strange reason
-                         */
-                        objstr=OBJ_nid2sn(
-                                EVP_CIPHER_nid(xi->enc_cipher.cipher));
-                        if (objstr == NULL)
-                                {
-                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-                                goto err;
-                                }
-
-                        /* create the right magic header stuff */
-                        OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-                        buf[0]='\0';
-                        PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-                        PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-
-                        /* use the normal code to write things out */
-                        i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
-                        if (i <= 0) goto err;
-                        }
-                else
-                        {
-                        /* Add DSA/DH */
-#ifndef OPENSSL_NO_RSA
-                        /* normal optionally encrypted stuff */
-                        if (PEM_write_bio_RSAPrivateKey(bp,
-                                xi->x_pkey->dec_pkey->pkey.rsa,
-                                enc,kstr,klen,cb,u)<=0)
-                                goto err;
-#endif
-                        }
-                }
-
-        /* if we have a certificate then write it out now */
-        if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
-                goto err;
-
-        /* we are ignoring anything else that is loaded into the X509_INFO
-         * structure for the moment ... as I don't need it so I'm not
-         * coding it here and Eric can do it when this makes it into the
-         * base library --tjh
-         */
-
-        ret=1;
-
-err:
-        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-        OPENSSL_cleanse(buf,PEM_BUFSIZE);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
deleted file mode 100644
index 82815067b3..0000000000
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ /dev/null
@@ -1,776 +0,0 @@
-/* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-
-const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
-
-#define MIN_LENGTH      4
-
-static int load_iv(char **fromp,unsigned char *to, int num);
-static int check_pem(const char *nm, const char *name);
-
-int PEM_def_callback(char *buf, int num, int w, void *key)
-        {
-#ifdef OPENSSL_NO_FP_API
-        /* We should not ever call the default callback routine from
-         * windows. */
-        PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return(-1);
-#else
-        int i,j;
-        const char *prompt;
-        if(key) {
-                i=strlen(key);
-                i=(i > num)?num:i;
-                memcpy(buf,key,i);
-                return(i);
-        }
-
-        prompt=EVP_get_pw_prompt();
-        if (prompt == NULL)
-                prompt="Enter PEM pass phrase:";
-
-        for (;;)
-                {
-                i=EVP_read_pw_string(buf,num,prompt,w);
-                if (i != 0)
-                        {
-                        PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
-                        memset(buf,0,(unsigned int)num);
-                        return(-1);
-                        }
-                j=strlen(buf);
-                if (j < MIN_LENGTH)
-                        {
-                        fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
-                        }
-                else
-                        break;
-                }
-        return(j);
-#endif
-        }
-
-void PEM_proc_type(char *buf, int type)
-        {
-        const char *str;
-
-        if (type == PEM_TYPE_ENCRYPTED)
-                str="ENCRYPTED";
-        else if (type == PEM_TYPE_MIC_CLEAR)
-                str="MIC-CLEAR";
-        else if (type == PEM_TYPE_MIC_ONLY)
-                str="MIC-ONLY";
-        else
-                str="BAD-TYPE";
-                
-        BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
-        BUF_strlcat(buf,str,PEM_BUFSIZE);
-        BUF_strlcat(buf,"\n",PEM_BUFSIZE);
-        }
-
-void PEM_dek_info(char *buf, const char *type, int len, char *str)
-        {
-        static const unsigned char map[17]="0123456789ABCDEF";
-        long i;
-        int j;
-
-        BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
-        BUF_strlcat(buf,type,PEM_BUFSIZE);
-        BUF_strlcat(buf,",",PEM_BUFSIZE);
-        j=strlen(buf);
-        if (j + (len * 2) + 1 > PEM_BUFSIZE)
-                return;
-        for (i=0; i<len; i++)
-                {
-                buf[j+i*2]  =map[(str[i]>>4)&0x0f];
-                buf[j+i*2+1]=map[(str[i]   )&0x0f];
-                }
-        buf[j+i*2]='\n';
-        buf[j+i*2+1]='\0';
-        }
-
-#ifndef OPENSSL_NO_FP_API
-char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
-             pem_password_cb *cb, void *u)
-        {
-        BIO *b;
-        char *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-static int check_pem(const char *nm, const char *name)
-{
-        /* Normal matching nm and name */
-        if (!strcmp(nm,name)) return 1;
-
-        /* Make PEM_STRING_EVP_PKEY match any private key */
-
-        if(!strcmp(nm,PEM_STRING_PKCS8) &&
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
-        if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
-        if(!strcmp(nm,PEM_STRING_RSA) &&
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
-        if(!strcmp(nm,PEM_STRING_DSA) &&
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
-        /* Permit older strings */
-
-        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-                !strcmp(name,PEM_STRING_X509)) return 1;
-
-        if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
-                !strcmp(name,PEM_STRING_X509_REQ)) return 1;
-
-        /* Allow normal certs to be read as trusted certs */
-        if(!strcmp(nm,PEM_STRING_X509) &&
-                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
-        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
-        /* Some CAs use PKCS#7 with CERTIFICATE headers */
-        if(!strcmp(nm, PEM_STRING_X509) &&
-                !strcmp(name, PEM_STRING_PKCS7)) return 1;
-
-        return 0;
-}
-
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-             pem_password_cb *cb, void *u)
-        {
-        EVP_CIPHER_INFO cipher;
-        char *nm=NULL,*header=NULL;
-        unsigned char *data=NULL;
-        long len;
-        int ret = 0;
-
-        for (;;)
-                {
-                if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
-                        if(ERR_GET_REASON(ERR_peek_error()) ==
-                                PEM_R_NO_START_LINE)
-                                ERR_add_error_data(2, "Expecting: ", name);
-                        return 0;
-                }
-                if(check_pem(nm, name)) break;
-                OPENSSL_free(nm);
-                OPENSSL_free(header);
-                OPENSSL_free(data);
-                }
-        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-
-        *pdata = data;
-        *plen = len;
-
-        if (pnm)
-                *pnm = nm;
-
-        ret = 1;
-
-err:
-        if (!ret || !pnm) OPENSSL_free(nm);
-        OPENSSL_free(header);
-        if (!ret) OPENSSL_free(data);
-        return ret;
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
-             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-             pem_password_cb *callback, void *u)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
-             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-             pem_password_cb *callback, void *u)
-        {
-        EVP_CIPHER_CTX ctx;
-        int dsize=0,i,j,ret=0;
-        unsigned char *p,*data=NULL;
-        const char *objstr=NULL;
-        char buf[PEM_BUFSIZE];
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        
-        if (enc != NULL)
-                {
-                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-                if (objstr == NULL)
-                        {
-                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-                        goto err;
-                        }
-                }
-
-        if ((dsize=i2d(x,NULL)) < 0)
-                {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
-                dsize=0;
-                goto err;
-                }
-        /* dzise + 8 bytes are needed */
-        /* actually it needs the cipher block size extra... */
-        data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
-        if (data == NULL)
-                {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=data;
-        i=i2d(x,&p);
-
-        if (enc != NULL)
-                {
-                if (kstr == NULL)
-                        {
-                        if (callback == NULL)
-                                klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
-                        else
-                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
-                        if (klen <= 0)
-                                {
-                                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
-                                goto err;
-                                }
-#ifdef CHARSET_EBCDIC
-                        /* Convert the pass phrase from EBCDIC */
-                        ebcdic2ascii(buf, buf, klen);
-#endif
-                        kstr=(unsigned char *)buf;
-                        }
-                RAND_add(data,i,0);/* put in the RSA key. */
-                OPENSSL_assert(enc->iv_len <= sizeof iv);
-                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
-                        goto err;
-                /* The 'iv' is used as the iv and as a salt.  It is
-                 * NOT taken from the BytesToKey function */
-                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
-
-                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
-
-                OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-
-                buf[0]='\0';
-                PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-                PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-                /* k=strlen(buf); */
-
-                EVP_CIPHER_CTX_init(&ctx);
-                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                i+=j;
-                ret=1;
-                }
-        else
-                {
-                ret=1;
-                buf[0]='\0';
-                }
-        i=PEM_write_bio(bp,name,buf,data,i);
-        if (i <= 0) ret=0;
-err:
-        OPENSSL_cleanse(key,sizeof(key));
-        OPENSSL_cleanse(iv,sizeof(iv));
-        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-        OPENSSL_cleanse(buf,PEM_BUFSIZE);
-        if (data != NULL)
-                {
-                OPENSSL_cleanse(data,(unsigned int)dsize);
-                OPENSSL_free(data);
-                }
-        return(ret);
-        }
-
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
-             pem_password_cb *callback,void *u)
-        {
-        int i,j,o,klen;
-        long len;
-        EVP_CIPHER_CTX ctx;
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        char buf[PEM_BUFSIZE];
-
-        len= *plen;
-
-        if (cipher->cipher == NULL) return(1);
-        if (callback == NULL)
-                klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
-        else
-                klen=callback(buf,PEM_BUFSIZE,0,u);
-        if (klen <= 0)
-                {
-                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
-                return(0);
-                }
-#ifdef CHARSET_EBCDIC
-        /* Convert the pass phrase from EBCDIC */
-        ebcdic2ascii(buf, buf, klen);
-#endif
-
-        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL);
-
-        j=(int)len;
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        OPENSSL_cleanse((char *)buf,sizeof(buf));
-        OPENSSL_cleanse((char *)key,sizeof(key));
-        j+=i;
-        if (!o)
-                {
-                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
-                return(0);
-                }
-        *plen=j;
-        return(1);
-        }
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
-        {
-        int o;
-        const EVP_CIPHER *enc=NULL;
-        char *p,c;
-        char **header_pp = &header;
-
-        cipher->cipher=NULL;
-        if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-                return(1);
-        if (strncmp(header,"Proc-Type: ",11) != 0)
-                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
-        header+=11;
-        if (*header != '4') return(0); header++;
-        if (*header != ',') return(0); header++;
-        if (strncmp(header,"ENCRYPTED",9) != 0)
-                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
-        for (; (*header != '\n') && (*header != '\0'); header++)
-                ;
-        if (*header == '\0')
-                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
-        header++;
-        if (strncmp(header,"DEK-Info: ",10) != 0)
-                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
-        header+=10;
-
-        p=header;
-        for (;;)
-                {
-                c= *header;
-#ifndef CHARSET_EBCDIC
-                if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-                        ((c >= '0') && (c <= '9'))))
-                        break;
-#else
-                if (!(  isupper(c) || (c == '-') ||
-                        isdigit(c)))
-                        break;
-#endif
-                header++;
-                }
-        *header='\0';
-        o=OBJ_sn2nid(p);
-        cipher->cipher=enc=EVP_get_cipherbyname(p);
-        *header=c;
-        header++;
-
-        if (enc == NULL)
-                {
-                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
-                return(0);
-                }
-        if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
-                return(0);
-
-        return(1);
-        }
-
-static int load_iv(char **fromp, unsigned char *to, int num)
-        {
-        int v,i;
-        char *from;
-
-        from= *fromp;
-        for (i=0; i<num; i++) to[i]=0;
-        num*=2;
-        for (i=0; i<num; i++)
-                {
-                if ((*from >= '0') && (*from <= '9'))
-                        v= *from-'0';
-                else if ((*from >= 'A') && (*from <= 'F'))
-                        v= *from-'A'+10;
-                else if ((*from >= 'a') && (*from <= 'f'))
-                        v= *from-'a'+10;
-                else
-                        {
-                        PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
-                        return(0);
-                        }
-                from++;
-                to[i/2]|=v<<(long)((!(i&1))*4);
-                }
-
-        *fromp=from;
-        return(1);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
-             long len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_write_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
-             long len)
-        {
-        int nlen,n,i,j,outl;
-        unsigned char *buf = NULL;
-        EVP_ENCODE_CTX ctx;
-        int reason=ERR_R_BUF_LIB;
-        
-        EVP_EncodeInit(&ctx);
-        nlen=strlen(name);
-
-        if (    (BIO_write(bp,"-----BEGIN ",11) != 11) ||
-                (BIO_write(bp,name,nlen) != nlen) ||
-                (BIO_write(bp,"-----\n",6) != 6))
-                goto err;
-                
-        i=strlen(header);
-        if (i > 0)
-                {
-                if (    (BIO_write(bp,header,i) != i) ||
-                        (BIO_write(bp,"\n",1) != 1))
-                        goto err;
-                }
-
-        buf = OPENSSL_malloc(PEM_BUFSIZE*8);
-        if (buf == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-
-        i=j=0;
-        while (len > 0)
-                {
-                n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
-                EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
-                if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
-                        goto err;
-                i+=outl;
-                len-=n;
-                j+=n;
-                }
-        EVP_EncodeFinal(&ctx,buf,&outl);
-        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-        OPENSSL_free(buf);
-        buf = NULL;
-        if (    (BIO_write(bp,"-----END ",9) != 9) ||
-                (BIO_write(bp,name,nlen) != nlen) ||
-                (BIO_write(bp,"-----\n",6) != 6))
-                goto err;
-        return(i+outl);
-err:
-        if (buf)
-                OPENSSL_free(buf);
-        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
-        return(0);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
-             long *len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-             long *len)
-        {
-        EVP_ENCODE_CTX ctx;
-        int end=0,i,k,bl=0,hl=0,nohead=0;
-        char buf[256];
-        BUF_MEM *nameB;
-        BUF_MEM *headerB;
-        BUF_MEM *dataB,*tmpB;
-        
-        nameB=BUF_MEM_new();
-        headerB=BUF_MEM_new();
-        dataB=BUF_MEM_new();
-        if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
-                {
-                BUF_MEM_free(nameB);
-                BUF_MEM_free(headerB);
-                BUF_MEM_free(dataB);
-                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-
-        buf[254]='\0';
-        for (;;)
-                {
-                i=BIO_gets(bp,buf,254);
-
-                if (i <= 0)
-                        {
-                        PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
-                        goto err;
-                        }
-
-                while ((i >= 0) && (buf[i] <= ' ')) i--;
-                buf[++i]='\n'; buf[++i]='\0';
-
-                if (strncmp(buf,"-----BEGIN ",11) == 0)
-                        {
-                        i=strlen(&(buf[11]));
-
-                        if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
-                                continue;
-                        if (!BUF_MEM_grow(nameB,i+9))
-                                {
-                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        memcpy(nameB->data,&(buf[11]),i-6);
-                        nameB->data[i-6]='\0';
-                        break;
-                        }
-                }
-        hl=0;
-        if (!BUF_MEM_grow(headerB,256))
-                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-        headerB->data[0]='\0';
-        for (;;)
-                {
-                i=BIO_gets(bp,buf,254);
-                if (i <= 0) break;
-
-                while ((i >= 0) && (buf[i] <= ' ')) i--;
-                buf[++i]='\n'; buf[++i]='\0';
-
-                if (buf[0] == '\n') break;
-                if (!BUF_MEM_grow(headerB,hl+i+9))
-                        { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-                if (strncmp(buf,"-----END ",9) == 0)
-                        {
-                        nohead=1;
-                        break;
-                        }
-                memcpy(&(headerB->data[hl]),buf,i);
-                headerB->data[hl+i]='\0';
-                hl+=i;
-                }
-
-        bl=0;
-        if (!BUF_MEM_grow(dataB,1024))
-                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-        dataB->data[0]='\0';
-        if (!nohead)
-                {
-                for (;;)
-                        {
-                        i=BIO_gets(bp,buf,254);
-                        if (i <= 0) break;
-
-                        while ((i >= 0) && (buf[i] <= ' ')) i--;
-                        buf[++i]='\n'; buf[++i]='\0';
-
-                        if (i != 65) end=1;
-                        if (strncmp(buf,"-----END ",9) == 0)
-                                break;
-                        if (i > 65) break;
-                        if (!BUF_MEM_grow_clean(dataB,i+bl+9))
-                                {
-                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        memcpy(&(dataB->data[bl]),buf,i);
-                        dataB->data[bl+i]='\0';
-                        bl+=i;
-                        if (end)
-                                {
-                                buf[0]='\0';
-                                i=BIO_gets(bp,buf,254);
-                                if (i <= 0) break;
-
-                                while ((i >= 0) && (buf[i] <= ' ')) i--;
-                                buf[++i]='\n'; buf[++i]='\0';
-
-                                break;
-                                }
-                        }
-                }
-        else
-                {
-                tmpB=headerB;
-                headerB=dataB;
-                dataB=tmpB;
-                bl=hl;
-                }
-        i=strlen(nameB->data);
-        if (    (strncmp(buf,"-----END ",9) != 0) ||
-                (strncmp(nameB->data,&(buf[9]),i) != 0) ||
-                (strncmp(&(buf[9+i]),"-----\n",6) != 0))
-                {
-                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
-                goto err;
-                }
-
-        EVP_DecodeInit(&ctx);
-        i=EVP_DecodeUpdate(&ctx,
-                (unsigned char *)dataB->data,&bl,
-                (unsigned char *)dataB->data,bl);
-        if (i < 0)
-                {
-                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-                goto err;
-                }
-        i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
-        if (i < 0)
-                {
-                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-                goto err;
-                }
-        bl+=k;
-
-        if (bl == 0) goto err;
-        *name=nameB->data;
-        *header=headerB->data;
-        *data=(unsigned char *)dataB->data;
-        *len=bl;
-        OPENSSL_free(nameB);
-        OPENSSL_free(headerB);
-        OPENSSL_free(dataB);
-        return(1);
-err:
-        BUF_MEM_free(nameB);
-        BUF_MEM_free(headerB);
-        BUF_MEM_free(dataB);
-        return(0);
-        }
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
deleted file mode 100644
index 8d9064ea7c..0000000000
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* crypto/pem/pem_oth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* Handle 'other' PEMs: not private keys */
-
-char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
-             pem_password_cb *cb, void *u)
-        {
-        unsigned char *p=NULL,*data=NULL;
-        long len;
-        char *ret=NULL;
-
-        if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
-                return NULL;
-        p = data;
-        ret=d2i(x,&p,len);
-        if (ret == NULL)
-                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
-        OPENSSL_free(data);
-        return(ret);
-        }
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
deleted file mode 100644
index db38a2a79d..0000000000
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
-                                int nid, const EVP_CIPHER *enc,
-                                char *kstr, int klen,
-                                pem_password_cb *cb, void *u);
-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
-                                int nid, const EVP_CIPHER *enc,
-                                char *kstr, int klen,
-                                pem_password_cb *cb, void *u);
-
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
- * is NULL then it uses the unencrypted private key form. The 'nid' versions
- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
- */
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        X509_SIG *p8;
-        PKCS8_PRIV_KEY_INFO *p8inf;
-        char buf[PEM_BUFSIZE];
-        int ret;
-        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-                return 0;
-        }
-        if(enc || (nid != -1)) {
-                if(!kstr) {
-                        if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
-                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
-                        if(klen <= 0) {
-                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-                                                                PEM_R_READ_KEY);
-                                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                                return 0;
-                        }
-                                
-                        kstr = buf;
-                }
-                p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-                if(kstr == buf) OPENSSL_cleanse(buf, klen);
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                if(isder) ret = i2d_PKCS8_bio(bp, p8);
-                else ret = PEM_write_bio_PKCS8(bp, p8);
-                X509_SIG_free(p8);
-                return ret;
-        } else {
-                if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-                else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                return ret;
-        }
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-        PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-        X509_SIG *p8 = NULL;
-        int klen;
-        EVP_PKEY *ret;
-        char psbuf[PEM_BUFSIZE];
-        p8 = d2i_PKCS8_bio(bp, NULL);
-        if(!p8) return NULL;
-        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-        else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-        if (klen <= 0) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
-                X509_SIG_free(p8);
-                return NULL;    
-        }
-        p8inf = PKCS8_decrypt(p8, psbuf, klen);
-        X509_SIG_free(p8);
-        if(!p8inf) return NULL;
-        ret = EVP_PKCS82PKEY(p8inf);
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
-        if(!ret) return NULL;
-        if(x) {
-                if(*x) EVP_PKEY_free(*x);
-                *x = ret;
-        }
-        return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                              char *kstr, int klen, pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        BIO *bp;
-        int ret;
-        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
-                return(0);
-        }
-        ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
-        BIO_free(bp);
-        return ret;
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-        BIO *bp;
-        EVP_PKEY *ret;
-        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
-                return NULL;
-        }
-        ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
-        BIO_free(bp);
-        return ret;
-}
-
-#endif
-
-IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
-IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
-                                                         PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
deleted file mode 100644
index 9ecdbd5419..0000000000
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-
-
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-        {
-        char *nm=NULL;
-        unsigned char *p=NULL,*data=NULL;
-        long len;
-        EVP_PKEY *ret=NULL;
-
-        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
-                return NULL;
-        p = data;
-
-        if (strcmp(nm,PEM_STRING_RSA) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_DSA) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-                PKCS8_PRIV_KEY_INFO *p8inf;
-                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
-                if(!p8inf) goto p8err;
-                ret = EVP_PKCS82PKEY(p8inf);
-                if(x) {
-                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-                        *x = ret;
-                }
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-        } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
-                PKCS8_PRIV_KEY_INFO *p8inf;
-                X509_SIG *p8;
-                int klen;
-                char psbuf[PEM_BUFSIZE];
-                p8 = d2i_X509_SIG(NULL, &p, len);
-                if(!p8) goto p8err;
-                if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-                else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-                if (klen <= 0) {
-                        PEMerr(PEM_F_PEM_ASN1_READ_BIO,
-                                        PEM_R_BAD_PASSWORD_READ);
-                        X509_SIG_free(p8);
-                        goto err;
-                }
-                p8inf = PKCS8_decrypt(p8, psbuf, klen);
-                X509_SIG_free(p8);
-                if(!p8inf) goto p8err;
-                ret = EVP_PKCS82PKEY(p8inf);
-                if(x) {
-                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-                        *x = ret;
-                }
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-        }
-p8err:
-        if (ret == NULL)
-                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
-err:
-        OPENSSL_free(nm);
-        OPENSSL_free(data);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-        {
-        BIO *b;
-        EVP_PKEY *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
deleted file mode 100644
index 56e08abd70..0000000000
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/* crypto/pem/pem_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
-             unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
-             int npubk)
-        {
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        int ret= -1;
-        int i,j,max=0;
-        char *s=NULL;
-
-        for (i=0; i<npubk; i++)
-                {
-                if (pubk[i]->type != EVP_PKEY_RSA)
-                        {
-                        PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
-                        goto err;
-                        }
-                j=RSA_size(pubk[i]->pkey.rsa);
-                if (j > max) max=j;
-                }
-        s=(char *)OPENSSL_malloc(max*2);
-        if (s == NULL)
-                {
-                PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        EVP_EncodeInit(&ctx->encode);
-
-        EVP_MD_CTX_init(&ctx->md);
-        EVP_SignInit(&ctx->md,md_type);
-
-        EVP_CIPHER_CTX_init(&ctx->cipher);
-        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
-        if (!ret) goto err;
-
-        /* base64 encode the keys */
-        for (i=0; i<npubk; i++)
-                {
-                j=EVP_EncodeBlock((unsigned char *)s,ek[i],
-                        RSA_size(pubk[i]->pkey.rsa));
-                ekl[i]=j;
-                memcpy(ek[i],s,j+1);
-                }
-
-        ret=npubk;
-err:
-        if (s != NULL) OPENSSL_free(s);
-        OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
-        return(ret);
-        }
-
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-             unsigned char *in, int inl)
-        {
-        unsigned char buffer[1600];
-        int i,j;
-
-        *outl=0;
-        EVP_SignUpdate(&ctx->md,in,inl);
-        for (;;)
-                {
-                if (inl <= 0) break;
-                if (inl > 1200)
-                        i=1200;
-                else
-                        i=inl;
-                EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
-                EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
-                *outl+=j;
-                out+=j;
-                in+=i;
-                inl-=i;
-                }
-        }
-
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-             unsigned char *out, int *outl, EVP_PKEY *priv)
-        {
-        unsigned char *s=NULL;
-        int ret=0,j;
-        unsigned int i;
-
-        if (priv->type != EVP_PKEY_RSA)
-                {
-                PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
-                goto err;
-                }
-        i=RSA_size(priv->pkey.rsa);
-        if (i < 100) i=100;
-        s=(unsigned char *)OPENSSL_malloc(i*2);
-        if (s == NULL)
-                {
-                PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
-        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
-        *outl=j;
-        out+=j;
-        EVP_EncodeFinal(&ctx->encode,out,&j);
-        *outl+=j;
-
-        if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
-        *sigl=EVP_EncodeBlock(sig,s,i);
-
-        ret=1;
-err:
-        EVP_MD_CTX_cleanup(&ctx->md);
-        EVP_CIPHER_CTX_cleanup(&ctx->cipher);
-        if (s != NULL) OPENSSL_free(s);
-        return(ret);
-        }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
deleted file mode 100644
index c3b9808cb2..0000000000
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/pem/pem_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-        {
-        EVP_DigestInit_ex(ctx, type, NULL);
-        }
-
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-             unsigned int count)
-        {
-        EVP_DigestUpdate(ctx,data,count);
-        }
-
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-             EVP_PKEY *pkey)
-        {
-        unsigned char *m;
-        int i,ret=0;
-        unsigned int m_len;
-
-        m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
-        if (m == NULL)
-                {
-                PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
-
-        i=EVP_EncodeBlock(sigret,m,m_len);
-        *siglen=i;
-        ret=1;
-err:
-        /* ctx has been zeroed by EVP_SignFinal() */
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
deleted file mode 100644
index 19f88d8d3a..0000000000
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* pem_x509.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
-
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
deleted file mode 100644
index 2f579b5421..0000000000
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* pem_xaux.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/src/lib/libcrypto/pem/pkcs7.lis b/src/lib/libcrypto/pem/pkcs7.lis
deleted file mode 100644
index be90c5d87f..0000000000
--- a/src/lib/libcrypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
-21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
- 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
- 21    13:d=0 hl=2 l=  0 cons: cont: 00                 # explicit tag
-  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
-   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version 
-   20    20:d=0 hl=2 l=  0 cons: univ: SET               
-   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
-    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
-    00    35:d=0 hl=2 l=  0 prim: univ: EOC               
-   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag
-    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE          
-    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE          
-    00  1116:d=0 hl=2 l=  0 prim: univ: EOC               
-   21  1118:d=0 hl=2 l=  0 cons: cont: 01               # crl tag
-    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE          
-    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE          
-    00  2066:d=0 hl=2 l=  0 prim: univ: EOC               
-   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers 
-    00  2070:d=0 hl=2 l=  0 prim: univ: EOC               
-  00  2072:d=0 hl=2 l=  0 prim: univ: EOC               
- 00  2074:d=0 hl=2 l=  0 prim: univ: EOC               
-00  2076:d=0 hl=2 l=  0 prim: univ: EOC               
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
deleted file mode 100644
index 22149c680e..0000000000
--- a/src/lib/libcrypto/perlasm/cbc.pl
+++ /dev/null
@@ -1,349 +0,0 @@
-#!/usr/local/bin/perl
-
-# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-# des_cblock (*input);
-# des_cblock (*output);
-# long length;
-# des_key_schedule schedule;
-# des_cblock (*ivec);
-# int enc;
-#
-# calls 
-# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-#
-
-#&cbc("des_ncbc_encrypt","des_encrypt",0);
-#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
-#       1,4,5,3,5,-1);
-#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
-#       0,4,5,3,5,-1);
-#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
-#       0,6,7,3,4,5);
-#
-# When doing a cipher that needs bigendian order,
-# for encrypt, the iv is kept in bigendian form,
-# while for decrypt, it is kept in little endian.
-sub cbc
-        {
-        local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
-        # name is the function name
-        # enc_func and dec_func and the functions to call for encrypt/decrypt
-        # swap is true if byte order needs to be reversed
-        # iv_off is parameter number for the iv 
-        # enc_off is parameter number for the encrypt/decrypt flag
-        # p1,p2,p3 are the offsets for parameters to be passed to the
-        # underlying calls.
-
-        &function_begin_B($name,"");
-        &comment("");
-
-        $in="esi";
-        $out="edi";
-        $count="ebp";
-
-        &push("ebp");
-        &push("ebx");
-        &push("esi");
-        &push("edi");
-
-        $data_off=4;
-        $data_off+=4 if ($p1 > 0);
-        $data_off+=4 if ($p2 > 0);
-        $data_off+=4 if ($p3 > 0);
-
-        &mov($count,    &wparam(2));    # length
-
-        &comment("getting iv ptr from parameter $iv_off");
-        &mov("ebx",     &wparam($iv_off));      # Get iv ptr
-
-        &mov($in,       &DWP(0,"ebx","",0));#   iv[0]
-        &mov($out,      &DWP(4,"ebx","",0));#   iv[1]
-
-        &push($out);
-        &push($in);
-        &push($out);    # used in decrypt for iv[1]
-        &push($in);     # used in decrypt for iv[0]
-
-        &mov("ebx",     "esp");         # This is the address of tin[2]
-
-        &mov($in,       &wparam(0));    # in
-        &mov($out,      &wparam(1));    # out
-
-        # We have loaded them all, how lets push things
-        &comment("getting encrypt flag from parameter $enc_off");
-        &mov("ecx",     &wparam($enc_off));     # Get enc flag
-        if ($p3 > 0)
-                {
-                &comment("get and push parameter $p3");
-                if ($enc_off != $p3)
-                        { &mov("eax",   &wparam($p3)); &push("eax"); }
-                else    { &push("ecx"); }
-                }
-        if ($p2 > 0)
-                {
-                &comment("get and push parameter $p2");
-                if ($enc_off != $p2)
-                        { &mov("eax",   &wparam($p2)); &push("eax"); }
-                else    { &push("ecx"); }
-                }
-        if ($p1 > 0)
-                {
-                &comment("get and push parameter $p1");
-                if ($enc_off != $p1)
-                        { &mov("eax",   &wparam($p1)); &push("eax"); }
-                else    { &push("ecx"); }
-                }
-        &push("ebx");           # push data/iv
-
-        &cmp("ecx",0);
-        &jz(&label("decrypt"));
-
-        &and($count,0xfffffff8);
-        &mov("eax",     &DWP($data_off,"esp","",0));    # load iv[0]
-        &mov("ebx",     &DWP($data_off+4,"esp","",0));  # load iv[1]
-
-        &jz(&label("encrypt_finish"));
-
-        #############################################################
-
-        &set_label("encrypt_loop");
-        # encrypt start 
-        # "eax" and "ebx" hold iv (or the last cipher text)
-
-        &mov("ecx",     &DWP(0,$in,"",0));      # load first 4 bytes
-        &mov("edx",     &DWP(4,$in,"",0));      # second 4 bytes
-
-        &xor("eax",     "ecx");
-        &xor("ebx",     "edx");
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
-        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
-
-        &call($enc_func);
-
-        &mov("eax",     &DWP($data_off,"esp","",0));
-        &mov("ebx",     &DWP($data_off+4,"esp","",0));
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP(0,$out,"",0),"eax");
-        &mov(&DWP(4,$out,"",0),"ebx");
-
-        # eax and ebx are the next iv.
-
-        &add($in,       8);
-        &add($out,      8);
-
-        &sub($count,    8);
-        &jnz(&label("encrypt_loop"));
-
-###################################################################3
-        &set_label("encrypt_finish");
-        &mov($count,    &wparam(2));    # length
-        &and($count,    7);
-        &jz(&label("finish"));
-        &call(&label("PIC_point"));
-&set_label("PIC_point");
-        &blindpop("edx");
-        &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-        &mov($count,&DWP(0,"ecx",$count,4))
-        &add($count,"edx");
-        &xor("ecx","ecx");
-        &xor("edx","edx");
-        #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
-        &jmp_ptr($count);
-
-&set_label("ej7");
-        &xor("edx",             "edx") if $ppro; # ppro friendly
-        &movb(&HB("edx"),       &BP(6,$in,"",0));
-        &shl("edx",8);
-&set_label("ej6");
-        &movb(&HB("edx"),       &BP(5,$in,"",0));
-&set_label("ej5");
-        &movb(&LB("edx"),       &BP(4,$in,"",0));
-&set_label("ej4");
-        &mov("ecx",             &DWP(0,$in,"",0));
-        &jmp(&label("ejend"));
-&set_label("ej3");
-        &movb(&HB("ecx"),       &BP(2,$in,"",0));
-        &xor("ecx",             "ecx") if $ppro; # ppro friendly
-        &shl("ecx",8);
-&set_label("ej2");
-        &movb(&HB("ecx"),       &BP(1,$in,"",0));
-&set_label("ej1");
-        &movb(&LB("ecx"),       &BP(0,$in,"",0));
-&set_label("ejend");
-
-        &xor("eax",     "ecx");
-        &xor("ebx",     "edx");
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
-        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
-
-        &call($enc_func);
-
-        &mov("eax",     &DWP($data_off,"esp","",0));
-        &mov("ebx",     &DWP($data_off+4,"esp","",0));
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP(0,$out,"",0),"eax");
-        &mov(&DWP(4,$out,"",0),"ebx");
-
-        &jmp(&label("finish"));
-
-        #############################################################
-        #############################################################
-        &set_label("decrypt",1);
-        # decrypt start 
-        &and($count,0xfffffff8);
-        # The next 2 instructions are only for if the jz is taken
-        &mov("eax",     &DWP($data_off+8,"esp","",0));  # get iv[0]
-        &mov("ebx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
-        &jz(&label("decrypt_finish"));
-
-        &set_label("decrypt_loop");
-        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
-        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
-        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
-
-        &call($dec_func);
-
-        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
-        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
-        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
-
-        &xor("ecx",     "eax");
-        &xor("edx",     "ebx");
-
-        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
-        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
-
-        &mov(&DWP(0,$out,"",0),"ecx");
-        &mov(&DWP(4,$out,"",0),"edx");
-
-        &mov(&DWP($data_off+8,"esp","",0),      "eax"); # save iv
-        &mov(&DWP($data_off+12,"esp","",0),     "ebx"); #
-
-        &add($in,       8);
-        &add($out,      8);
-
-        &sub($count,    8);
-        &jnz(&label("decrypt_loop"));
-############################ ENDIT #######################3
-        &set_label("decrypt_finish");
-        &mov($count,    &wparam(2));    # length
-        &and($count,    7);
-        &jz(&label("finish"));
-
-        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
-        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
-        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
-
-        &call($dec_func);
-
-        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
-        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
-
-        &bswap("eax")   if $swap;
-        &bswap("ebx")   if $swap;
-
-        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
-        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
-
-        &xor("ecx",     "eax");
-        &xor("edx",     "ebx");
-
-        # this is for when we exit
-        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
-        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
-
-&set_label("dj7");
-        &rotr("edx",    16);
-        &movb(&BP(6,$out,"",0), &LB("edx"));
-        &shr("edx",16);
-&set_label("dj6");
-        &movb(&BP(5,$out,"",0), &HB("edx"));
-&set_label("dj5");
-        &movb(&BP(4,$out,"",0), &LB("edx"));
-&set_label("dj4");
-        &mov(&DWP(0,$out,"",0), "ecx");
-        &jmp(&label("djend"));
-&set_label("dj3");
-        &rotr("ecx",    16);
-        &movb(&BP(2,$out,"",0), &LB("ecx"));
-        &shl("ecx",16);
-&set_label("dj2");
-        &movb(&BP(1,$in,"",0),  &HB("ecx"));
-&set_label("dj1");
-        &movb(&BP(0,$in,"",0),  &LB("ecx"));
-&set_label("djend");
-
-        # final iv is still in eax:ebx
-        &jmp(&label("finish"));
-
-
-############################ FINISH #######################3
-        &set_label("finish",1);
-        &mov("ecx",     &wparam($iv_off));      # Get iv ptr
-
-        #################################################
-        $total=16+4;
-        $total+=4 if ($p1 > 0);
-        $total+=4 if ($p2 > 0);
-        $total+=4 if ($p3 > 0);
-        &add("esp",$total);
-
-        &mov(&DWP(0,"ecx","",0),        "eax"); # save iv
-        &mov(&DWP(4,"ecx","",0),        "ebx"); # save iv
-
-        &function_end_A($name);
-
-        &set_label("cbc_enc_jmp_table",1);
-        &data_word("0");
-        &data_word(&label("ej1")."-".&label("PIC_point"));
-        &data_word(&label("ej2")."-".&label("PIC_point"));
-        &data_word(&label("ej3")."-".&label("PIC_point"));
-        &data_word(&label("ej4")."-".&label("PIC_point"));
-        &data_word(&label("ej5")."-".&label("PIC_point"));
-        &data_word(&label("ej6")."-".&label("PIC_point"));
-        &data_word(&label("ej7")."-".&label("PIC_point"));
-        # not used
-        #&set_label("cbc_dec_jmp_table",1);
-        #&data_word("0");
-        #&data_word(&label("dj1")."-".&label("PIC_point"));
-        #&data_word(&label("dj2")."-".&label("PIC_point"));
-        #&data_word(&label("dj3")."-".&label("PIC_point"));
-        #&data_word(&label("dj4")."-".&label("PIC_point"));
-        #&data_word(&label("dj5")."-".&label("PIC_point"));
-        #&data_word(&label("dj6")."-".&label("PIC_point"));
-        #&data_word(&label("dj7")."-".&label("PIC_point"));
-
-        &function_end_B($name);
-        
-        }
-
-1;
diff --git a/src/lib/libcrypto/perlasm/readme b/src/lib/libcrypto/perlasm/readme
deleted file mode 100644
index f02bbee75a..0000000000
--- a/src/lib/libcrypto/perlasm/readme
+++ /dev/null
@@ -1,124 +0,0 @@
-The perl scripts in this directory are my 'hack' to generate
-multiple different assembler formats via the one origional script.
-
-The way to use this library is to start with adding the path to this directory
-and then include it.
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-The first thing we do is setup the file and type of assember
-
-&asm_init($ARGV[0],$0);
-
-The first argument is the 'type'.  Currently
-'cpp', 'sol', 'a.out', 'elf' or 'win32'.
-Argument 2 is the file name.
-
-The reciprocal function is
-&asm_finish() which should be called at the end.
-
-There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
-and x86unix.pl which is the unix (gas) version.
-
-Functions of interest are:
-&external_label("des_SPtrans"); declare and external variable
-&LB(reg);                       Low byte for a register
-&HB(reg);                       High byte for a register
-&BP(off,base,index,scale)       Byte pointer addressing
-&DWP(off,base,index,scale)      Word pointer addressing
-&stack_push(num)                Basically a 'sub esp, num*4' with extra
-&stack_pop(num)                 inverse of stack_push
-&function_begin(name,extra)     Start a function with pushing of
-                                edi, esi, ebx and ebp.  extra is extra win32
-                                external info that may be required.
-&function_begin_B(name,extra)   Same as norma function_begin but no pushing.
-&function_end(name)             Call at end of function.
-&function_end_A(name)           Standard pop and ret, for use inside functions
-&function_end_B(name)           Call at end but with poping or 'ret'.
-&swtmp(num)                     Address on stack temp word.
-&wparam(num)                    Parameter number num, that was push
-                                in C convention.  This all works over pushes
-                                and pops.
-&comment("hello there")         Put in a comment.
-&label("loop")                  Refer to a label, normally a jmp target.
-&set_label("loop")              Set a label at this point.
-&data_word(word)                Put in a word of data.
-
-So how does this all hold together?  Given
-
-int calc(int len, int *data)
-        {
-        int i,j=0;
-
-        for (i=0; i<len; i++)
-                {
-                j+=other(data[i]);
-                }
-        }
-
-So a very simple version of this function could be coded as
-
-        push(@INC,"perlasm","../../perlasm");
-        require "x86asm.pl";
-        
-        &asm_init($ARGV[0],"cacl.pl");
-
-        &external_label("other");
-
-        $tmp1=  "eax";
-        $j=     "edi";
-        $data=  "esi";
-        $i=     "ebp";
-
-        &comment("a simple function");
-        &function_begin("calc");
-        &mov(   $data,          &wparam(1)); # data
-        &xor(   $j,             $j);
-        &xor(   $i,             $i);
-
-        &set_label("loop");
-        &cmp(   $i,             &wparam(0));
-        &jge(   &label("end"));
-
-        &mov(   $tmp1,          &DWP(0,$data,$i,4));
-        &push(  $tmp1);
-        &call(  "other");
-        &add(   $j,             "eax");
-        &pop(   $tmp1);
-        &inc(   $i);
-        &jmp(   &label("loop"));
-
-        &set_label("end");
-        &mov(   "eax",          $j);
-
-        &function_end("calc");
-
-        &asm_finish();
-
-The above example is very very unoptimised but gives an idea of how
-things work.
-
-There is also a cbc mode function generator in cbc.pl
-
-&cbc(   $name,
-        $encrypt_function_name,
-        $decrypt_function_name,
-        $true_if_byte_swap_needed,
-        $parameter_number_for_iv,
-        $parameter_number_for_encrypt_flag,
-        $first_parameter_to_pass,
-        $second_parameter_to_pass,
-        $third_parameter_to_pass);
-
-So for example, given
-void BF_encrypt(BF_LONG *data,BF_KEY *key);
-void BF_decrypt(BF_LONG *data,BF_KEY *key);
-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-        BF_KEY *ks, unsigned char *iv, int enc);
-
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
-
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
-
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
deleted file mode 100644
index c3de90c65d..0000000000
--- a/src/lib/libcrypto/perlasm/x86asm.pl
+++ /dev/null
@@ -1,135 +0,0 @@
-#!/usr/local/bin/perl
-
-# require 'x86asm.pl';
-# &asm_init("cpp","des-586.pl");
-# XXX
-# XXX
-# main'asm_finish
-
-sub main'asm_finish
-        {
-        &file_end();
-        &asm_finish_cpp() if $cpp;
-        print &asm_get_output();
-        }
-
-sub main'asm_init
-        {
-        ($type,$fn,$i386)=@_;
-        $filename=$fn;
-
-        $elf=$cpp=$sol=$aout=$win32=$gaswin=$openbsd=0;
-        if (    ($type eq "elf"))
-                { $elf=1; require "x86unix.pl"; }
-        elsif ( ($type eq "openbsd-elf"))
-                { $openbsd=$elf=1; require "x86unix.pl"; }
-        elsif ( ($type eq "openbsd-a.out"))
-                { $openbsd=1; require "x86unix.pl"; }
-        elsif ( ($type eq "a.out"))
-                { $aout=1; require "x86unix.pl"; }
-        elsif ( ($type eq "gaswin"))
-                { $gaswin=1; $aout=1; require "x86unix.pl"; }
-        elsif ( ($type eq "sol"))
-                { $sol=1; require "x86unix.pl"; }
-        elsif ( ($type eq "cpp"))
-                { $cpp=1; require "x86unix.pl"; }
-        elsif ( ($type eq "win32"))
-                { $win32=1; require "x86ms.pl"; }
-        elsif ( ($type eq "win32n"))
-                { $win32=1; require "x86nasm.pl"; }
-        else
-                {
-                print STDERR <<"EOF";
-Pick one target type from
-        elf     - linux, FreeBSD etc
-        a.out   - old linux
-        sol     - x86 solaris
-        cpp     - format so x86unix.cpp can be used
-        win32   - Windows 95/Windows NT
-        win32n  - Windows 95/Windows NT NASM format
-        openbsd-elf     - OpenBSD elf
-        openbsd-a.out   - OpenBSD a.out
-EOF
-                exit(1);
-                }
-
-        $pic=0;
-        for (@ARGV) {   $pic=1 if (/\-[fK]PIC/i);       }
-
-        &asm_init_output();
-
-&comment("Don't even think of reading this code");
-&comment("It was automatically generated by $filename");
-&comment("Which is a perl program used to generate the x86 assember for");
-&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris");
-&comment("eric <eay\@cryptsoft.com>");
-&comment("");
-
-        $filename =~ s/\.pl$//;
-        &file($filename);
-        }
-
-sub asm_finish_cpp
-        {
-        return unless $cpp;
-
-        local($tmp,$i);
-        foreach $i (&get_labels())
-                {
-                $tmp.="#define $i _$i\n";
-                }
-        print <<"EOF";
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || (defined(BSDI) && !defined(ELF))
-$tmp
-#endif
-
-#ifdef OUT
-#define OK      1
-#define ALIGN   4
-#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)       .def a; .scl 2; .type 32; .endef
-#endif /* __CYGWIN || __DJGPP */
-#endif
-
-#if defined(BSDI) && !defined(ELF)
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-EOF
-        }
-
-sub main'align() {} # swallow align statements in 0.9.7 context
-
-1;
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
deleted file mode 100644
index 27015dd8c3..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* p12_add.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Pack an object into an OCTET STRING and turn into a safebag */
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-             int nid2)
-{
-        PKCS12_BAGS *bag;
-        PKCS12_SAFEBAG *safebag;
-        if (!(bag = PKCS12_BAGS_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        bag->type = OBJ_nid2obj(nid1);
-        if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        if (!(safebag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        safebag->value.bag = bag;
-        safebag->type = OBJ_nid2obj(nid2);
-        return safebag;
-}
-
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
-        PKCS12_SAFEBAG *bag;
-        if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        bag->type = OBJ_nid2obj(NID_keyBag);
-        bag->value.keybag = p8;
-        return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-             int passlen, unsigned char *salt, int saltlen, int iter,
-             PKCS8_PRIV_KEY_INFO *p8)
-{
-        PKCS12_SAFEBAG *bag;
-
-        /* Set up the safe bag */
-        if (!(bag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-        if (!(bag->value.shkeybag = 
-          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
-                                                                         p8))) {
-                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        return bag;
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
-{
-        PKCS7 *p7;
-        if (!(p7 = PKCS7_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        p7->type = OBJ_nid2obj(NID_pkcs7_data);
-        if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        
-        if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
-                return NULL;
-        }
-        return p7;
-}
-
-/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
-{
-        if(!PKCS7_type_is_data(p7))
-                {
-                PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-                return NULL;
-                }
-        return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-                              unsigned char *salt, int saltlen, int iter,
-                              STACK_OF(PKCS12_SAFEBAG) *bags)
-{
-        PKCS7 *p7;
-        X509_ALGOR *pbe;
-        if (!(p7 = PKCS7_new())) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
-                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
-                return NULL;
-        }
-        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
-        p7->d.encrypted->enc_data->algorithm = pbe;
-        M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
-        if (!(p7->d.encrypted->enc_data->enc_data =
-        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
-                                 bags, 1))) {
-                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
-                return NULL;
-        }
-
-        return p7;
-}
-
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
-{
-        if(!PKCS7_type_is_encrypted(p7)) return NULL;
-        return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
-                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
-                                   pass, passlen,
-                                   p7->d.encrypted->enc_data->enc_data, 1);
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-                                                                int passlen)
-{
-        return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
-}
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
-{
-        if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
-                &p12->authsafes->d.data)) 
-                        return 1;
-        return 0;
-}
-
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
-{
-        if (!PKCS7_type_is_data(p12->authsafes))
-                {
-                PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-                return NULL;
-                }
-        return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
deleted file mode 100644
index a3739fee1a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* p12_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 ASN1 module */
-
-ASN1_SEQUENCE(PKCS12) = {
-        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
-        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
-} ASN1_SEQUENCE_END(PKCS12)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
-
-ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
-        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
-        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
-        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-
-ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_BAGS) = {
-        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
-} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_BAGS) = {
-        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(PKCS12_BAGS),
-} ASN1_SEQUENCE_END(PKCS12_BAGS)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_SAFEBAG) = {
-        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
-        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
-        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
-        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
-} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
-        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
-        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
-} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-
-/* SEQUENCE OF SafeBag */
-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
-ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
-
-/* Authsafes: SEQUENCE OF PKCS7 */
-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
-ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
-
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
deleted file mode 100644
index 026cf3826a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* p12_attr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Add a local keyid to a safebag */
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
-             int namelen)
-{
-        if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
-                                V_ASN1_OCTET_STRING, name, namelen))
-                return 1;
-        else 
-                return 0;
-}
-
-/* Add key usage to PKCS#8 structure */
-
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-{
-        unsigned char us_val;
-        us_val = (unsigned char) usage;
-        if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
-                                V_ASN1_BIT_STRING, &us_val, 1))
-                return 1;
-        else
-                return 0;
-}
-
-/* Add a friendlyname to a safebag */
-
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                 int namelen)
-{
-        if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-                                MBSTRING_ASC, (unsigned char *)name, namelen))
-                return 1;
-        else
-                return 0;
-}
-
-
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-                                 const unsigned char *name, int namelen)
-{
-        if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-                                MBSTRING_BMP, name, namelen))
-                return 1;
-        else
-                return 0;
-}
-
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                 int namelen)
-{
-        if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
-                                MBSTRING_ASC, (unsigned char *)name, namelen))
-                return 1;
-        else
-                return 0;
-}
-
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
-{
-        X509_ATTRIBUTE *attrib;
-        int i;
-        if (!attrs) return NULL;
-        for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
-                attrib = sk_X509_ATTRIBUTE_value (attrs, i);
-                if (OBJ_obj2nid (attrib->object) == attr_nid) {
-                        if (sk_ASN1_TYPE_num (attrib->value.set))
-                            return sk_ASN1_TYPE_value(attrib->value.set, 0);
-                        else return NULL;
-                }
-        }
-        return NULL;
-}
-
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
-{
-        ASN1_TYPE *atype;
-        if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
-        if (atype->type != V_ASN1_BMPSTRING) return NULL;
-        return uni2asc(atype->value.bmpstring->data,
-                                 atype->value.bmpstring->length);
-}
-
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index 003ec7a33e..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* p12_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 specific PBE functions */
-
-void PKCS12_PBE_add(void)
-{
-#ifndef OPENSSL_NO_RC4
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_DES
-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-                        EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
-                        EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_RC2
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-}
-
-int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
-{
-        PBEPARAM *pbe;
-        int saltlen, iter, ret;
-        unsigned char *salt, *pbuf;
-        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-
-        /* Extract useful info from parameter */
-        pbuf = param->value.sequence->data;
-        if (!param || (param->type != V_ASN1_SEQUENCE) ||
-           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
-                EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                return 0;
-        }
-
-        if (!pbe->iter) iter = 1;
-        else iter = ASN1_INTEGER_get (pbe->iter);
-        salt = pbe->salt->data;
-        saltlen = pbe->salt->length;
-        if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-                             iter, EVP_CIPHER_key_length(cipher), key, md)) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
-                                iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        PBEPARAM_free(pbe);
-        ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-        return ret;
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
deleted file mode 100644
index 40340a7bef..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/* p12_crt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
-             int keytype)
-{
-        PKCS12 *p12;
-        STACK_OF(PKCS12_SAFEBAG) *bags;
-        STACK_OF(PKCS7) *safes;
-        PKCS12_SAFEBAG *bag;
-        PKCS8_PRIV_KEY_INFO *p8;
-        PKCS7 *authsafe;
-        X509 *tcert;
-        int i;
-        unsigned char keyid[EVP_MAX_MD_SIZE];
-        unsigned int keyidlen;
-
-        /* Set defaults */
-        if(!nid_cert)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
-                        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-                }
-        if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-        if(!iter) iter = PKCS12_DEFAULT_ITER;
-        if(!mac_iter) mac_iter = 1;
-
-        if(!pkey || !cert) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
-                return NULL;
-        }
-
-        if(!X509_check_private_key(cert, pkey)) return NULL;
-
-        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        /* Add user certificate */
-        if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
-        if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
-        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-        if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
-
-        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        
-        /* Add all other certificates */
-        if(ca) {
-                for(i = 0; i < sk_X509_num(ca); i++) {
-                        tcert = sk_X509_value(ca, i);
-                        if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
-                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
-                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                                return NULL;
-                        }
-                }
-        }
-
-        /* Turn certbags into encrypted authsafe */
-        authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
-                                          iter, bags);
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-
-        if (!authsafe) return NULL;
-
-        if(!(safes = sk_PKCS7_new_null ())
-           || !sk_PKCS7_push(safes, authsafe)) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        /* Make a shrouded key bag */
-        if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
-        if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
-        bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
-        if(!bag) return NULL;
-        PKCS8_PRIV_KEY_INFO_free(p8);
-        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
-        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
-           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        /* Turn it into unencrypted safe bag */
-        if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        if(!sk_PKCS7_push(safes, authsafe)) {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
-
-        if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
-
-        sk_PKCS7_pop_free(safes, PKCS7_free);
-
-        if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
-            return NULL;
-
-        return p12;
-
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
deleted file mode 100644
index b5684a83ba..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/* p12_decr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Define this to dump decrypted output to files called DERnnn */
-/*#define DEBUG_DECRYPT*/
-
-
-/* Encrypt/Decrypt a buffer based on password and algor, result in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-             int passlen, unsigned char *in, int inlen, unsigned char **data,
-             int *datalen, int en_de)
-{
-        unsigned char *out;
-        int outlen, i;
-        EVP_CIPHER_CTX ctx;
-
-        EVP_CIPHER_CTX_init(&ctx);
-        /* Decrypt data */
-        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
-                                         algor->parameter, &ctx, en_de)) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
-                return NULL;
-        }
-
-        if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        EVP_CipherUpdate(&ctx, out, &i, in, inlen);
-        outlen = i;
-        if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
-                OPENSSL_free(out);
-                out = NULL;
-                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
-                goto err;
-        }
-        outlen += i;
-        if (datalen) *datalen = outlen;
-        if (data) *data = out;
-        err:
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return out;
-
-}
-
-/* Decrypt an OCTET STRING and decode ASN1 structure 
- * if zbuf set zero buffer after use.
- */
-
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-             const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
-{
-        unsigned char *out, *p;
-        void *ret;
-        int outlen;
-
-        if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
-                               &out, &outlen, 0)) {
-                PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
-                return NULL;
-        }
-        p = out;
-#ifdef DEBUG_DECRYPT
-        {
-                FILE *op;
-
-                char fname[30];
-                static int fnm = 1;
-                sprintf(fname, "DER%d", fnm++);
-                op = fopen(fname, "wb");
-                fwrite (p, 1, outlen, op);
-                fclose(op);
-        }
-#endif
-        ret = ASN1_item_d2i(NULL, &p, outlen, it);
-        if (zbuf) OPENSSL_cleanse(out, outlen);
-        if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
-        OPENSSL_free(out);
-        return ret;
-}
-
-/* Encode ASN1 structure and encrypt, return OCTET STRING 
- * if zbuf set zero encoding.
- */
-
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-                                       const char *pass, int passlen,
-                                       void *obj, int zbuf)
-{
-        ASN1_OCTET_STRING *oct;
-        unsigned char *in = NULL;
-        int inlen;
-        if (!(oct = M_ASN1_OCTET_STRING_new ())) {
-                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        inlen = ASN1_item_i2d(obj, &in, it);
-        if (!in) {
-                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
-                return NULL;
-        }
-        if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
-                                 &oct->length, 1)) {
-                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
-                OPENSSL_free(in);
-                return NULL;
-        }
-        if (zbuf) OPENSSL_cleanse(in, inlen);
-        OPENSSL_free(in);
-        return oct;
-}
-
-IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
deleted file mode 100644
index 5276b12669..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* p12_init.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Initialise a PKCS12 structure to take data */
-
-PKCS12 *PKCS12_init (int mode)
-{
-        PKCS12 *pkcs12;
-        if (!(pkcs12 = PKCS12_new())) {
-                PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        ASN1_INTEGER_set(pkcs12->version, 3);
-        pkcs12->authsafes->type = OBJ_nid2obj(mode);
-        switch (mode) {
-                case NID_pkcs7_data:
-                        if (!(pkcs12->authsafes->d.data =
-                                 M_ASN1_OCTET_STRING_new())) {
-                        PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                break;
-                default:
-                        PKCS12err(PKCS12_F_PKCS12_INIT,
-                                PKCS12_R_UNSUPPORTED_PKCS12_MODE);
-                        goto err;
-        }
-                
-        return pkcs12;
-err:
-        if (pkcs12 != NULL) PKCS12_free(pkcs12);
-        return NULL;
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
deleted file mode 100644
index 9196a34b4a..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/* p12_key.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-
-/* Uncomment out this line to get debugging info about key generation */
-/*#define DEBUG_KEYGEN*/
-#ifdef DEBUG_KEYGEN
-#include <openssl/bio.h>
-extern BIO *bio_err;
-void h__dump (unsigned char *p, int len);
-#endif
-
-/* PKCS12 compatible key/IV generation */
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
-
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-             int saltlen, int id, int iter, int n, unsigned char *out,
-             const EVP_MD *md_type)
-{
-        int ret;
-        unsigned char *unipass;
-        int uniplen;
-        if(!pass) {
-                unipass = NULL;
-                uniplen = 0;
-        } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
-                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
-                                                 id, iter, n, out, md_type);
-        if(unipass) {
-                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
-                OPENSSL_free(unipass);
-        }
-        return ret;
-}
-
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
-             int saltlen, int id, int iter, int n, unsigned char *out,
-             const EVP_MD *md_type)
-{
-        unsigned char *B, *D, *I, *p, *Ai;
-        int Slen, Plen, Ilen, Ijlen;
-        int i, j, u, v;
-        BIGNUM *Ij, *Bpl1;      /* These hold Ij and B + 1 */
-        EVP_MD_CTX ctx;
-#ifdef  DEBUG_KEYGEN
-        unsigned char *tmpout = out;
-        int tmpn = n;
-#endif
-
-#if 0
-        if (!pass) {
-                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-#endif
-
-        EVP_MD_CTX_init(&ctx);
-#ifdef  DEBUG_KEYGEN
-        fprintf(stderr, "KEYGEN DEBUG\n");
-        fprintf(stderr, "ID %d, ITER %d\n", id, iter);
-        fprintf(stderr, "Password (length %d):\n", passlen);
-        h__dump(pass, passlen);
-        fprintf(stderr, "Salt (length %d):\n", saltlen);
-        h__dump(salt, saltlen);
-#endif
-        v = EVP_MD_block_size (md_type);
-        u = EVP_MD_size (md_type);
-        D = OPENSSL_malloc (v);
-        Ai = OPENSSL_malloc (u);
-        B = OPENSSL_malloc (v + 1);
-        Slen = v * ((saltlen+v-1)/v);
-        if(passlen) Plen = v * ((passlen+v-1)/v);
-        else Plen = 0;
-        Ilen = Slen + Plen;
-        I = OPENSSL_malloc (Ilen);
-        Ij = BN_new();
-        Bpl1 = BN_new();
-        if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
-                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        for (i = 0; i < v; i++) D[i] = id;
-        p = I;
-        for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
-        for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
-        for (;;) {
-                EVP_DigestInit_ex(&ctx, md_type, NULL);
-                EVP_DigestUpdate(&ctx, D, v);
-                EVP_DigestUpdate(&ctx, I, Ilen);
-                EVP_DigestFinal_ex(&ctx, Ai, NULL);
-                for (j = 1; j < iter; j++) {
-                        EVP_DigestInit_ex(&ctx, md_type, NULL);
-                        EVP_DigestUpdate(&ctx, Ai, u);
-                        EVP_DigestFinal_ex(&ctx, Ai, NULL);
-                }
-                memcpy (out, Ai, min (n, u));
-                if (u >= n) {
-                        OPENSSL_free (Ai);
-                        OPENSSL_free (B);
-                        OPENSSL_free (D);
-                        OPENSSL_free (I);
-                        BN_free (Ij);
-                        BN_free (Bpl1);
-                        EVP_MD_CTX_cleanup(&ctx);
-#ifdef DEBUG_KEYGEN
-                        fprintf(stderr, "Output KEY (length %d)\n", tmpn);
-                        h__dump(tmpout, tmpn);
-#endif
-                        return 1;       
-                }
-                n -= u;
-                out += u;
-                for (j = 0; j < v; j++) B[j] = Ai[j % u];
-                /* Work out B + 1 first then can use B as tmp space */
-                BN_bin2bn (B, v, Bpl1);
-                BN_add_word (Bpl1, 1);
-                for (j = 0; j < Ilen ; j+=v) {
-                        BN_bin2bn (I + j, v, Ij);
-                        BN_add (Ij, Ij, Bpl1);
-                        BN_bn2bin (Ij, B);
-                        Ijlen = BN_num_bytes (Ij);
-                        /* If more than 2^(v*8) - 1 cut off MSB */
-                        if (Ijlen > v) {
-                                BN_bn2bin (Ij, B);
-                                memcpy (I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
-                        /* If less than v bytes pad with zeroes */
-                        } else if (Ijlen < v) {
-                                memset(I + j, 0, v - Ijlen);
-                                BN_bn2bin(Ij, I + j + v - Ijlen); 
-#endif
-                        } else BN_bn2bin (Ij, I + j);
-                }
-        }
-}
-#ifdef DEBUG_KEYGEN
-void h__dump (unsigned char *p, int len)
-{
-        for (; len --; p++) fprintf(stderr, "%02X", *p);
-        fprintf(stderr, "\n");  
-}
-#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
deleted file mode 100644
index 2b31999e11..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,297 +0,0 @@
-/* p12_kiss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Simplified PKCS#12 routines */
-
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-
-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                       int passlen, EVP_PKEY **pkey, X509 **cert,
-                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                       char *keymatch);
-
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                        EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                        ASN1_OCTET_STRING **keyid, char *keymatch);
-
-/* Parse and decrypt a PKCS#12 structure returning user key, user cert
- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
- * or it should point to a valid STACK structure. pkey and cert can be
- * passed unitialised.
- */
-
-int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-             STACK_OF(X509) **ca)
-{
-
-        /* Check for NULL PKCS12 structure */
-
-        if(!p12) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-                return 0;
-        }
-
-        /* Allocate stack for ca certificates if needed */
-        if ((ca != NULL) && (*ca == NULL)) {
-                if (!(*ca = sk_X509_new_null())) {
-                        PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-
-        if(pkey) *pkey = NULL;
-        if(cert) *cert = NULL;
-
-        /* Check the mac */
-
-        /* If password is zero length or NULL then try verifying both cases
-         * to determine which password is correct. The reason for this is that
-         * under PKCS#12 password based encryption no password and a zero length
-         * password are two different things...
-         */
-
-        if(!pass || !*pass) {
-                if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
-                else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
-                else {
-                        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-                        goto err;
-                }
-        } else if (!PKCS12_verify_mac(p12, pass, -1)) {
-                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-                goto err;
-        }
-
-        if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
-                {
-                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
-                goto err;
-                }
-
-        return 1;
-
- err:
-
-        if (pkey && *pkey) EVP_PKEY_free(*pkey);
-        if (cert && *cert) X509_free(*cert);
-        if (ca) sk_X509_pop_free(*ca, X509_free);
-        return 0;
-
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
-             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-{
-        STACK_OF(PKCS7) *asafes;
-        STACK_OF(PKCS12_SAFEBAG) *bags;
-        int i, bagnid;
-        PKCS7 *p7;
-        ASN1_OCTET_STRING *keyid = NULL;
-
-        char keymatch = 0;
-        if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
-        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-                p7 = sk_PKCS7_value (asafes, i);
-                bagnid = OBJ_obj2nid (p7->type);
-                if (bagnid == NID_pkcs7_data) {
-                        bags = PKCS12_unpack_p7data(p7);
-                } else if (bagnid == NID_pkcs7_encrypted) {
-                        bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-                } else continue;
-                if (!bags) {
-                        sk_PKCS7_pop_free(asafes, PKCS7_free);
-                        return 0;
-                }
-                if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
-                                                         &keyid, &keymatch)) {
-                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                        sk_PKCS7_pop_free(asafes, PKCS7_free);
-                        return 0;
-                }
-                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        }
-        sk_PKCS7_pop_free(asafes, PKCS7_free);
-        if (keyid) M_ASN1_OCTET_STRING_free(keyid);
-        return 1;
-}
-
-
-static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                       int passlen, EVP_PKEY **pkey, X509 **cert,
-                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                       char *keymatch)
-{
-        int i;
-        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-                         pass, passlen, pkey, cert, ca, keyid,
-                                                         keymatch)) return 0;
-        }
-        return 1;
-}
-
-#define MATCH_KEY  0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL  0x3
-
-static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                      ASN1_OCTET_STRING **keyid,
-             char *keymatch)
-{
-        PKCS8_PRIV_KEY_INFO *p8;
-        X509 *x509;
-        ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
-        ASN1_TYPE *attrib;
-        ASN1_BMPSTRING *fname = NULL;
-
-        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
-                fname = attrib->value.bmpstring;
-
-        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
-                lkey = attrib->value.octet_string;
-                ckid = lkey;
-        }
-
-        /* Check for any local key id matching (if needed) */
-        if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-                if (*keyid) {
-                        if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-                } else {
-                        if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-                                PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
-                                return 0;
-                    }
-                }
-        }
-        
-        switch (M_PKCS12_bag_type(bag))
-        {
-        case NID_keyBag:
-                if (!lkey || !pkey) return 1;   
-                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
-                *keymatch |= MATCH_KEY;
-        break;
-
-        case NID_pkcs8ShroudedKeyBag:
-                if (!lkey || !pkey) return 1;   
-                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
-                                return 0;
-                *pkey = EVP_PKCS82PKEY(p8);
-                PKCS8_PRIV_KEY_INFO_free(p8);
-                if (!(*pkey)) return 0;
-                *keymatch |= MATCH_KEY;
-        break;
-
-        case NID_certBag:
-                if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-                                                                 return 1;
-                if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
-                if(ckid)
-                        {
-                        if (!X509_keyid_set1(x509, ckid->data, ckid->length))
-                                {
-                                X509_free(x509);
-                                return 0;
-                                }
-                        }
-                if(fname) {
-                        int len, r;
-                        unsigned char *data;
-                        len = ASN1_STRING_to_UTF8(&data, fname);
-                        if(len > 0) {
-                                r = X509_alias_set1(x509, data, len);
-                                OPENSSL_free(data);
-                                if (!r)
-                                        {
-                                        X509_free(x509);
-                                        return 0;
-                                        }
-                        }
-                }
-
-
-                if (lkey) {
-                        *keymatch |= MATCH_CERT;
-                        if (cert) *cert = x509;
-                        else X509_free(x509);
-                } else {
-                        if(ca) sk_X509_push (*ca, x509);
-                        else X509_free(x509);
-                }
-        break;
-
-        case NID_safeContentsBag:
-                return parse_bags(bag->value.safes, pass, passlen,
-                                        pkey, cert, ca, keyid, keymatch);
-        break;
-
-        default:
-                return 1;
-        break;
-        }
-        return 1;
-}
-
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 140d21155e..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* p12_mutl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_HMAC
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/pkcs12.h>
-
-/* Generate a MAC */
-int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
-                    unsigned char *mac, unsigned int *maclen)
-{
-        const EVP_MD *md_type;
-        HMAC_CTX hmac;
-        unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
-        int saltlen, iter;
-
-        if (!PKCS7_type_is_data(p12->authsafes))
-                {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-                return 0;
-                }
-
-        salt = p12->mac->salt->data;
-        saltlen = p12->mac->salt->length;
-        if (!p12->mac->iter) iter = 1;
-        else iter = ASN1_INTEGER_get (p12->mac->iter);
-        if(!(md_type =
-                 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-                return 0;
-        }
-        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
-                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
-                return 0;
-        }
-        HMAC_CTX_init(&hmac);
-        HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
-        HMAC_Update(&hmac, p12->authsafes->d.data->data,
-                                         p12->authsafes->d.data->length);
-        HMAC_Final(&hmac, mac, maclen);
-        HMAC_CTX_cleanup(&hmac);
-        return 1;
-}
-
-/* Verify the mac */
-int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
-{
-        unsigned char mac[EVP_MAX_MD_SIZE];
-        unsigned int maclen;
-        if(p12->mac == NULL) {
-                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
-                return 0;
-        }
-        if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-                return 0;
-        }
-        if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-        || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
-        return 1;
-}
-
-/* Set a mac */
-
-int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
-             unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
-{
-        unsigned char mac[EVP_MAX_MD_SIZE];
-        unsigned int maclen;
-
-        if (!md_type) md_type = EVP_sha1();
-        if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
-                                        PKCS12_ERROR) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
-                return 0;
-        }
-        if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-                return 0;
-        }
-        if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
-                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
-                                                return 0;
-        }
-        return 1;
-}
-
-/* Set up a mac structure */
-int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-             const EVP_MD *md_type)
-{
-        if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
-        if (iter > 1) {
-                if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
-                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
-                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-        if (!saltlen) saltlen = PKCS12_SALT_LEN;
-        p12->mac->salt->length = saltlen;
-        if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
-                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if (!salt) {
-                if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
-                        return 0;
-        }
-        else memcpy (p12->mac->salt->data, salt, saltlen);
-        p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
-        if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
-                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
-        
-        return 1;
-}
-#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
deleted file mode 100644
index af708a2743..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* p12_npas.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 password change routine */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-                        char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
-
-/* 
- * Change the password on a PKCS#12 structure.
- */
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
-{
-
-/* Check for NULL PKCS12 structure */
-
-if(!p12) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-        return 0;
-}
-
-/* Check the mac */
-
-if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
-        return 0;
-}
-
-if (!newpass_p12(p12, oldpass, newpass)) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
-        return 0;
-}
-
-return 1;
-
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
-{
-        STACK_OF(PKCS7) *asafes, *newsafes;
-        STACK_OF(PKCS12_SAFEBAG) *bags;
-        int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
-        PKCS7 *p7, *p7new;
-        ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
-        unsigned char mac[EVP_MAX_MD_SIZE];
-        unsigned int maclen;
-
-        if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
-        if(!(newsafes = sk_PKCS7_new_null())) return 0;
-        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-                p7 = sk_PKCS7_value(asafes, i);
-                bagnid = OBJ_obj2nid(p7->type);
-                if (bagnid == NID_pkcs7_data) {
-                        bags = PKCS12_unpack_p7data(p7);
-                } else if (bagnid == NID_pkcs7_encrypted) {
-                        bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-                        alg_get(p7->d.encrypted->enc_data->algorithm,
-                                &pbe_nid, &pbe_iter, &pbe_saltlen);
-                } else continue;
-                if (!bags) {
-                        sk_PKCS7_pop_free(asafes, PKCS7_free);
-                        return 0;
-                }
-                if (!newpass_bags(bags, oldpass, newpass)) {
-                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                        sk_PKCS7_pop_free(asafes, PKCS7_free);
-                        return 0;
-                }
-                /* Repack bag in same form with new password */
-                if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
-                else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
-                                                 pbe_saltlen, pbe_iter, bags);
-                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                if(!p7new) {
-                        sk_PKCS7_pop_free(asafes, PKCS7_free);
-                        return 0;
-                }
-                sk_PKCS7_push(newsafes, p7new);
-        }
-        sk_PKCS7_pop_free(asafes, PKCS7_free);
-
-        /* Repack safe: save old safe in case of error */
-
-        p12_data_tmp = p12->authsafes->d.data;
-        if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
-        if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
-
-        if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
-        if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
-        if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
-        ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
-        p12->mac->dinfo->digest = macnew;
-        ASN1_OCTET_STRING_free(p12_data_tmp);
-
-        return 1;
-
-        saferr:
-        /* Restore old safe */
-        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-        ASN1_OCTET_STRING_free(macnew);
-        p12->authsafes->d.data = p12_data_tmp;
-        return 0;
-
-}
-
-
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-                        char *newpass)
-{
-        int i;
-        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-                if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
-                                 oldpass, newpass))
-                    return 0;
-        }
-        return 1;
-}
-
-/* Change password of safebag: only needs handle shrouded keybags */
-
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
-{
-        PKCS8_PRIV_KEY_INFO *p8;
-        X509_SIG *p8new;
-        int p8_nid, p8_saltlen, p8_iter;
-
-        if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
-
-        if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
-        alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
-        if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-                                                     p8_iter, p8))) return 0;
-        X509_SIG_free(bag->value.shkeybag);
-        bag->value.shkeybag = p8new;
-        return 1;
-}
-
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
-{
-        PBEPARAM *pbe;
-        unsigned char *p;
-        p = alg->parameter->value.sequence->data;
-        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-        *pnid = OBJ_obj2nid(alg->algorithm);
-        *piter = ASN1_INTEGER_get(pbe->iter);
-        *psaltlen = pbe->salt->length;
-        PBEPARAM_free(pbe);
-        return 0;
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
deleted file mode 100644
index 3c6f377933..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* p12_p8d.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
-{
-        return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
-                                        passlen, p8->digest, 1);
-}
-
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
deleted file mode 100644
index 3d47956652..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* p12_p8e.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-                         const char *pass, int passlen,
-                         unsigned char *salt, int saltlen, int iter,
-                                                PKCS8_PRIV_KEY_INFO *p8inf)
-{
-        X509_SIG *p8 = NULL;
-        X509_ALGOR *pbe;
-
-        if (!(p8 = X509_SIG_new())) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-        else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-        if(!pbe) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-                goto err;
-        }
-        X509_ALGOR_free(p8->algor);
-        p8->algor = pbe;
-        M_ASN1_OCTET_STRING_free(p8->digest);
-        p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
-                                        pass, passlen, p8inf, 1);
-        if(!p8->digest) {
-                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-                goto err;
-        }
-
-        return p8;
-
-        err:
-        X509_SIG_free(p8);
-        return NULL;
-}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
deleted file mode 100644
index 243ec76be9..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* p12_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Cheap and nasty Unicode stuff */
-
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
-{
-        int ulen, i;
-        unsigned char *unitmp;
-        if (asclen == -1) asclen = strlen(asc);
-        ulen = asclen*2  + 2;
-        if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
-        for (i = 0; i < ulen - 2; i+=2) {
-                unitmp[i] = 0;
-                unitmp[i + 1] = asc[i>>1];
-        }
-        /* Make result double null terminated */
-        unitmp[ulen - 2] = 0;
-        unitmp[ulen - 1] = 0;
-        if (unilen) *unilen = ulen;
-        if (uni) *uni = unitmp;
-        return unitmp;
-}
-
-char *uni2asc(unsigned char *uni, int unilen)
-{
-        int asclen, i;
-        char *asctmp;
-        asclen = unilen / 2;
-        /* If no terminating zero allow for one */
-        if (!unilen || uni[unilen - 1]) asclen++;
-        uni++;
-        if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
-        for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
-        asctmp[asclen - 1] = 0;
-        return asctmp;
-}
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
-{
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
-{
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
-{
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-#ifndef OPENSSL_NO_FP_API
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
-{
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
-{
-        return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
-                        NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
-{
-        return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
-                        NID_x509Crl, NID_crlBag);
-}
-
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
-        if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
-        if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
-        return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
-        if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
-        if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
-        return ASN1_item_unpack(bag->value.bag->value.octet,
-                                                        ASN1_ITEM_rptr(X509_CRL));
-}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
deleted file mode 100644
index a33b37b1c7..0000000000
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* crypto/pkcs12/pk12err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
-static ERR_STRING_DATA PKCS12_str_functs[]=
-        {
-{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME),    "PKCS12_ADD_FRIENDLYNAME"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),        "PKCS12_add_friendlyname_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),        "PKCS12_add_friendlyname_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID),      "PKCS12_add_localkeyid"},
-{ERR_FUNC(PKCS12_F_PKCS12_CREATE),      "PKCS12_create"},
-{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC),     "PKCS12_gen_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
-{ERR_FUNC(PKCS12_F_PKCS12_INIT),        "PKCS12_init"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG),       "PKCS12_MAKE_SHKEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS),     "PKCS12_newpass"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA),      "PKCS12_pack_p7encdata"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG),        "PKCS12_PACK_SAFEBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_PARSE),       "PKCS12_parse"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT),   "PKCS12_pbe_crypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),        "PKCS12_PBE_keyivgen"},
-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),   "PKCS12_setup_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),     "PKCS12_set_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),    "PKCS12_unpack_authsafes"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),       "PKCS12_unpack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),      "PKCS8_encrypt"},
-{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA PKCS12_str_reasons[]=
-        {
-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
-{ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
-{ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
-{ERR_REASON(PKCS12_R_IV_GEN_ERROR)       ,"iv gen error"},
-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR)      ,"key gen error"},
-{ERR_REASON(PKCS12_R_MAC_ABSENT)         ,"mac absent"},
-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR)    ,"mac setup error"},
-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR)   ,"mac verify error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
-{ERR_REASON(PKCS12_R_PARSE_ERROR)        ,"parse error"},
-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_PKCS12_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,PKCS12_str_functs);
-                ERR_load_strings(0,PKCS12_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
deleted file mode 100644
index fb8af82d4f..0000000000
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,323 +0,0 @@
-/* pkcs12.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-#define HEADER_PKCS12_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PKCS12_KEY_ID   1
-#define PKCS12_IV_ID    2
-#define PKCS12_MAC_ID   3
-
-/* Default iteration count */
-#ifndef PKCS12_DEFAULT_ITER
-#define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
-#endif
-
-#define PKCS12_MAC_KEY_LENGTH 20
-
-#define PKCS12_SALT_LEN 8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*#define PBE_UNICODE*/
-
-#ifdef PBE_UNICODE
-#define PKCS12_key_gen PKCS12_key_gen_uni
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-#else
-#define PKCS12_key_gen PKCS12_key_gen_asc
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-#endif
-
-/* MS key usage constants */
-
-#define KEY_EX  0x10
-#define KEY_SIG 0x80
-
-typedef struct {
-X509_SIG *dinfo;
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;     /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-ASN1_INTEGER *version;
-PKCS12_MAC_DATA *mac;
-PKCS7 *authsafes;
-} PKCS12;
-
-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct {
-ASN1_OBJECT *type;
-union {
-        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-        struct pkcs8_priv_key_info_st   *keybag; /* keybag */
-        X509_SIG *shkeybag; /* shrouded key bag */
-        STACK_OF(PKCS12_SAFEBAG) *safes;
-        ASN1_TYPE *other;
-}value;
-STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-ASN1_OBJECT *type;
-union {
-        ASN1_OCTET_STRING *x509cert;
-        ASN1_OCTET_STRING *x509crl;
-        ASN1_OCTET_STRING *octet;
-        ASN1_IA5STRING *sdsicert;
-        ASN1_TYPE *other; /* Secret or other bag */
-}value;
-} PKCS12_BAGS;
-
-#define PKCS12_ERROR    0
-#define PKCS12_OK       1
-
-/* Compatibility macros */
-
-#define M_PKCS12_x5092certbag PKCS12_x5092certbag
-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
-
-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-#define M_PKCS8_decrypt PKCS8_decrypt
-
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-#define PKCS12_get_attr(bag, attr_nid) \
-                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-#define PKCS8_get_attr(p8, attr_nid) \
-                PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-             int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-                                                                int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
-                        const char *pass, int passlen,
-                        unsigned char *salt, int saltlen, int iter,
-                        PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-                                     int passlen, unsigned char *salt,
-                                     int saltlen, int iter,
-                                     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-                             unsigned char *salt, int saltlen, int iter,
-                             STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
-                                int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-                                int passlen, unsigned char *in, int inlen,
-                                unsigned char **data, int *datalen, int en_de);
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-             const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-                                       const char *pass, int passlen,
-                                       void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-                       int saltlen, int id, int iter, int n,
-                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
-                         int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-                         unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *salt, int saltlen, int iter,
-                   const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-                                         int saltlen, const EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *uni2asc(unsigned char *uni, int unilen);
-
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-                 STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                         STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-                                                 int mac_iter, int keytype);
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-#define PKCS12_F_PARSE_BAGS                              103
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
-#define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
-#define PKCS12_F_PKCS12_CREATE                           105
-#define PKCS12_F_PKCS12_DECRYPT_D2I                      106
-#define PKCS12_F_PKCS12_GEN_MAC                          107
-#define PKCS12_F_PKCS12_I2D_ENCRYPT                      108
-#define PKCS12_F_PKCS12_INIT                             109
-#define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
-#define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
-#define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
-#define PKCS12_F_PKCS12_NEWPASS                          128
-#define PKCS12_F_PKCS12_PACK_P7DATA                      114
-#define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
-#define PKCS12_F_PKCS12_PACK_SAFEBAG                     117
-#define PKCS12_F_PKCS12_PARSE                            118
-#define PKCS12_F_PKCS12_PBE_CRYPT                        119
-#define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
-#define PKCS12_F_PKCS12_SETUP_MAC                        122
-#define PKCS12_F_PKCS12_SET_MAC                          123
-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 129
-#define PKCS12_F_PKCS12_UNPACK_P7DATA                    130
-#define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
-#define PKCS12_F_PKCS8_ENCRYPT                           125
-#define PKCS12_F_VERIFY_MAC                              126
-
-/* Reason codes. */
-#define PKCS12_R_CANT_PACK_STRUCTURE                     100
-#define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
-#define PKCS12_R_DECODE_ERROR                            101
-#define PKCS12_R_ENCODE_ERROR                            102
-#define PKCS12_R_ENCRYPT_ERROR                           103
-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
-#define PKCS12_R_INVALID_NULL_ARGUMENT                   104
-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
-#define PKCS12_R_IV_GEN_ERROR                            106
-#define PKCS12_R_KEY_GEN_ERROR                           107
-#define PKCS12_R_MAC_ABSENT                              108
-#define PKCS12_R_MAC_GENERATION_ERROR                    109
-#define PKCS12_R_MAC_SETUP_ERROR                         110
-#define PKCS12_R_MAC_STRING_SET_ERROR                    111
-#define PKCS12_R_MAC_VERIFY_ERROR                        112
-#define PKCS12_R_MAC_VERIFY_FAILURE                      113
-#define PKCS12_R_PARSE_ERROR                             114
-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
deleted file mode 100644
index 46f0fc9375..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_asn1.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/* pk7_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-
-/* PKCS#7 ASN1 module */
-
-/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
-
-ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS7) = {
-        ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
-        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
-        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
-        ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
-        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
-} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS7) = {
-        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(PKCS7)
-}ASN1_SEQUENCE_END(PKCS7)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
-IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
-
-ASN1_SEQUENCE(PKCS7_SIGNED) = {
-        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
-        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
-        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
-        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
-        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
-        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_SEQUENCE_END(PKCS7_SIGNED)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_FREE_POST) {
-                PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
-                EVP_PKEY_free(si->pkey);
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
-        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
-        /* NB this should be a SET OF but we use a SEQUENCE OF so the
-         * original order * is retained when the structure is reencoded.
-         * Since the attributes are implicitly tagged this will not affect
-         * the encoding.
-         */
-        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
-        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
-        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
-        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-
-ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
-        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
-        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
-        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
-        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_SEQUENCE_END(PKCS7_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-
-/* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_FREE_POST) {
-                PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
-                X509_free(ri->cert);
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
-        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
-        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-
-ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = {
-        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
-        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
-        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
-} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-
-ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
-        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
-        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
-        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
-        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
-        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
-        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-
-ASN1_SEQUENCE(PKCS7_ENCRYPT) = {
-        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_SEQUENCE_END(PKCS7_ENCRYPT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-
-ASN1_SEQUENCE(PKCS7_DIGEST) = {
-        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
-        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
-        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
-        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PKCS7_DIGEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
-
-/* Specials for authenticated attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
-
-/* When verifying attributes we need to use the received order. So 
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
deleted file mode 100644
index 039141027a..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* pk7_attr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
-{
-        ASN1_STRING *seq;
-        unsigned char *p, *pp;
-        int len;
-        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
-                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
-                                       IS_SEQUENCE);
-        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        p=pp;
-        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        if(!(seq = ASN1_STRING_new())) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if(!ASN1_STRING_set (seq, pp, len)) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        OPENSSL_free (pp);
-        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
-                                                        V_ASN1_SEQUENCE, seq);
-}
-
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-        {
-        ASN1_TYPE *cap;
-        unsigned char *p;
-        cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-        if (!cap || (cap->type != V_ASN1_SEQUENCE))
-                return NULL;
-        p = cap->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
-                                          cap->value.sequence->length,
-                                          d2i_X509_ALGOR, X509_ALGOR_free,
-                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-        }
-
-/* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-{
-        X509_ALGOR *alg;
-
-        if(!(alg = X509_ALGOR_new())) {
-                PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm = OBJ_nid2obj (nid);
-        if (arg > 0) {
-                ASN1_INTEGER *nbit;
-                if(!(alg->parameter = ASN1_TYPE_new())) {
-                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if(!(nbit = ASN1_INTEGER_new())) {
-                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if(!ASN1_INTEGER_set (nbit, arg)) {
-                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                alg->parameter->value.integer = nbit;
-                alg->parameter->type = V_ASN1_INTEGER;
-        }
-        sk_X509_ALGOR_push (sk, alg);
-        return 1;
-}
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
deleted file mode 100644
index 4ac29ae14d..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ /dev/null
@@ -1,1013 +0,0 @@
-/* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-                         void *value);
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
-
-static int PKCS7_type_is_other(PKCS7* p7)
-        {
-        int isOther=1;
-        
-        int nid=OBJ_obj2nid(p7->type);
-
-        switch( nid )
-                {
-        case NID_pkcs7_data:
-        case NID_pkcs7_signed:
-        case NID_pkcs7_enveloped:
-        case NID_pkcs7_signedAndEnveloped:
-        case NID_pkcs7_digest:
-        case NID_pkcs7_encrypted:
-                isOther=0;
-                break;
-        default:
-                isOther=1;
-                }
-
-        return isOther;
-
-        }
-
-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
-        {
-        if ( PKCS7_type_is_data(p7))
-                return p7->d.data;
-        if ( PKCS7_type_is_other(p7) && p7->d.other
-                && (p7->d.other->type == V_ASN1_OCTET_STRING))
-                return p7->d.other->value.octet_string;
-        return NULL;
-        }
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
-        {
-        int i;
-        BIO *out=NULL,*btmp=NULL;
-        X509_ALGOR *xa;
-        const EVP_MD *evp_md;
-        const EVP_CIPHER *evp_cipher=NULL;
-        STACK_OF(X509_ALGOR) *md_sk=NULL;
-        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-        X509_ALGOR *xalg=NULL;
-        PKCS7_RECIP_INFO *ri=NULL;
-        EVP_PKEY *pkey;
-
-        i=OBJ_obj2nid(p7->type);
-        p7->state=PKCS7_S_HEADER;
-
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                md_sk=p7->d.sign->md_algs;
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                rsk=p7->d.signed_and_enveloped->recipientinfo;
-                md_sk=p7->d.signed_and_enveloped->md_algs;
-                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
-                evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
-                if (evp_cipher == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
-                        goto err;
-                        }
-                break;
-        case NID_pkcs7_enveloped:
-                rsk=p7->d.enveloped->recipientinfo;
-                xalg=p7->d.enveloped->enc_data->algorithm;
-                evp_cipher=p7->d.enveloped->enc_data->cipher;
-                if (evp_cipher == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
-                        goto err;
-                        }
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-                goto err;
-                }
-
-        if (md_sk != NULL)
-                {
-                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-                        {
-                        xa=sk_X509_ALGOR_value(md_sk,i);
-                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
-                                goto err;
-                                }
-
-                        evp_md=EVP_get_digestbyobj(xa->algorithm);
-                        if (evp_md == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-                                goto err;
-                                }
-
-                        BIO_set_md(btmp,evp_md);
-                        if (out == NULL)
-                                out=btmp;
-                        else
-                                BIO_push(out,btmp);
-                        btmp=NULL;
-                        }
-                }
-
-        if (evp_cipher != NULL)
-                {
-                unsigned char key[EVP_MAX_KEY_LENGTH];
-                unsigned char iv[EVP_MAX_IV_LENGTH];
-                int keylen,ivlen;
-                int jj,max;
-                unsigned char *tmp;
-                EVP_CIPHER_CTX *ctx;
-
-                if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
-                        goto err;
-                        }
-                BIO_get_cipher_ctx(btmp, &ctx);
-                keylen=EVP_CIPHER_key_length(evp_cipher);
-                ivlen=EVP_CIPHER_iv_length(evp_cipher);
-                if (RAND_bytes(key,keylen) <= 0)
-                        goto err;
-                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-                if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
-                EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
-
-                if (ivlen > 0) {
-                        if (xalg->parameter == NULL) 
-                                                xalg->parameter=ASN1_TYPE_new();
-                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                                                                       goto err;
-                }
-
-                /* Lets do the pub key stuff :-) */
-                max=0;
-                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-                        {
-                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if (ri->cert == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
-                                goto err;
-                                }
-                        pkey=X509_get_pubkey(ri->cert);
-                        jj=EVP_PKEY_size(pkey);
-                        EVP_PKEY_free(pkey);
-                        if (max < jj) max=jj;
-                        }
-                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-                        {
-                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        pkey=X509_get_pubkey(ri->cert);
-                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-                        EVP_PKEY_free(pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-                                OPENSSL_free(tmp);
-                                goto err;
-                                }
-                        if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                                        ERR_R_MALLOC_FAILURE);
-                                OPENSSL_free(tmp);
-                                goto err;
-                                }
-                        }
-                OPENSSL_free(tmp);
-                OPENSSL_cleanse(key, keylen);
-
-                if (out == NULL)
-                        out=btmp;
-                else
-                        BIO_push(out,btmp);
-                btmp=NULL;
-                }
-
-        if (bio == NULL)
-                {
-                if (PKCS7_is_detached(p7))
-                        bio=BIO_new(BIO_s_null());
-                else
-                        {
-                        if (PKCS7_type_is_signed(p7))
-                                {
-                                ASN1_OCTET_STRING *os;
-                                os = PKCS7_get_octet_string(
-                                                        p7->d.sign->contents);
-                                if (os && os->length > 0)
-                                        bio = BIO_new_mem_buf(os->data,
-                                                                os->length);
-                                }
-                        if(bio == NULL)
-                                {
-                                bio=BIO_new(BIO_s_mem());
-                                BIO_set_mem_eof_return(bio,0);
-                                }
-                        }
-        }
-        BIO_push(out,bio);
-        bio=NULL;
-        if (0)
-                {
-err:
-                if (out != NULL)
-                        BIO_free_all(out);
-                if (btmp != NULL)
-                        BIO_free_all(btmp);
-                out=NULL;
-                }
-        return(out);
-        }
-
-/* int */
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
-        {
-        int i,j;
-        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-        unsigned char *tmp=NULL;
-        X509_ALGOR *xa;
-        ASN1_OCTET_STRING *data_body=NULL;
-        const EVP_MD *evp_md;
-        const EVP_CIPHER *evp_cipher=NULL;
-        EVP_CIPHER_CTX *evp_ctx=NULL;
-        X509_ALGOR *enc_alg=NULL;
-        STACK_OF(X509_ALGOR) *md_sk=NULL;
-        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-        X509_ALGOR *xalg=NULL;
-        PKCS7_RECIP_INFO *ri=NULL;
-
-        i=OBJ_obj2nid(p7->type);
-        p7->state=PKCS7_S_HEADER;
-
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
-                md_sk=p7->d.sign->md_algs;
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                rsk=p7->d.signed_and_enveloped->recipientinfo;
-                md_sk=p7->d.signed_and_enveloped->md_algs;
-                data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
-                enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
-                evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-                if (evp_cipher == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-                        goto err;
-                        }
-                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
-                break;
-        case NID_pkcs7_enveloped:
-                rsk=p7->d.enveloped->recipientinfo;
-                enc_alg=p7->d.enveloped->enc_data->algorithm;
-                data_body=p7->d.enveloped->enc_data->enc_data;
-                evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-                if (evp_cipher == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-                        goto err;
-                        }
-                xalg=p7->d.enveloped->enc_data->algorithm;
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-                goto err;
-                }
-
-        /* We will be checking the signature */
-        if (md_sk != NULL)
-                {
-                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-                        {
-                        xa=sk_X509_ALGOR_value(md_sk,i);
-                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-                                goto err;
-                                }
-
-                        j=OBJ_obj2nid(xa->algorithm);
-                        evp_md=EVP_get_digestbynid(j);
-                        if (evp_md == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-                                goto err;
-                                }
-
-                        BIO_set_md(btmp,evp_md);
-                        if (out == NULL)
-                                out=btmp;
-                        else
-                                BIO_push(out,btmp);
-                        btmp=NULL;
-                        }
-                }
-
-        if (evp_cipher != NULL)
-                {
-#if 0
-                unsigned char key[EVP_MAX_KEY_LENGTH];
-                unsigned char iv[EVP_MAX_IV_LENGTH];
-                unsigned char *p;
-                int keylen,ivlen;
-                int max;
-                X509_OBJECT ret;
-#endif
-                int jj;
-
-                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-                        goto err;
-                        }
-
-                /* It was encrypted, we need to decrypt the secret key
-                 * with the private key */
-
-                /* Find the recipientInfo which matches the passed certificate
-                 * (if any)
-                 */
-
-                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                                        pcert->cert_info->issuer) &&
-                             !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                                        ri->issuer_and_serial->serial)) break;
-                        ri=NULL;
-                }
-                if (ri == NULL) {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-                        goto err;
-                }
-
-                jj=EVP_PKEY_size(pkey);
-                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
-                if (tmp == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-
-                jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
-                        M_ASN1_STRING_length(ri->enc_key), pkey);
-                if (jj <= 0)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
-                        goto err;
-                        }
-
-                evp_ctx=NULL;
-                BIO_get_cipher_ctx(etmp,&evp_ctx);
-                EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
-                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
-                        goto err;
-
-                if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
-                        /* Some S/MIME clients don't use the same key
-                         * and effective key length. The key length is
-                         * determined by the size of the decrypted RSA key.
-                         */
-                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-                                goto err;
-                                }
-                } 
-                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
-
-                OPENSSL_cleanse(tmp,jj);
-
-                if (out == NULL)
-                        out=etmp;
-                else
-                        BIO_push(out,etmp);
-                etmp=NULL;
-                }
-
-#if 1
-        if (PKCS7_is_detached(p7) || (in_bio != NULL))
-                {
-                bio=in_bio;
-                }
-        else 
-                {
-#if 0
-                bio=BIO_new(BIO_s_mem());
-                /* We need to set this so that when we have read all
-                 * the data, the encrypt BIO, if present, will read
-                 * EOF and encode the last few bytes */
-                BIO_set_mem_eof_return(bio,0);
-
-                if (data_body->length > 0)
-                        BIO_write(bio,(char *)data_body->data,data_body->length);
-#else
-                if (data_body->length > 0)
-                      bio = BIO_new_mem_buf(data_body->data,data_body->length);
-                else {
-                        bio=BIO_new(BIO_s_mem());
-                        BIO_set_mem_eof_return(bio,0);
-                }
-#endif
-                }
-        BIO_push(out,bio);
-        bio=NULL;
-#endif
-        if (0)
-                {
-err:
-                if (out != NULL) BIO_free_all(out);
-                if (btmp != NULL) BIO_free_all(btmp);
-                if (etmp != NULL) BIO_free_all(etmp);
-                if (bio != NULL) BIO_free_all(bio);
-                out=NULL;
-                }
-        if (tmp != NULL)
-                OPENSSL_free(tmp);
-        return(out);
-        }
-
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-        {
-        int ret=0;
-        int i,j;
-        BIO *btmp;
-        BUF_MEM *buf_mem=NULL;
-        BUF_MEM *buf=NULL;
-        PKCS7_SIGNER_INFO *si;
-        EVP_MD_CTX *mdc,ctx_tmp;
-        STACK_OF(X509_ATTRIBUTE) *sk;
-        STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-
-        EVP_MD_CTX_init(&ctx_tmp);
-        i=OBJ_obj2nid(p7->type);
-        p7->state=PKCS7_S_HEADER;
-
-        switch (i)
-                {
-        case NID_pkcs7_signedAndEnveloped:
-                /* XXXXXXXXXXXXXXXX */
-                si_sk=p7->d.signed_and_enveloped->signer_info;
-                if (!(os=M_ASN1_OCTET_STRING_new()))
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                p7->d.signed_and_enveloped->enc_data->enc_data=os;
-                break;
-        case NID_pkcs7_enveloped:
-                /* XXXXXXXXXXXXXXXX */
-                if (!(os=M_ASN1_OCTET_STRING_new()))
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                p7->d.enveloped->enc_data->enc_data=os;
-                break;
-        case NID_pkcs7_signed:
-                si_sk=p7->d.sign->signer_info;
-                os=PKCS7_get_octet_string(p7->d.sign->contents);
-                /* If detached data then the content is excluded */
-                if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-                        M_ASN1_OCTET_STRING_free(os);
-                        p7->d.sign->contents->d.data = NULL;
-                }
-                break;
-                }
-
-        if (si_sk != NULL)
-                {
-                if ((buf=BUF_MEM_new()) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
-                        goto err;
-                        }
-                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
-                        {
-                        si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
-                        if (si->pkey == NULL) continue;
-
-                        j=OBJ_obj2nid(si->digest_alg->algorithm);
-
-                        btmp=bio;
-                        for (;;)
-                                {
-                                if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
-                                        == NULL)
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-                                        goto err;
-                                        }
-                                BIO_get_md_ctx(btmp,&mdc);
-                                if (mdc == NULL)
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
-                                        goto err;
-                                        }
-                                if (EVP_MD_CTX_type(mdc) == j)
-                                        break;
-                                else
-                                        btmp=BIO_next(btmp);
-                                }
-                        
-                        /* We now have the EVP_MD_CTX, lets do the
-                         * signing. */
-                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
-                                goto err;
-                                }
-
-                        sk=si->auth_attr;
-
-                        /* If there are attributes, we add the digest
-                         * attribute and only sign the attributes */
-                        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-                                {
-                                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
-                                unsigned int md_len, alen;
-                                ASN1_OCTET_STRING *digest;
-                                ASN1_UTCTIME *sign_time;
-                                const EVP_MD *md_tmp;
-
-                                /* Add signing time if not already present */
-                                if (!PKCS7_get_signed_attribute(si,
-                                                        NID_pkcs9_signingTime))
-                                        {
-                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
-                                                {
-                                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,
-                                                        ERR_R_MALLOC_FAILURE);
-                                                goto err;
-                                                }
-                                        PKCS7_add_signed_attribute(si,
-                                                NID_pkcs9_signingTime,
-                                                V_ASN1_UTCTIME,sign_time);
-                                        }
-
-                                /* Add digest */
-                                md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
-                                if (!(digest=M_ASN1_OCTET_STRING_new()))
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
-                                                ERR_R_MALLOC_FAILURE);
-                                        goto err;
-                                        }
-                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
-                                                                md_len))
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
-                                                ERR_R_MALLOC_FAILURE);
-                                        goto err;
-                                        }
-                                PKCS7_add_signed_attribute(si,
-                                        NID_pkcs9_messageDigest,
-                                        V_ASN1_OCTET_STRING,digest);
-
-                                /* Now sign the attributes */
-                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
-                                alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
-                                                        ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-                                if(!abuf) goto err;
-                                EVP_SignUpdate(&ctx_tmp,abuf,alen);
-                                OPENSSL_free(abuf);
-                                }
-
-#ifndef OPENSSL_NO_DSA
-                        if (si->pkey->type == EVP_PKEY_DSA)
-                                ctx_tmp.digest=EVP_dss1();
-#endif
-
-                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
-                                (unsigned int *)&buf->length,si->pkey))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
-                                goto err;
-                                }
-                        if (!ASN1_STRING_set(si->enc_digest,
-                                (unsigned char *)buf->data,buf->length))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
-                                goto err;
-                                }
-                        }
-                }
-
-        if (!PKCS7_is_detached(p7))
-                {
-                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-                if (btmp == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-                        goto err;
-                        }
-                BIO_get_mem_ptr(btmp,&buf_mem);
-                /* Mark the BIO read only then we can use its copy of the data
-                 * instead of making an extra copy.
-                 */
-                BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-                BIO_set_mem_eof_return(btmp, 0);
-                os->data = (unsigned char *)buf_mem->data;
-                os->length = buf_mem->length;
-#if 0
-                M_ASN1_OCTET_STRING_set(os,
-                        (unsigned char *)buf_mem->data,buf_mem->length);
-#endif
-                }
-        ret=1;
-err:
-        EVP_MD_CTX_cleanup(&ctx_tmp);
-        if (buf != NULL) BUF_MEM_free(buf);
-        return(ret);
-        }
-
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-             PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-        {
-        PKCS7_ISSUER_AND_SERIAL *ias;
-        int ret=0,i;
-        STACK_OF(X509) *cert;
-        X509 *x509;
-
-        if (PKCS7_type_is_signed(p7))
-                {
-                cert=p7->d.sign->cert;
-                }
-        else if (PKCS7_type_is_signedAndEnveloped(p7))
-                {
-                cert=p7->d.signed_and_enveloped->cert;
-                }
-        else
-                {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
-                goto err;
-                }
-        /* XXXXXXXXXXXXXXXXXXXXXXX */
-        ias=si->issuer_and_serial;
-
-        x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
-
-        /* were we able to find the cert in passed to us */
-        if (x509 == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
-                goto err;
-                }
-
-        /* Lets verify */
-        if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
-                {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-                goto err;
-                }
-        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
-        i=X509_verify_cert(ctx);
-        if (i <= 0) 
-                {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-                X509_STORE_CTX_cleanup(ctx);
-                goto err;
-                }
-        X509_STORE_CTX_cleanup(ctx);
-
-        return PKCS7_signatureVerify(bio, p7, si, x509);
-        err:
-        return ret;
-        }
-
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                                                                X509 *x509)
-        {
-        ASN1_OCTET_STRING *os;
-        EVP_MD_CTX mdc_tmp,*mdc;
-        int ret=0,i;
-        int md_type;
-        STACK_OF(X509_ATTRIBUTE) *sk;
-        BIO *btmp;
-        EVP_PKEY *pkey;
-
-        EVP_MD_CTX_init(&mdc_tmp);
-
-        if (!PKCS7_type_is_signed(p7) && 
-                                !PKCS7_type_is_signedAndEnveloped(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                                PKCS7_R_WRONG_PKCS7_TYPE);
-                goto err;
-        }
-
-        md_type=OBJ_obj2nid(si->digest_alg->algorithm);
-
-        btmp=bio;
-        for (;;)
-                {
-                if ((btmp == NULL) ||
-                        ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-                        goto err;
-                        }
-                BIO_get_md_ctx(btmp,&mdc);
-                if (mdc == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                                        ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                if (EVP_MD_CTX_type(mdc) == md_type)
-                        break;
-                /* Workaround for some broken clients that put the signature
-                 * OID instead of the digest OID in digest_alg->algorithm
-                 */
-                if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
-                        break;
-                btmp=BIO_next(btmp);
-                }
-
-        /* mdc is the digest ctx that we want, unless there are attributes,
-         * in which case the digest is the signed attributes */
-        EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
-
-        sk=si->auth_attr;
-        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-                {
-                unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len, alen;
-                ASN1_OCTET_STRING *message_digest;
-
-                EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
-                message_digest=PKCS7_digest_from_attributes(sk);
-                if (!message_digest)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-                        goto err;
-                        }
-                if ((message_digest->length != (int)md_len) ||
-                        (memcmp(message_digest->data,md_dat,md_len)))
-                        {
-#if 0
-{
-int ii;
-for (ii=0; ii<message_digest->length; ii++)
-        printf("%02X",message_digest->data[ii]); printf(" sent\n");
-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
-}
-#endif
-                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                                        PKCS7_R_DIGEST_FAILURE);
-                        ret= -1;
-                        goto err;
-                        }
-
-                EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
-
-                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
-                EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
-
-                OPENSSL_free(abuf);
-                }
-
-        os=si->enc_digest;
-        pkey = X509_get_pubkey(x509);
-        if (!pkey)
-                {
-                ret = -1;
-                goto err;
-                }
-#ifndef OPENSSL_NO_DSA
-        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
-#endif
-
-        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
-        EVP_PKEY_free(pkey);
-        if (i <= 0)
-                {
-                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                                                PKCS7_R_SIGNATURE_FAILURE);
-                ret= -1;
-                goto err;
-                }
-        else
-                ret=1;
-err:
-        EVP_MD_CTX_cleanup(&mdc_tmp);
-        return(ret);
-        }
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
-        {
-        STACK_OF(PKCS7_RECIP_INFO) *rsk;
-        PKCS7_RECIP_INFO *ri;
-        int i;
-
-        i=OBJ_obj2nid(p7->type);
-        if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
-        rsk=p7->d.signed_and_enveloped->recipientinfo;
-        ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
-        if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
-        ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
-        return(ri->issuer_and_serial);
-        }
-
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-        {
-        return(get_attribute(si->auth_attr,nid));
-        }
-
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-        {
-        return(get_attribute(si->unauth_attr,nid));
-        }
-
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
-        {
-        int i;
-        X509_ATTRIBUTE *xa;
-        ASN1_OBJECT *o;
-
-        o=OBJ_nid2obj(nid);
-        if (!o || !sk) return(NULL);
-        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-                {
-                xa=sk_X509_ATTRIBUTE_value(sk,i);
-                if (OBJ_cmp(xa->object,o) == 0)
-                        {
-                        if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-                                return(sk_ASN1_TYPE_value(xa->value.set,0));
-                        else
-                                return(NULL);
-                        }
-                }
-        return(NULL);
-        }
-
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
-{
-        ASN1_TYPE *astype;
-        if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
-        return astype->value.octet_string;
-}
-
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-                                STACK_OF(X509_ATTRIBUTE) *sk)
-        {
-        int i;
-
-        if (p7si->auth_attr != NULL)
-                sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
-        p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
-        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-                {
-                if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-                    == NULL)
-                        return(0);
-                }
-        return(1);
-        }
-
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
-        {
-        int i;
-
-        if (p7si->unauth_attr != NULL)
-                sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
-                                           X509_ATTRIBUTE_free);
-        p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
-        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-                {
-                if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-                    == NULL)
-                        return(0);
-                }
-        return(1);
-        }
-
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-             void *value)
-        {
-        return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
-        }
-
-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-             void *value)
-        {
-        return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
-        }
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-                         void *value)
-        {
-        X509_ATTRIBUTE *attr=NULL;
-
-        if (*sk == NULL)
-                {
-                *sk = sk_X509_ATTRIBUTE_new_null();
-new_attrib:
-                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-                sk_X509_ATTRIBUTE_push(*sk,attr);
-                }
-        else
-                {
-                int i;
-
-                for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
-                        {
-                        attr=sk_X509_ATTRIBUTE_value(*sk,i);
-                        if (OBJ_obj2nid(attr->object) == nid)
-                                {
-                                X509_ATTRIBUTE_free(attr);
-                                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-                                sk_X509_ATTRIBUTE_set(*sk,i,attr);
-                                goto end;
-                                }
-                        }
-                goto new_attrib;
-                }
-end:
-        return(1);
-        }
-
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
deleted file mode 100644
index ee1817c7af..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ /dev/null
@@ -1,500 +0,0 @@
-/* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
-        {
-        int nid;
-        long ret;
-
-        nid=OBJ_obj2nid(p7->type);
-
-        switch (cmd)
-                {
-        case PKCS7_OP_SET_DETACHED_SIGNATURE:
-                if (nid == NID_pkcs7_signed)
-                        {
-                        ret=p7->detached=(int)larg;
-                        if (ret && PKCS7_type_is_data(p7->d.sign->contents))
-                                        {
-                                        ASN1_OCTET_STRING *os;
-                                        os=p7->d.sign->contents->d.data;
-                                        ASN1_OCTET_STRING_free(os);
-                                        p7->d.sign->contents->d.data = NULL;
-                                        }
-                        }
-                else
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-                        ret=0;
-                        }
-                break;
-        case PKCS7_OP_GET_DETACHED_SIGNATURE:
-                if (nid == NID_pkcs7_signed)
-                        {
-                        if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
-                                ret = 1;
-                        else ret = 0;
-                                
-                        p7->detached = ret;
-                        }
-                else
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-                        ret=0;
-                        }
-                        
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
-                ret=0;
-                }
-        return(ret);
-        }
-
-int PKCS7_content_new(PKCS7 *p7, int type)
-        {
-        PKCS7 *ret=NULL;
-
-        if ((ret=PKCS7_new()) == NULL) goto err;
-        if (!PKCS7_set_type(ret,type)) goto err;
-        if (!PKCS7_set_content(p7,ret)) goto err;
-
-        return(1);
-err:
-        if (ret != NULL) PKCS7_free(ret);
-        return(0);
-        }
-
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
-        {
-        int i;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                if (p7->d.sign->contents != NULL)
-                        PKCS7_free(p7->d.sign->contents);
-                p7->d.sign->contents=p7_data;
-                break;
-        case NID_pkcs7_digest:
-        case NID_pkcs7_data:
-        case NID_pkcs7_enveloped:
-        case NID_pkcs7_signedAndEnveloped:
-        case NID_pkcs7_encrypted:
-        default:
-                PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-                goto err;
-                }
-        return(1);
-err:
-        return(0);
-        }
-
-int PKCS7_set_type(PKCS7 *p7, int type)
-        {
-        ASN1_OBJECT *obj;
-
-        /*PKCS7_content_free(p7);*/
-        obj=OBJ_nid2obj(type); /* will not fail */
-
-        switch (type)
-                {
-        case NID_pkcs7_signed:
-                p7->type=obj;
-                if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
-                        goto err;
-                if (!ASN1_INTEGER_set(p7->d.sign->version,1))
-                        {
-                        PKCS7_SIGNED_free(p7->d.sign);
-                        p7->d.sign=NULL;
-                        goto err;
-                        }
-                break;
-        case NID_pkcs7_data:
-                p7->type=obj;
-                if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
-                        goto err;
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                p7->type=obj;
-                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
-                        == NULL) goto err;
-                ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-                if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
-                        goto err;
-                p7->d.signed_and_enveloped->enc_data->content_type
-                                                = OBJ_nid2obj(NID_pkcs7_data);
-                break;
-        case NID_pkcs7_enveloped:
-                p7->type=obj;
-                if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
-                        == NULL) goto err;
-                if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
-                        goto err;
-                p7->d.enveloped->enc_data->content_type
-                                                = OBJ_nid2obj(NID_pkcs7_data);
-                break;
-        case NID_pkcs7_encrypted:
-                p7->type=obj;
-                if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
-                        == NULL) goto err;
-                if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
-                        goto err;
-                p7->d.encrypted->enc_data->content_type
-                                                = OBJ_nid2obj(NID_pkcs7_data);
-                break;
-
-        case NID_pkcs7_digest:
-        default:
-                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-                goto err;
-                }
-        return(1);
-err:
-        return(0);
-        }
-
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
-        {
-        int i,j,nid;
-        X509_ALGOR *alg;
-        STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
-        STACK_OF(X509_ALGOR) *md_sk;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                signer_sk=      p7->d.sign->signer_info;
-                md_sk=          p7->d.sign->md_algs;
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                signer_sk=      p7->d.signed_and_enveloped->signer_info;
-                md_sk=          p7->d.signed_and_enveloped->md_algs;
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
-                return(0);
-                }
-
-        nid=OBJ_obj2nid(psi->digest_alg->algorithm);
-
-        /* If the digest is not currently listed, add it */
-        j=0;
-        for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-                {
-                alg=sk_X509_ALGOR_value(md_sk,i);
-                if (OBJ_obj2nid(alg->algorithm) == nid)
-                        {
-                        j=1;
-                        break;
-                        }
-                }
-        if (!j) /* we need to add another algorithm */
-                {
-                if(!(alg=X509_ALGOR_new())
-                        || !(alg->parameter = ASN1_TYPE_new())) {
-                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                }
-                alg->algorithm=OBJ_nid2obj(nid);
-                alg->parameter->type = V_ASN1_NULL;
-                sk_X509_ALGOR_push(md_sk,alg);
-                }
-
-        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
-        return(1);
-        }
-
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
-        {
-        int i;
-        STACK_OF(X509) **sk;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                sk= &(p7->d.sign->cert);
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                sk= &(p7->d.signed_and_enveloped->cert);
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
-                return(0);
-                }
-
-        if (*sk == NULL)
-                *sk=sk_X509_new_null();
-        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-        sk_X509_push(*sk,x509);
-        return(1);
-        }
-
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
-        {
-        int i;
-        STACK_OF(X509_CRL) **sk;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signed:
-                sk= &(p7->d.sign->crl);
-                break;
-        case NID_pkcs7_signedAndEnveloped:
-                sk= &(p7->d.signed_and_enveloped->crl);
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
-                return(0);
-                }
-
-        if (*sk == NULL)
-                *sk=sk_X509_CRL_new_null();
-
-        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-        sk_X509_CRL_push(*sk,crl);
-        return(1);
-        }
-
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-             const EVP_MD *dgst)
-        {
-        char is_dsa;
-        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
-        else is_dsa = 0;
-        /* We now need to add another PKCS7_SIGNER_INFO entry */
-        if (!ASN1_INTEGER_set(p7i->version,1))
-                goto err;
-        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-                        X509_get_issuer_name(x509)))
-                goto err;
-
-        /* because ASN1_INTEGER_set is used to set a 'long' we will do
-         * things the ugly way. */
-        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-        if (!(p7i->issuer_and_serial->serial=
-                        M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-                goto err;
-
-        /* lets keep the pkey around for a while */
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        p7i->pkey=pkey;
-
-        /* Set the algorithms */
-        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
-        else    
-                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-
-        if (p7i->digest_alg->parameter != NULL)
-                ASN1_TYPE_free(p7i->digest_alg->parameter);
-        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
-                goto err;
-        p7i->digest_alg->parameter->type=V_ASN1_NULL;
-
-        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
-
-        if (p7i->digest_enc_alg->parameter != NULL)
-                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
-        else {
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-                        goto err;
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-        }
-
-        return(1);
-err:
-        return(0);
-        }
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-             const EVP_MD *dgst)
-        {
-        PKCS7_SIGNER_INFO *si;
-
-        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
-        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
-        if (!PKCS7_add_signer(p7,si)) goto err;
-        return(si);
-err:
-        return(NULL);
-        }
-
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-        {
-        if (PKCS7_type_is_signed(p7))
-                {
-                return(p7->d.sign->signer_info);
-                }
-        else if (PKCS7_type_is_signedAndEnveloped(p7))
-                {
-                return(p7->d.signed_and_enveloped->signer_info);
-                }
-        else
-                return(NULL);
-        }
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
-        {
-        PKCS7_RECIP_INFO *ri;
-
-        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
-        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
-        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-        return(ri);
-err:
-        return(NULL);
-        }
-
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
-        {
-        int i;
-        STACK_OF(PKCS7_RECIP_INFO) *sk;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signedAndEnveloped:
-                sk=     p7->d.signed_and_enveloped->recipientinfo;
-                break;
-        case NID_pkcs7_enveloped:
-                sk=     p7->d.enveloped->recipientinfo;
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
-                return(0);
-                }
-
-        sk_PKCS7_RECIP_INFO_push(sk,ri);
-        return(1);
-        }
-
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
-        {
-        if (!ASN1_INTEGER_set(p7i->version,0))
-                return 0;
-        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-                X509_get_issuer_name(x509)))
-                return 0;
-
-        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-        if (!(p7i->issuer_and_serial->serial=
-                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-                return 0;
-
-        X509_ALGOR_free(p7i->key_enc_algor);
-        if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
-                return 0;
-
-        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-        p7i->cert=x509;
-
-        return(1);
-        }
-
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-        {
-        if (PKCS7_type_is_signed(p7))
-                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
-                        si->issuer_and_serial->issuer,
-                        si->issuer_and_serial->serial));
-        else
-                return(NULL);
-        }
-
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
-        {
-        int i;
-        ASN1_OBJECT *objtmp;
-        PKCS7_ENC_CONTENT *ec;
-
-        i=OBJ_obj2nid(p7->type);
-        switch (i)
-                {
-        case NID_pkcs7_signedAndEnveloped:
-                ec=p7->d.signed_and_enveloped->enc_data;
-                break;
-        case NID_pkcs7_enveloped:
-                ec=p7->d.enveloped->enc_data;
-                break;
-        default:
-                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
-                return(0);
-                }
-
-        /* Check cipher OID exists and has data in it*/
-        i = EVP_CIPHER_type(cipher);
-        if(i == NID_undef) {
-                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-                return(0);
-        }
-        objtmp = OBJ_nid2obj(i);
-
-        ec->cipher = cipher;
-        return 1;
-        }
-
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
deleted file mode 100644
index 927b88c3e7..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ /dev/null
@@ -1,734 +0,0 @@
-/* pk7_mime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-
-/* MIME and related routines */
-
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-
-typedef struct {
-char *param_name;                       /* Param name e.g. "micalg" */
-char *param_value;                      /* Param value e.g. "sha1" */
-} MIME_PARAM;
-
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
-char *name;                             /* Name of line e.g. "content-type" */
-char *value;                            /* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
-
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
-static PKCS7 *B64_read_PKCS7(BIO *bio);
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-
-
-typedef void (*stkfree)();
-
-/* Base 64 read and write of PKCS#7 structure */
-
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
-{
-        BIO *b64;
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
-                PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        bio = BIO_push(b64, bio);
-        i2d_PKCS7_bio(bio, p7);
-        BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return 1;
-}
-
-static PKCS7 *B64_read_PKCS7(BIO *bio)
-{
-        BIO *b64;
-        PKCS7 *p7;
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        bio = BIO_push(b64, bio);
-        if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
-        BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return p7;
-}
-
-/* SMIME sender */
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-{
-        char bound[33], c;
-        int i;
-        char *mime_prefix, *mime_eol, *msg_type=NULL;
-        if (flags & PKCS7_NOOLDMIMETYPE)
-                mime_prefix = "application/pkcs7-";
-        else
-                mime_prefix = "application/x-pkcs7-";
-
-        if (flags & PKCS7_CRLFEOL)
-                mime_eol = "\r\n";
-        else
-                mime_eol = "\n";
-        if((flags & PKCS7_DETACHED) && data) {
-        /* We want multipart/signed */
-                /* Generate a random boundary */
-                RAND_pseudo_bytes((unsigned char *)bound, 32);
-                for(i = 0; i < 32; i++) {
-                        c = bound[i] & 0xf;
-                        if(c < 10) c += '0';
-                        else c += 'A' - 10;
-                        bound[i] = c;
-                }
-                bound[32] = 0;
-                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-                BIO_printf(bio, "Content-Type: multipart/signed;");
-                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
-                                                bound, mime_eol, mime_eol);
-                BIO_printf(bio, "This is an S/MIME signed message%s%s",
-                                                mime_eol, mime_eol);
-                /* Now write out the first part */
-                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                SMIME_crlf_copy(data, bio, flags);
-                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
-                /* Headers for signature */
-
-                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-                                                                mime_eol);
-                BIO_printf(bio, "Content-Disposition: attachment;");
-                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-                                                        mime_eol, mime_eol);
-                B64_write_PKCS7(bio, p7);
-                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-                                                mime_eol, mime_eol);
-                return 1;
-        }
-
-        /* Determine smime-type header */
-
-        if (PKCS7_type_is_enveloped(p7))
-                msg_type = "enveloped-data";
-        else if (PKCS7_type_is_signed(p7))
-                {
-                /* If we have any signers it is signed-data othewise 
-                 * certs-only.
-                 */
-                STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-                sinfos = PKCS7_get_signer_info(p7);
-                if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
-                        msg_type = "signed-data";
-                else
-                        msg_type = "certs-only";
-                }
-        /* MIME headers */
-        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-        BIO_printf(bio, "Content-Disposition: attachment;");
-        BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-        if (msg_type)
-                BIO_printf(bio, " smime-type=%s;", msg_type);
-        BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-                                                mime_eol, mime_eol);
-        B64_write_PKCS7(bio, p7);
-        BIO_printf(bio, "%s", mime_eol);
-        return 1;
-}
-
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
-
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-{
-        BIO *p7in;
-        STACK_OF(MIME_HEADER) *headers = NULL;
-        STACK_OF(BIO) *parts = NULL;
-        MIME_HEADER *hdr;
-        MIME_PARAM *prm;
-        PKCS7 *p7;
-        int ret;
-
-        if(bcont) *bcont = NULL;
-
-        if (!(headers = mime_parse_hdr(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
-                return NULL;
-        }
-
-        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
-                return NULL;
-        }
-
-        /* Handle multipart/signed */
-
-        if(!strcmp(hdr->value, "multipart/signed")) {
-                /* Split into two parts */
-                prm = mime_param_find(hdr, "boundary");
-                if(!prm || !prm->param_value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
-                        return NULL;
-                }
-                ret = multi_split(bio, prm->param_value, &parts);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                if(!ret || (sk_BIO_num(parts) != 2) ) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-
-                /* Parse the signature piece */
-                p7in = sk_BIO_value(parts, 1);
-
-                if (!(headers = mime_parse_hdr(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-
-                /* Get content type */
-
-                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-                                                                 !hdr->value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
-                        return NULL;
-                }
-
-                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
-                        ERR_add_error_data(2, "type: ", hdr->value);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                /* Read in PKCS#7 */
-                if(!(p7 = B64_read_PKCS7(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-
-                if(bcont) {
-                        *bcont = sk_BIO_value(parts, 0);
-                        BIO_free(p7in);
-                        sk_BIO_free(parts);
-                } else sk_BIO_pop_free(parts, BIO_vfree);
-                return p7;
-        }
-                
-        /* OK, if not multipart/signed try opaque signature */
-
-        if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-            strcmp (hdr->value, "application/pkcs7-mime")) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
-                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                return NULL;
-        }
-
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        
-        if(!(p7 = B64_read_PKCS7(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
-                return NULL;
-        }
-        return p7;
-
-}
-
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
-        char eol;
-        int len;
-        char linebuf[MAX_SMLEN];
-        if(flags & PKCS7_BINARY) {
-                while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-                                                BIO_write(out, linebuf, len);
-                return 1;
-        }
-        if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
-                eol = strip_eol(linebuf, &len);
-                if (len)
-                        BIO_write(out, linebuf, len);
-                if(eol) BIO_write(out, "\r\n", 2);
-        }
-        return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
-        char iobuf[4096];
-        int len;
-        STACK_OF(MIME_HEADER) *headers;
-        MIME_HEADER *hdr;
-
-        if (!(headers = mime_parse_hdr(in))) {
-                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
-                return 0;
-        }
-        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                return 0;
-        }
-        if (strcmp (hdr->value, "text/plain")) {
-                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
-                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                return 0;
-        }
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-                                                BIO_write(out, iobuf, len);
-        return 1;
-}
-
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-        char linebuf[MAX_SMLEN];
-        int len, blen;
-        int eol = 0, next_eol = 0;
-        BIO *bpart = NULL;
-        STACK_OF(BIO) *parts;
-        char state, part, first;
-
-        blen = strlen(bound);
-        part = 0;
-        state = 0;
-        first = 1;
-        parts = sk_BIO_new_null();
-        *ret = parts;
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-                state = mime_bound_check(linebuf, len, bound, blen);
-                if(state == 1) {
-                        first = 1;
-                        part++;
-                } else if(state == 2) {
-                        sk_BIO_push(parts, bpart);
-                        return 1;
-                } else if(part) {
-                        /* Strip CR+LF from linebuf */
-                        next_eol = strip_eol(linebuf, &len);
-                        if(first) {
-                                first = 0;
-                                if(bpart) sk_BIO_push(parts, bpart);
-                                bpart = BIO_new(BIO_s_mem());
-                                BIO_set_mem_eof_return(bpart, 0);
-                        } else if (eol)
-                                BIO_write(bpart, "\r\n", 2);
-                        eol = next_eol;
-                        if (len)
-                                BIO_write(bpart, linebuf, len);
-                }
-        }
-        return 0;
-}
-
-/* This is the big one: parse MIME header lines up to message body */
-
-#define MIME_INVALID    0
-#define MIME_START      1
-#define MIME_TYPE       2
-#define MIME_NAME       3
-#define MIME_VALUE      4
-#define MIME_QUOTE      5
-#define MIME_COMMENT    6
-
-
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-        char *p, *q, c;
-        char *ntmp;
-        char linebuf[MAX_SMLEN];
-        MIME_HEADER *mhdr = NULL;
-        STACK_OF(MIME_HEADER) *headers;
-        int len, state, save_state = 0;
-
-        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-        /* If whitespace at line start then continuation line */
-        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-        else state = MIME_START;
-        ntmp = NULL;
-        /* Go through all characters */
-        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-        /* State machine to handle MIME headers
-         * if this looks horrible that's because it *is*
-         */
-
-                switch(state) {
-                        case MIME_START:
-                        if(c == ':') {
-                                state = MIME_TYPE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break;
-
-                        case MIME_TYPE:
-                        if(c == ';') {
-                                mime_debug("Found End Value\n");
-                                *p = 0;
-                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                                sk_MIME_HEADER_push(headers, mhdr);
-                                ntmp = NULL;
-                                q = p + 1;
-                                state = MIME_NAME;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-
-                        case MIME_COMMENT:
-                        if(c == ')') {
-                                state = save_state;
-                        }
-                        break;
-
-                        case MIME_NAME:
-                        if(c == '=') {
-                                state = MIME_VALUE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break ;
-
-                        case MIME_VALUE:
-                        if(c == ';') {
-                                state = MIME_NAME;
-                                *p = 0;
-                                mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-                                ntmp = NULL;
-                                q = p + 1;
-                        } else if (c == '"') {
-                                mime_debug("Found Quote\n");
-                                state = MIME_QUOTE;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-
-                        case MIME_QUOTE:
-                        if(c == '"') {
-                                mime_debug("Found Match Quote\n");
-                                state = MIME_VALUE;
-                        }
-                        break;
-                }
-        }
-
-        if(state == MIME_TYPE) {
-                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                sk_MIME_HEADER_push(headers, mhdr);
-        } else if(state == MIME_VALUE)
-                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-        if(p == linebuf) break; /* Blank line means end of headers */
-}
-
-return headers;
-
-}
-
-static char *strip_ends(char *name)
-{
-        return strip_end(strip_start(name));
-}
-
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-        char *p, c;
-        /* Look for first non white space or quote */
-        for(p = name; (c = *p) ;p++) {
-                if(c == '"') {
-                        /* Next char is start of string if non null */
-                        if(p[1]) return p + 1;
-                        /* Else null string */
-                        return NULL;
-                }
-                if(!isspace((unsigned char)c)) return p;
-        }
-        return NULL;
-}
-
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-        char *p, c;
-        if(!name) return NULL;
-        /* Look for first non white space or quote */
-        for(p = name + strlen(name) - 1; p >= name ;p--) {
-                c = *p;
-                if(c == '"') {
-                        if(p - 1 == name) return NULL;
-                        *p = 0;
-                        return name;
-                }
-                if(isspace((unsigned char)c)) *p = 0;   
-                else return name;
-        }
-        return NULL;
-}
-
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-        MIME_HEADER *mhdr;
-        char *tmpname, *tmpval, *p;
-        int c;
-        if(name) {
-                if(!(tmpname = BUF_strdup(name))) return NULL;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                if(!(tmpval = BUF_strdup(value))) return NULL;
-                for(p = tmpval ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpval = NULL;
-        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-        if(!mhdr) return NULL;
-        mhdr->name = tmpname;
-        mhdr->value = tmpval;
-        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-        return mhdr;
-}
-                
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-        char *tmpname, *tmpval, *p;
-        int c;
-        MIME_PARAM *mparam;
-        if(name) {
-                tmpname = BUF_strdup(name);
-                if(!tmpname) return 0;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                tmpval = BUF_strdup(value);
-                if(!tmpval) return 0;
-        } else tmpval = NULL;
-        /* Parameter values are case sensitive so leave as is */
-        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-        if(!mparam) return 0;
-        mparam->param_name = tmpname;
-        mparam->param_value = tmpval;
-        sk_MIME_PARAM_push(mhdr->params, mparam);
-        return 1;
-}
-
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b)
-{
-        return(strcmp((*a)->name, (*b)->name));
-}
-
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b)
-{
-        return(strcmp((*a)->param_name, (*b)->param_name));
-}
-
-/* Find a header with a given name (if possible) */
-
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-        MIME_HEADER htmp;
-        int idx;
-        htmp.name = name;
-        idx = sk_MIME_HEADER_find(hdrs, &htmp);
-        if(idx < 0) return NULL;
-        return sk_MIME_HEADER_value(hdrs, idx);
-}
-
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-        MIME_PARAM param;
-        int idx;
-        param.param_name = name;
-        idx = sk_MIME_PARAM_find(hdr->params, &param);
-        if(idx < 0) return NULL;
-        return sk_MIME_PARAM_value(hdr->params, idx);
-}
-
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-        if(hdr->name) OPENSSL_free(hdr->name);
-        if(hdr->value) OPENSSL_free(hdr->value);
-        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-        OPENSSL_free(hdr);
-}
-
-static void mime_param_free(MIME_PARAM *param)
-{
-        if(param->param_name) OPENSSL_free(param->param_name);
-        if(param->param_value) OPENSSL_free(param->param_value);
-        OPENSSL_free(param);
-}
-
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-        if(linelen == -1) linelen = strlen(line);
-        if(blen == -1) blen = strlen(bound);
-        /* Quickly eliminate if line length too short */
-        if(blen + 2 > linelen) return 0;
-        /* Check for part boundary */
-        if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-                if(!strncmp(line + blen + 2, "--", 2)) return 2;
-                else return 1;
-        }
-        return 0;
-}
-
-static int strip_eol(char *linebuf, int *plen)
-        {
-        int len = *plen;
-        char *p, c;
-        int is_eol = 0;
-        p = linebuf + len - 1;
-        for (p = linebuf + len - 1; len > 0; len--, p--)
-                {
-                c = *p;
-                if (c == '\n')
-                        is_eol = 1;
-                else if (c != '\r')
-                        break;
-                }
-        *plen = len;
-        return is_eol;
-        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
deleted file mode 100644
index 99a0d63f38..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ /dev/null
@@ -1,469 +0,0 @@
-/* pk7_smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Simple PKCS#7 processing functions */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                  BIO *data, int flags)
-{
-        PKCS7 *p7;
-        PKCS7_SIGNER_INFO *si;
-        BIO *p7bio;
-        STACK_OF(X509_ALGOR) *smcap;
-        int i;
-
-        if(!X509_check_private_key(signcert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-        }
-
-        if(!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        PKCS7_set_type(p7, NID_pkcs7_signed);
-
-        PKCS7_content_new(p7, NID_pkcs7_data);
-
-        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
-                return NULL;
-        }
-
-        if(!(flags & PKCS7_NOCERTS)) {
-                PKCS7_add_certificate(p7, signcert);
-                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
-                        PKCS7_add_certificate(p7, sk_X509_value(certs, i));
-        }
-
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-
-        SMIME_crlf_copy(data, p7bio, flags);
-
-        if(!(flags & PKCS7_NOATTR)) {
-                PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
-                /* Add SMIMECapabilities */
-                if(!(flags & PKCS7_NOSMIMECAP))
-                {
-                if(!(smcap = sk_X509_ALGOR_new_null())) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                }
-#ifndef OPENSSL_NO_DES
-                PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
-#endif
-#ifndef OPENSSL_NO_RC2
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
-#endif
-#ifndef OPENSSL_NO_DES
-                PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
-#endif
-#ifndef OPENSSL_NO_RC2
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
-#endif
-                PKCS7_add_attrib_smimecap (si, smcap);
-                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-                }
-        }
-
-        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
-                return NULL;
-        }
-
-        BIO_free_all(p7bio);
-        return p7;
-}
-
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-                                        BIO *indata, BIO *out, int flags)
-{
-        STACK_OF(X509) *signers;
-        X509 *signer;
-        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-        PKCS7_SIGNER_INFO *si;
-        X509_STORE_CTX cert_ctx;
-        char buf[4096];
-        int i, j=0, k, ret = 0;
-        BIO *p7bio;
-        BIO *tmpin, *tmpout;
-
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
-                return 0;
-        }
-
-        if(!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
-                return 0;
-        }
-
-        /* Check for no data and no content: no data to verify signature */
-        if(PKCS7_get_detached(p7) && !indata) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
-                return 0;
-        }
-#if 0
-        /* NB: this test commented out because some versions of Netscape
-         * illegally include zero length content when signing data.
-         */
-
-        /* Check for data and content: two sets of data */
-        if(!PKCS7_get_detached(p7) && indata) {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
-                return 0;
-        }
-#endif
-
-        sinfos = PKCS7_get_signer_info(p7);
-
-        if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
-                return 0;
-        }
-
-
-        signers = PKCS7_get0_signers(p7, certs, flags);
-
-        if(!signers) return 0;
-
-        /* Now verify the certificates */
-
-        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-                signer = sk_X509_value (signers, k);
-                if (!(flags & PKCS7_NOCHAIN)) {
-                        if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-                                                        p7->d.sign->cert))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-                                sk_X509_free(signers);
-                                return 0;
-                                }
-                        X509_STORE_CTX_set_purpose(&cert_ctx,
-                                                X509_PURPOSE_SMIME_SIGN);
-                } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-                        sk_X509_free(signers);
-                        return 0;
-                }
-                i = X509_verify_cert(&cert_ctx);
-                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
-                X509_STORE_CTX_cleanup(&cert_ctx);
-                if (i <= 0) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-                        ERR_add_error_data(2, "Verify error:",
-                                         X509_verify_cert_error_string(j));
-                        sk_X509_free(signers);
-                        return 0;
-                }
-                /* Check for revocation status here */
-        }
-
-        /* Performance optimization: if the content is a memory BIO then
-         * store its contents in a temporary read only memory BIO. This
-         * avoids potentially large numbers of slow copies of data which will
-         * occur when reading from a read write memory BIO when signatures
-         * are calculated.
-         */
-
-        if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-                {
-                char *ptr;
-                long len;
-                len = BIO_get_mem_data(indata, &ptr);
-                tmpin = BIO_new_mem_buf(ptr, len);
-                if (tmpin == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                }
-        else
-                tmpin = indata;
-                
-
-        p7bio=PKCS7_dataInit(p7,tmpin);
-
-        if(flags & PKCS7_TEXT) {
-                if(!(tmpout = BIO_new(BIO_s_mem()))) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-        } else tmpout = out;
-
-        /* We now have to 'read' from p7bio to calculate digests etc. */
-        for (;;)
-        {
-                i=BIO_read(p7bio,buf,sizeof(buf));
-                if (i <= 0) break;
-                if (tmpout) BIO_write(tmpout, buf, i);
-        }
-
-        if(flags & PKCS7_TEXT) {
-                if(!SMIME_text(tmpout, out)) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
-                        BIO_free(tmpout);
-                        goto err;
-                }
-                BIO_free(tmpout);
-        }
-
-        /* Now Verify All Signatures */
-        if (!(flags & PKCS7_NOSIGS))
-            for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-                {
-                si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
-                signer = sk_X509_value (signers, i);
-                j=PKCS7_signatureVerify(p7bio,p7,si, signer);
-                if (j <= 0) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
-                        goto err;
-                }
-        }
-
-        ret = 1;
-
-        err:
-        
-        if (tmpin == indata)
-                {
-                if (indata) BIO_pop(p7bio);
-                }
-        BIO_free_all(p7bio);
-
-        sk_X509_free(signers);
-
-        return ret;
-}
-
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
-{
-        STACK_OF(X509) *signers;
-        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-        PKCS7_SIGNER_INFO *si;
-        PKCS7_ISSUER_AND_SERIAL *ias;
-        X509 *signer;
-        int i;
-
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
-                return NULL;
-        }
-
-        if(!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
-                return NULL;
-        }
-
-        /* Collect all the signers together */
-
-        sinfos = PKCS7_get_signer_info(p7);
-
-        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-                return 0;
-        }
-
-        if(!(signers = sk_X509_new_null())) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-        {
-            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-            ias = si->issuer_and_serial;
-            signer = NULL;
-                /* If any certificates passed they take priority */
-            if (certs) signer = X509_find_by_issuer_and_serial (certs,
-                                                ias->issuer, ias->serial);
-            if (!signer && !(flags & PKCS7_NOINTERN)
-                        && p7->d.sign->cert) signer =
-                              X509_find_by_issuer_and_serial (p7->d.sign->cert,
-                                                ias->issuer, ias->serial);
-            if (!signer) {
-                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                        sk_X509_free(signers);
-                        return 0;
-            }
-
-            sk_X509_push(signers, signer);
-        }
-        return signers;
-}
-
-
-/* Build a complete PKCS#7 enveloped data */
-
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-                                                                int flags)
-{
-        PKCS7 *p7;
-        BIO *p7bio = NULL;
-        int i;
-        X509 *x509;
-        if(!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        PKCS7_set_type(p7, NID_pkcs7_enveloped);
-        if(!PKCS7_set_cipher(p7, cipher)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
-                goto err;
-        }
-
-        for(i = 0; i < sk_X509_num(certs); i++) {
-                x509 = sk_X509_value(certs, i);
-                if(!PKCS7_add_recipient(p7, x509)) {
-                        PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-                                        PKCS7_R_ERROR_ADDING_RECIPIENT);
-                        goto err;
-                }
-        }
-
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        SMIME_crlf_copy(in, p7bio, flags);
-
-        BIO_flush(p7bio);
-
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
-                goto err;
-        }
-        BIO_free_all(p7bio);
-
-        return p7;
-
-        err:
-
-        BIO_free(p7bio);
-        PKCS7_free(p7);
-        return NULL;
-
-}
-
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
-{
-        BIO *tmpmem;
-        int ret, i;
-        char buf[4096];
-
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
-                return 0;
-        }
-
-        if(!PKCS7_type_is_enveloped(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
-                return 0;
-        }
-
-        if(!X509_check_private_key(cert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-                                PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return 0;
-        }
-
-        if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
-                return 0;
-        }
-
-        if (flags & PKCS7_TEXT) {
-                BIO *tmpbuf, *bread;
-                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-                if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if(!(bread = BIO_push(tmpbuf, tmpmem))) {
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                ret = SMIME_text(bread, data);
-                BIO_free_all(bread);
-                return ret;
-        } else {
-                for(;;) {
-                        i = BIO_read(tmpmem, buf, sizeof(buf));
-                        if(i <= 0) break;
-                        BIO_write(data, buf, i);
-                }
-                BIO_free_all(tmpmem);
-                return 1;
-        }
-}
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
deleted file mode 100644
index 15372e18f8..0000000000
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ /dev/null
@@ -1,451 +0,0 @@
-/* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PKCS7_H
-#define HEADER_PKCS7_H
-
-#include <openssl/asn1.h>
-#include <openssl/bio.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/symhacks.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef PKCS7_SIGNER_INFO
-#endif
-
-/*
-Encryption_ID           DES-CBC
-Digest_ID               MD5
-Digest_Encryption_ID    rsaEncryption
-Key_Encryption_ID       rsaEncryption
-*/
-
-typedef struct pkcs7_issuer_and_serial_st
-        {
-        X509_NAME *issuer;
-        ASN1_INTEGER *serial;
-        } PKCS7_ISSUER_AND_SERIAL;
-
-typedef struct pkcs7_signer_info_st
-        {
-        ASN1_INTEGER                    *version;       /* version 1 */
-        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
-        X509_ALGOR                      *digest_alg;
-        STACK_OF(X509_ATTRIBUTE)        *auth_attr;     /* [ 0 ] */
-        X509_ALGOR                      *digest_enc_alg;
-        ASN1_OCTET_STRING               *enc_digest;
-        STACK_OF(X509_ATTRIBUTE)        *unauth_attr;   /* [ 1 ] */
-
-        /* The private key to sign with */
-        EVP_PKEY                        *pkey;
-        } PKCS7_SIGNER_INFO;
-
-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
-
-typedef struct pkcs7_recip_info_st
-        {
-        ASN1_INTEGER                    *version;       /* version 0 */
-        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
-        X509_ALGOR                      *key_enc_algor;
-        ASN1_OCTET_STRING               *enc_key;
-        X509                            *cert; /* get the pub-key from this */
-        } PKCS7_RECIP_INFO;
-
-DECLARE_STACK_OF(PKCS7_RECIP_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
-
-typedef struct pkcs7_signed_st
-        {
-        ASN1_INTEGER                    *version;       /* version 1 */
-        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
-        STACK_OF(X509)                  *cert;          /* [ 0 ] */
-        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
-        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
-
-        struct pkcs7_st                 *contents;
-        } PKCS7_SIGNED;
-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
- * How about merging the two */
-
-typedef struct pkcs7_enc_content_st
-        {
-        ASN1_OBJECT                     *content_type;
-        X509_ALGOR                      *algorithm;
-        ASN1_OCTET_STRING               *enc_data;      /* [ 0 ] */
-        const EVP_CIPHER                *cipher;
-        } PKCS7_ENC_CONTENT;
-
-typedef struct pkcs7_enveloped_st
-        {
-        ASN1_INTEGER                    *version;       /* version 0 */
-        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
-        PKCS7_ENC_CONTENT               *enc_data;
-        } PKCS7_ENVELOPE;
-
-typedef struct pkcs7_signedandenveloped_st
-        {
-        ASN1_INTEGER                    *version;       /* version 1 */
-        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
-        STACK_OF(X509)                  *cert;          /* [ 0 ] */
-        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
-        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
-
-        PKCS7_ENC_CONTENT               *enc_data;
-        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
-        } PKCS7_SIGN_ENVELOPE;
-
-typedef struct pkcs7_digest_st
-        {
-        ASN1_INTEGER                    *version;       /* version 0 */
-        X509_ALGOR                      *md;            /* md used */
-        struct pkcs7_st                 *contents;
-        ASN1_OCTET_STRING               *digest;
-        } PKCS7_DIGEST;
-
-typedef struct pkcs7_encrypted_st
-        {
-        ASN1_INTEGER                    *version;       /* version 0 */
-        PKCS7_ENC_CONTENT               *enc_data;
-        } PKCS7_ENCRYPT;
-
-typedef struct pkcs7_st
-        {
-        /* The following is non NULL if it contains ASN1 encoding of
-         * this structure */
-        unsigned char *asn1;
-        long length;
-
-#define PKCS7_S_HEADER  0
-#define PKCS7_S_BODY    1
-#define PKCS7_S_TAIL    2
-        int state; /* used during processing */
-
-        int detached;
-
-        ASN1_OBJECT *type;
-        /* content as defined by the type */
-        /* all encryption/message digests are applied to the 'contents',
-         * leaving out the 'type' field. */
-        union   {
-                char *ptr;
-
-                /* NID_pkcs7_data */
-                ASN1_OCTET_STRING *data;
-
-                /* NID_pkcs7_signed */
-                PKCS7_SIGNED *sign;
-
-                /* NID_pkcs7_enveloped */
-                PKCS7_ENVELOPE *enveloped;
-
-                /* NID_pkcs7_signedAndEnveloped */
-                PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
-
-                /* NID_pkcs7_digest */
-                PKCS7_DIGEST *digest;
-
-                /* NID_pkcs7_encrypted */
-                PKCS7_ENCRYPT *encrypted;
-
-                /* Anything else */
-                ASN1_TYPE *other;
-                } d;
-        } PKCS7;
-
-DECLARE_STACK_OF(PKCS7)
-DECLARE_ASN1_SET_OF(PKCS7)
-DECLARE_PKCS12_STACK_OF(PKCS7)
-
-#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
-#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
-
-#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
-#define PKCS7_get_attributes(si)        ((si)->unauth_attr)
-
-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
-#define PKCS7_type_is_signedAndEnveloped(a) \
-                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
-#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
-
-#define PKCS7_set_detached(p,v) \
-                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
-#define PKCS7_get_detached(p) \
-                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
-
-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-
-#ifdef SSLEAY_MACROS
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                        (char *)data,md,len)
-#endif
-#endif
-
-/* S/MIME related flags */
-
-#define PKCS7_TEXT              0x1
-#define PKCS7_NOCERTS           0x2
-#define PKCS7_NOSIGS            0x4
-#define PKCS7_NOCHAIN           0x8
-#define PKCS7_NOINTERN          0x10
-#define PKCS7_NOVERIFY          0x20
-#define PKCS7_DETACHED          0x40
-#define PKCS7_BINARY            0x80
-#define PKCS7_NOATTR            0x100
-#define PKCS7_NOSMIMECAP        0x200
-#define PKCS7_NOOLDMIMETYPE     0x400
-#define PKCS7_CRLFEOL           0x800
-
-/* Flags: for compatibility with older code */
-
-#define SMIME_TEXT      PKCS7_TEXT
-#define SMIME_NOCERTS   PKCS7_NOCERTS
-#define SMIME_NOSIGS    PKCS7_NOSIGS
-#define SMIME_NOCHAIN   PKCS7_NOCHAIN
-#define SMIME_NOINTERN  PKCS7_NOINTERN
-#define SMIME_NOVERIFY  PKCS7_NOVERIFY
-#define SMIME_DETACHED  PKCS7_DETACHED
-#define SMIME_BINARY    PKCS7_BINARY
-#define SMIME_NOATTR    PKCS7_NOATTR
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-#ifndef SSLEAY_MACROS
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
-        unsigned char *md,unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-DECLARE_ASN1_FUNCTIONS(PKCS7)
-
-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
-
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
-
-int PKCS7_set_type(PKCS7 *p7, int type);
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-        const EVP_MD *dgst);
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
-        BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                                                                X509 *x509);
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
-
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-        EVP_PKEY *pkey, const EVP_MD *dgst);
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
-        void *data);
-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-        void *value);
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-                                STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
-
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                                                        BIO *data, int flags);
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-                                        BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-                                                                int flags);
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
-                              STACK_OF(X509_ALGOR) *cap);
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS7_strings(void);
-
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_B64_READ_PKCS7                           120
-#define PKCS7_F_B64_WRITE_PKCS7                          121
-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
-#define PKCS7_F_PKCS7_ADD_CRL                            101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
-#define PKCS7_F_PKCS7_ADD_SIGNER                         103
-#define PKCS7_F_PKCS7_CTRL                               104
-#define PKCS7_F_PKCS7_DATADECODE                         112
-#define PKCS7_F_PKCS7_DATAINIT                           105
-#define PKCS7_F_PKCS7_DATASIGN                           106
-#define PKCS7_F_PKCS7_DATAVERIFY                         107
-#define PKCS7_F_PKCS7_DECRYPT                            114
-#define PKCS7_F_PKCS7_ENCRYPT                            115
-#define PKCS7_F_PKCS7_GET0_SIGNERS                       124
-#define PKCS7_F_PKCS7_SET_CIPHER                         108
-#define PKCS7_F_PKCS7_SET_CONTENT                        109
-#define PKCS7_F_PKCS7_SET_TYPE                           110
-#define PKCS7_F_PKCS7_SIGN                               116
-#define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
-#define PKCS7_F_PKCS7_VERIFY                             117
-#define PKCS7_F_SMIME_READ_PKCS7                         122
-#define PKCS7_F_SMIME_TEXT                               123
-
-/* Reason codes. */
-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
-#define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
-#define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
-#define PKCS7_R_DECODE_ERROR                             130
-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
-#define PKCS7_R_DECRYPT_ERROR                            119
-#define PKCS7_R_DIGEST_FAILURE                           101
-#define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
-#define PKCS7_R_ERROR_SETTING_CIPHER                     121
-#define PKCS7_R_INVALID_MIME_TYPE                        131
-#define PKCS7_R_INVALID_NULL_POINTER                     143
-#define PKCS7_R_MIME_NO_CONTENT_TYPE                     132
-#define PKCS7_R_MIME_PARSE_ERROR                         133
-#define PKCS7_R_MIME_SIG_PARSE_ERROR                     134
-#define PKCS7_R_MISSING_CERIPEND_INFO                    103
-#define PKCS7_R_NO_CONTENT                               122
-#define PKCS7_R_NO_CONTENT_TYPE                          135
-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
-#define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
-#define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
-#define PKCS7_R_NO_SIGNERS                               142
-#define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
-#define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
-#define PKCS7_R_PKCS7_DATASIGN                           126
-#define PKCS7_R_PKCS7_PARSE_ERROR                        139
-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR                    140
-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
-#define PKCS7_R_SIGNATURE_FAILURE                        105
-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
-#define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
-#define PKCS7_R_SMIME_TEXT_ERROR                         129
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
-#define PKCS7_R_UNKNOWN_OPERATION                        110
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
-#define PKCS7_R_WRONG_CONTENT_TYPE                       113
-#define PKCS7_R_WRONG_PKCS7_TYPE                         114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
deleted file mode 100644
index 19894c80a4..0000000000
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* crypto/pkcs7/pkcs7err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs7.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
-static ERR_STRING_DATA PKCS7_str_functs[]=
-        {
-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),      "B64_READ_PKCS7"},
-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),     "B64_WRITE_PKCS7"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),   "PKCS7_add_attrib_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),       "PKCS7_add_certificate"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),       "PKCS7_add_crl"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),    "PKCS7_add_recipient_info"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),    "PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_CTRL),  "PKCS7_ctrl"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),    "PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),      "PKCS7_dataInit"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),      "PKCS7_DATASIGN"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),    "PKCS7_dataVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),       "PKCS7_decrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),       "PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),  "PKCS7_get0_signers"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),    "PKCS7_set_cipher"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),   "PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),      "PKCS7_set_type"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN),  "PKCS7_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),       "PKCS7_signatureVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),       "PKCS7_simple_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),        "PKCS7_verify"},
-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),    "SMIME_read_PKCS7"},
-{ERR_FUNC(PKCS7_F_SMIME_TEXT),  "SMIME_text"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA PKCS7_str_reasons[]=
-        {
-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
-{ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
-{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
-{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
-{ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
-{ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},
-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   ,"unknown operation"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  ,"wrong content type"},
-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    ,"wrong pkcs7 type"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_PKCS7_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,PKCS7_str_functs);
-                ERR_load_strings(0,PKCS7_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
deleted file mode 100644
index 604df9be6c..0000000000
--- a/src/lib/libcrypto/rand/rand.h
+++ /dev/null
@@ -1,143 +0,0 @@
-/* crypto/rand/rand.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RAND_H
-#define HEADER_RAND_H
-
-#include <stdlib.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
-#endif
-
-typedef struct rand_meth_st
-        {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, double entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-        int (*status)(void);
-        } RAND_METHOD;
-
-#ifdef BN_DEBUG
-extern int rand_predictable;
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth);
-const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
-RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void );
-int  RAND_bytes(unsigned char *buf,int num);
-int  RAND_pseudo_bytes(unsigned char *buf,int num);
-void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,double entropy);
-int  RAND_load_file(const char *file,long max_bytes);
-int  RAND_write_file(const char *file);
-const char *RAND_file_name(char *file,size_t num);
-int RAND_status(void);
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path,int bytes);
-int RAND_poll(void);
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RAND_strings(void);
-
-/* Error codes for the RAND functions. */
-
-/* Function codes. */
-#define RAND_F_FIPS_RAND_BYTES                           102
-#define RAND_F_RAND_GET_RAND_METHOD                      101
-#define RAND_F_SSLEAY_RAND_BYTES                         100
-
-/* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD                           101
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  105
-#define RAND_R_PRNG_NOT_REKEYED                          103
-#define RAND_R_PRNG_NOT_RESEEDED                         104
-#define RAND_R_PRNG_NOT_SEEDED                           100
-#define RAND_R_PRNG_STUCK                                102
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
deleted file mode 100644
index 97f96e1aee..0000000000
--- a/src/lib/libcrypto/rand/rand_err.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/rand/rand_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
-static ERR_STRING_DATA RAND_str_functs[]=
-        {
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA RAND_str_reasons[]=
-        {
-{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_RAND_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,RAND_str_functs);
-                ERR_load_strings(0,RAND_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
deleted file mode 100644
index a21bde79de..0000000000
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
-        {
-#ifndef OPENSSL_NO_ENGINE
-        if(funct_ref)
-                {
-                ENGINE_finish(funct_ref);
-                funct_ref = NULL;
-                }
-#endif
-        default_RAND_meth = meth;
-        return 1;
-        }
-
-const RAND_METHOD *RAND_get_rand_method(void)
-        {
-        if (!default_RAND_meth)
-                {
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE *e = ENGINE_get_default_RAND();
-                if(e)
-                        {
-                        default_RAND_meth = ENGINE_get_RAND(e);
-                        if(!default_RAND_meth)
-                                {
-                                ENGINE_finish(e);
-                                e = NULL;
-                                }
-                        }
-                if(e)
-                        funct_ref = e;
-                else
-#endif
-#ifdef OPENSSL_FIPS
-                        if(FIPS_mode())
-                                default_RAND_meth=FIPS_rand_method();
-                        else
-#endif
-                                default_RAND_meth = RAND_SSLeay();
-                }
-
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode()
-                && default_RAND_meth != FIPS_rand_check())
-            {
-            RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
-        return default_RAND_meth;
-        }
-
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
-        {
-        const RAND_METHOD *tmp_meth = NULL;
-        if(engine)
-                {
-                if(!ENGINE_init(engine))
-                        return 0;
-                tmp_meth = ENGINE_get_RAND(engine);
-                if(!tmp_meth)
-                        {
-                        ENGINE_finish(engine);
-                        return 0;
-                        }
-                }
-        /* This function releases any prior ENGINE so call it first */
-        RAND_set_rand_method(tmp_meth);
-        funct_ref = engine;
-        return 1;
-        }
-#endif
-
-void RAND_cleanup(void)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->cleanup)
-                meth->cleanup();
-        RAND_set_rand_method(NULL);
-        }
-
-void RAND_seed(const void *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->seed)
-                meth->seed(buf,num);
-        }
-
-void RAND_add(const void *buf, int num, double entropy)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->add)
-                meth->add(buf,num,entropy);
-        }
-
-int RAND_bytes(unsigned char *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->bytes)
-                return meth->bytes(buf,num);
-        return(-1);
-        }
-
-int RAND_pseudo_bytes(unsigned char *buf, int num)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->pseudorand)
-                return meth->pseudorand(buf,num);
-        return(-1);
-        }
-
-int RAND_status(void)
-        {
-        const RAND_METHOD *meth = RAND_get_rand_method();
-        if (meth && meth->status)
-                return meth->status();
-        return 0;
-        }
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
deleted file mode 100644
index d847d8ebdf..0000000000
--- a/src/lib/libcrypto/rand/randfile.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/* crypto/rand/randfile.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#define _XOPEN_SOURCE 500
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-
-#ifdef OPENSSL_SYS_VMS
-#include <unixio.h>
-#endif
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef MAC_OS_pre_X
-# include <stat.h>
-#else
-# include <sys/stat.h>
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE 1024
-#define RAND_DATA 1024
-
-/* #define RFILE ".rnd" - defined in ../../e_os.h */
-
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
-
-int RAND_load_file(const char *file, long bytes)
-        {
-        /* If bytes >= 0, read up to 'bytes' bytes.
-         * if bytes == -1, read complete file. */
-
-        MS_STATIC unsigned char buf[BUFSIZE];
-        struct stat sb;
-        int i,ret=0,n;
-        FILE *in;
-
-        if (file == NULL) return(0);
-
-        i=stat(file,&sb);
-        /* If the state fails, put some crap in anyway */
-        RAND_add(&sb,sizeof(sb),0);
-        if (i < 0) return(0);
-        if (bytes == 0) return(ret);
-
-        in=fopen(file,"rb");
-        if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR)
-        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
-          /* this file is a device. we don't want read an infinite number
-           * of bytes from a random device, nor do we want to use buffered
-           * I/O because we will waste system entropy. 
-           */
-          bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-          setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
-        }
-#endif
-        for (;;)
-                {
-                if (bytes > 0)
-                        n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
-                else
-                        n = BUFSIZE;
-                i=fread(buf,1,n,in);
-                if (i <= 0) break;
-                /* even if n != i, use the full array */
-                RAND_add(buf,n,i);
-                ret+=i;
-                if (bytes > 0)
-                        {
-                        bytes-=n;
-                        if (bytes <= 0) break;
-                        }
-                }
-        fclose(in);
-        OPENSSL_cleanse(buf,BUFSIZE);
-err:
-        return(ret);
-        }
-
-int RAND_write_file(const char *file)
-        {
-        unsigned char buf[BUFSIZE];
-        int i,ret=0,rand_err=0;
-        FILE *out = NULL;
-        int n;
-        struct stat sb;
-        
-        i=stat(file,&sb);
-        if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
-          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
-            /* this file is a device. we don't write back to it. 
-             * we "succeed" on the assumption this is some sort 
-             * of random device. Otherwise attempting to write to 
-             * and chmod the device causes problems.
-             */
-            return(1); 
-          }
-#endif
-        }
-
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
-        {
-        /* For some reason Win32 can't write to files created this way */
-        
-        /* chmod(..., 0600) is too late to protect the file,
-         * permissions should be restrictive from the start */
-        int fd = open(file, O_CREAT, 0600);
-        if (fd != -1)
-                out = fdopen(fd, "wb");
-        }
-#endif
-        if (out == NULL)
-                out = fopen(file,"wb");
-        if (out == NULL) goto err;
-
-#ifndef NO_CHMOD
-        chmod(file,0600);
-#endif
-        n=RAND_DATA;
-        for (;;)
-                {
-                i=(n > BUFSIZE)?BUFSIZE:n;
-                n-=BUFSIZE;
-                if (RAND_bytes(buf,i) <= 0)
-                        rand_err=1;
-                i=fwrite(buf,1,i,out);
-                if (i <= 0)
-                        {
-                        ret=0;
-                        break;
-                        }
-                ret+=i;
-                if (n <= 0) break;
-                }
-#ifdef OPENSSL_SYS_VMS
-        /* Try to delete older versions of the file, until there aren't
-           any */
-        {
-        char *tmpf;
-
-        tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
-        if (tmpf)
-                {
-                strcpy(tmpf, file);
-                strcat(tmpf, ";-1");
-                while(delete(tmpf) == 0)
-                        ;
-                rename(file,";1"); /* Make sure it's version 1, or we
-                                      will reach the limit (32767) at
-                                      some point... */
-                }
-        }
-#endif /* OPENSSL_SYS_VMS */
-
-        fclose(out);
-        OPENSSL_cleanse(buf,BUFSIZE);
-err:
-        return (rand_err ? -1 : ret);
-        }
-
-const char *RAND_file_name(char *buf, size_t size)
-        {
-        char *s=NULL;
-        int ok = 0;
-#ifdef __OpenBSD__
-        struct stat sb;
-#endif
-
-        if (issetugid() == 0)
-                s=getenv("RANDFILE");
-        if (s != NULL && *s && strlen(s) + 1 < size)
-                {
-                if (BUF_strlcpy(buf,s,size) >= size)
-                        return NULL;
-                }
-        else
-                {
-                if (issetugid() == 0)
-                        s=getenv("HOME");
-#ifdef DEFAULT_HOME
-                if (s == NULL)
-                        {
-                        s = DEFAULT_HOME;
-                        }
-#endif
-                if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
-                        {
-                        BUF_strlcpy(buf,s,size);
-#ifndef OPENSSL_SYS_VMS
-                        BUF_strlcat(buf,"/",size);
-#endif
-                        BUF_strlcat(buf,RFILE,size);
-                        ok = 1;
-                        }
-                else
-                        buf[0] = '\0'; /* no file name */
-                }
-
-#ifdef __OpenBSD__
-        /* given that all random loads just fail if the file can't be 
-         * seen on a stat, we stat the file we're returning, if it
-         * fails, use /dev/arandom instead. this allows the user to 
-         * use their own source for good random data, but defaults
-         * to something hopefully decent if that isn't available. 
-         */
-
-        if (!ok)
-                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-                        return(NULL);
-                }       
-        if (stat(buf,&sb) == -1)
-                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-                        return(NULL);
-                }       
-
-#endif
-        return(buf);
-        }
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
deleted file mode 100644
index 71788158d8..0000000000
--- a/src/lib/libcrypto/rc2/rc2.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* crypto/rc2/rc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC2_H
-#define HEADER_RC2_H
-
-#ifdef OPENSSL_NO_RC2
-#error RC2 is disabled.
-#endif
-
-#define RC2_ENCRYPT     1
-#define RC2_DECRYPT     0
-
-#include <openssl/opensslconf.h> /* RC2_INT */
-#define RC2_BLOCK       8
-#define RC2_KEY_LENGTH  16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc2_key_st
-        {
-        RC2_INT data[64];
-        } RC2_KEY;
-
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                                                                int bits);
-#endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
-                     int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key);
-void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-        RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2_cbc.c
deleted file mode 100644
index 74f48d3d87..0000000000
--- a/src/lib/libcrypto/rc2/rc2_cbc.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/rc2/rc2_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             RC2_KEY *ks, unsigned char *iv, int encrypt)
-        {
-        register unsigned long tin0,tin1;
-        register unsigned long tout0,tout1,xor0,xor1;
-        register long l=length;
-        unsigned long tin[2];
-
-        if (encrypt)
-                {
-                c2l(iv,tout0);
-                c2l(iv,tout1);
-                iv-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0);
-                        c2l(in,tin1);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        RC2_encrypt(tin,ks);
-                        tout0=tin[0]; l2c(tout0,out);
-                        tout1=tin[1]; l2c(tout1,out);
-                        }
-                if (l != -8)
-                        {
-                        c2ln(in,tin0,tin1,l+8);
-                        tin0^=tout0;
-                        tin1^=tout1;
-                        tin[0]=tin0;
-                        tin[1]=tin1;
-                        RC2_encrypt(tin,ks);
-                        tout0=tin[0]; l2c(tout0,out);
-                        tout1=tin[1]; l2c(tout1,out);
-                        }
-                l2c(tout0,iv);
-                l2c(tout1,iv);
-                }
-        else
-                {
-                c2l(iv,xor0);
-                c2l(iv,xor1);
-                iv-=8;
-                for (l-=8; l>=0; l-=8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0;
-                        c2l(in,tin1); tin[1]=tin1;
-                        RC2_decrypt(tin,ks);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2c(tout0,out);
-                        l2c(tout1,out);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                if (l != -8)
-                        {
-                        c2l(in,tin0); tin[0]=tin0;
-                        c2l(in,tin1); tin[1]=tin1;
-                        RC2_decrypt(tin,ks);
-                        tout0=tin[0]^xor0;
-                        tout1=tin[1]^xor1;
-                        l2cn(tout0,tout1,out,l+8);
-                        xor0=tin0;
-                        xor1=tin1;
-                        }
-                l2c(xor0,iv);
-                l2c(xor1,iv);
-                }
-        tin0=tin1=tout0=tout1=xor0=xor1=0;
-        tin[0]=tin[1]=0;
-        }
-
-void RC2_encrypt(unsigned long *d, RC2_KEY *key)
-        {
-        int i,n;
-        register RC2_INT *p0,*p1;
-        register RC2_INT x0,x1,x2,x3,t;
-        unsigned long l;
-
-        l=d[0];
-        x0=(RC2_INT)l&0xffff;
-        x1=(RC2_INT)(l>>16L);
-        l=d[1];
-        x2=(RC2_INT)l&0xffff;
-        x3=(RC2_INT)(l>>16L);
-
-        n=3;
-        i=5;
-
-        p0=p1= &(key->data[0]);
-        for (;;)
-                {
-                t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
-                x0=(t<<1)|(t>>15);
-                t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
-                x1=(t<<2)|(t>>14);
-                t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
-                x2=(t<<3)|(t>>13);
-                t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
-                x3=(t<<5)|(t>>11);
-
-                if (--i == 0)
-                        {
-                        if (--n == 0) break;
-                        i=(n == 2)?6:5;
-
-                        x0+=p1[x3&0x3f];
-                        x1+=p1[x0&0x3f];
-                        x2+=p1[x1&0x3f];
-                        x3+=p1[x2&0x3f];
-                        }
-                }
-
-        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-        }
-
-void RC2_decrypt(unsigned long *d, RC2_KEY *key)
-        {
-        int i,n;
-        register RC2_INT *p0,*p1;
-        register RC2_INT x0,x1,x2,x3,t;
-        unsigned long l;
-
-        l=d[0];
-        x0=(RC2_INT)l&0xffff;
-        x1=(RC2_INT)(l>>16L);
-        l=d[1];
-        x2=(RC2_INT)l&0xffff;
-        x3=(RC2_INT)(l>>16L);
-
-        n=3;
-        i=5;
-
-        p0= &(key->data[63]);
-        p1= &(key->data[0]);
-        for (;;)
-                {
-                t=((x3<<11)|(x3>>5))&0xffff;
-                x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
-                t=((x2<<13)|(x2>>3))&0xffff;
-                x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
-                t=((x1<<14)|(x1>>2))&0xffff;
-                x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
-                t=((x0<<15)|(x0>>1))&0xffff;
-                x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
-
-                if (--i == 0)
-                        {
-                        if (--n == 0) break;
-                        i=(n == 2)?6:5;
-
-                        x3=(x3-p1[x2&0x3f])&0xffff;
-                        x2=(x2-p1[x1&0x3f])&0xffff;
-                        x1=(x1-p1[x0&0x3f])&0xffff;
-                        x0=(x0-p1[x3&0x3f])&0xffff;
-                        }
-                }
-
-        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-        }
-
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c
deleted file mode 100644
index d3e8c2718a..0000000000
--- a/src/lib/libcrypto/rc2/rc2_ecb.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/rc2/rc2_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-#include <openssl/opensslv.h>
-
-const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
-
-/* RC2 as implemented frm a posting from
- * Newsgroups: sci.crypt
- * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
- * Subject: Specification for Ron Rivests Cipher No.2
- * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
- * Date: 11 Feb 1996 06:45:03 GMT
- */
-
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
-                     int encrypt)
-        {
-        unsigned long l,d[2];
-
-        c2l(in,l); d[0]=l;
-        c2l(in,l); d[1]=l;
-        if (encrypt)
-                RC2_encrypt(d,ks);
-        else
-                RC2_decrypt(d,ks);
-        l=d[0]; l2c(l,out);
-        l=d[1]; l2c(l,out);
-        l=d[0]=d[1]=0;
-        }
-
diff --git a/src/lib/libcrypto/rc2/rc2_locl.h b/src/lib/libcrypto/rc2/rc2_locl.h
deleted file mode 100644
index 565cd17619..0000000000
--- a/src/lib/libcrypto/rc2/rc2_locl.h
+++ /dev/null
@@ -1,156 +0,0 @@
-/* crypto/rc2/rc2_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef c2l
-#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-                                } \
-                        }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                                } \
-                        }
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-#define C_RC2(n) \
-        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
-        x0=(t<<1)|(t>>15); \
-        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
-        x1=(t<<2)|(t>>14); \
-        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
-        x2=(t<<3)|(t>>13); \
-        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
-        x3=(t<<5)|(t>>11);
-
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
deleted file mode 100644
index 9652865188..0000000000
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* crypto/rc2/rc2_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include "rc2_locl.h"
-
-static unsigned char key_table[256]={
-        0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
-        0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
-        0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
-        0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
-        0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
-        0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
-        0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
-        0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
-        0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
-        0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
-        0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
-        0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
-        0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
-        0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
-        0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
-        0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
-        0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
-        0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
-        0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
-        0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
-        0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
-        0xfe,0x7f,0xc1,0xad,
-        };
-
-/* It has come to my attention that there are 2 versions of the RC2
- * key schedule.  One which is normal, and anther which has a hook to
- * use a reduced key length.
- * BSAFE uses the 'retarded' version.  What I previously shipped is
- * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
- * a version where the bits parameter is the same as len*8 */
-
-#ifdef OPENSSL_FIPS
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-        {
-        if (FIPS_mode())
-                FIPS_BAD_ABORT(RC2)
-        private_RC2_set_key(key, len, data, bits);
-        }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                                                                int bits)
-#else
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
-        {
-        int i,j;
-        unsigned char *k;
-        RC2_INT *ki;
-        unsigned int c,d;
-
-        k= (unsigned char *)&(key->data[0]);
-        *k=0; /* for if there is a zero length key */
-
-        if (len > 128) len=128;
-        if (bits <= 0) bits=1024;
-        if (bits > 1024) bits=1024;
-
-        for (i=0; i<len; i++)
-                k[i]=data[i];
-
-        /* expand table */
-        d=k[len-1];
-        j=0;
-        for (i=len; i < 128; i++,j++)
-                {
-                d=key_table[(k[j]+d)&0xff];
-                k[i]=d;
-                }
-
-        /* hmm.... key reduction to 'bits' bits */
-
-        j=(bits+7)>>3;
-        i=128-j;
-        c= (0xff>>(-bits & 0x07));
-
-        d=key_table[k[i]&c];
-        k[i]=d;
-        while (i--)
-                {
-                d=key_table[k[i+j]^d];
-                k[i]=d;
-                }
-
-        /* copy from bytes into RC2_INT's */
-        ki= &(key->data[63]);
-        for (i=127; i>=0; i-=2)
-                *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
-        }
-
diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c
deleted file mode 100644
index b3a0158a6e..0000000000
--- a/src/lib/libcrypto/rc2/rc2cfb64.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/rc2/rc2cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num, int encrypt)
-        {
-        register unsigned long v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        unsigned long ti[2];
-        unsigned char *iv,c,cc;
-
-        iv=(unsigned char *)ivec;
-        if (encrypt)
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0); ti[0]=v0;
-                                c2l(iv,v1); ti[1]=v1;
-                                RC2_encrypt((unsigned long *)ti,schedule);
-                                iv=(unsigned char *)ivec;
-                                t=ti[0]; l2c(t,iv);
-                                t=ti[1]; l2c(t,iv);
-                                iv=(unsigned char *)ivec;
-                                }
-                        c= *(in++)^iv[n];
-                        *(out++)=c;
-                        iv[n]=c;
-                        n=(n+1)&0x07;
-                        }
-                }
-        else
-                {
-                while (l--)
-                        {
-                        if (n == 0)
-                                {
-                                c2l(iv,v0); ti[0]=v0;
-                                c2l(iv,v1); ti[1]=v1;
-                                RC2_encrypt((unsigned long *)ti,schedule);
-                                iv=(unsigned char *)ivec;
-                                t=ti[0]; l2c(t,iv);
-                                t=ti[1]; l2c(t,iv);
-                                iv=(unsigned char *)ivec;
-                                }
-                        cc= *(in++);
-                        c=iv[n];
-                        iv[n]=cc;
-                        *(out++)=c^cc;
-                        n=(n+1)&0x07;
-                        }
-                }
-        v0=v1=ti[0]=ti[1]=t=c=cc=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c
deleted file mode 100644
index 9e297867ed..0000000000
--- a/src/lib/libcrypto/rc2/rc2ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/rc2/rc2ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num)
-        {
-        register unsigned long v0,v1,t;
-        register int n= *num;
-        register long l=length;
-        unsigned char d[8];
-        register char *dp;
-        unsigned long ti[2];
-        unsigned char *iv;
-        int save=0;
-
-        iv=(unsigned char *)ivec;
-        c2l(iv,v0);
-        c2l(iv,v1);
-        ti[0]=v0;
-        ti[1]=v1;
-        dp=(char *)d;
-        l2c(v0,dp);
-        l2c(v1,dp);
-        while (l--)
-                {
-                if (n == 0)
-                        {
-                        RC2_encrypt((unsigned long *)ti,schedule);
-                        dp=(char *)d;
-                        t=ti[0]; l2c(t,dp);
-                        t=ti[1]; l2c(t,dp);
-                        save++;
-                        }
-                *(out++)= *(in++)^d[n];
-                n=(n+1)&0x07;
-                }
-        if (save)
-                {
-                v0=ti[0];
-                v1=ti[1];
-                iv=(unsigned char *)ivec;
-                l2c(v0,iv);
-                l2c(v1,iv);
-                }
-        t=v0=v1=ti[0]=ti[1]=0;
-        *num=n;
-        }
-
diff --git a/src/lib/libcrypto/rc2/rrc2.doc b/src/lib/libcrypto/rc2/rrc2.doc
deleted file mode 100644
index f93ee003d2..0000000000
--- a/src/lib/libcrypto/rc2/rrc2.doc
+++ /dev/null
@@ -1,219 +0,0 @@
->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
-Article 23601 of sci.crypt:
-Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
->From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-Newsgroups: sci.crypt
-Subject: Specification for Ron Rivests Cipher No.2
-Date: 11 Feb 1996 06:45:03 GMT
-Organization: University of Auckland
-Lines: 203
-Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-Message-ID: <4fk39f$f70@net.auckland.ac.nz>
-NNTP-Posting-Host: cs26.cs.auckland.ac.nz
-X-Newsreader: NN version 6.5.0 #3 (NOV)
-
-
-
-
-                           Ron Rivest's Cipher No.2
-                           ------------------------
- 
-Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
-refer to it by other names) is word oriented, operating on a block of 64 bits
-divided into four 16-bit words, with a key table of 64 words.  All data units
-are little-endian.  This functional description of the algorithm is based in
-the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
-the same general layout, terminology, and pseudocode style.
- 
- 
-Notation and RRC.2 Primitive Operations
- 
-RRC.2 uses the following primitive operations:
- 
-1. Two's-complement addition of words, denoted by "+".  The inverse operation,
-   subtraction, is denoted by "-".
-2. Bitwise exclusive OR, denoted by "^".
-3. Bitwise AND, denoted by "&".
-4. Bitwise NOT, denoted by "~".
-5. A left-rotation of words; the rotation of word x left by y is denoted
-   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.
- 
-These operations are directly and efficiently supported by most processors.
- 
- 
-The RRC.2 Algorithm
- 
-RRC.2 consists of three components, a *key expansion* algorithm, an
-*encryption* algorithm, and a *decryption* algorithm.
- 
- 
-Key Expansion
- 
-The purpose of the key-expansion routine is to expand the user's key K to fill
-the expanded key array S, so S resembles an array of random binary words
-determined by the user's secret key K.
- 
-Initialising the S-box
- 
-RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
-Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern
-cryptography by enough time that there should be no concerns about trapdoors
-hidden in the data.  They have been published widely, and the S-box can be
-easily recreated from the one-time pad values and the Beale Cipher data taken
-from a standard source.  To initialise the S-box:
- 
-  for i = 0 to 255 do
-    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
- 
-The contents of Beale Cipher No.1 and the necessary one-time pad are given as
-an appendix at the end of this document.  For efficiency, implementors may wish
-to skip the Beale Cipher expansion and store the sBox table directly.
- 
-Expanding the Secret Key to 128 Bytes
- 
-The secret key is first expanded to fill 128 bytes (64 words).  The expansion
-consists of taking the sum of the first and last bytes in the user key, looking
-up the sum (modulo 256) in the S-box, and appending the result to the key.  The
-operation is repeated with the second byte and new last byte of the key until
-all 128 bytes have been generated.  Note that the following pseudocode treats
-the S array as an array of 128 bytes rather than 64 words.
- 
-  for j = 0 to length-1 do
-    S[ j ] = K[ j ]
-  for j = length to 127 do
-    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
- 
-At this point it is possible to perform a truncation of the effective key
-length to ease the creation of espionage-enabled software products.  However
-since the author cannot conceive why anyone would want to do this, it will not
-be considered further.
- 
-The final phase of the key expansion involves replacing the first byte of S
-with the entry selected from the S-box:
- 
-  S[ 0 ] = sBox[ S[ 0 ] ]
- 
- 
-Encryption
- 
-The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full
-rounds perform an additional transformation on the data.  Note that the
-following pseudocode treats the S array as an array of 64 words rather than 128
-bytes.
- 
-  for i = 0 to 15 do
-    j = i * 4;
-    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
-    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
-    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
-    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
- 
-In addition the fifth and eleventh rounds add the contents of the S-box indexed
-by one of the data words to another of the data words following the four
-subrounds as follows:
- 
-    word0 = word0 + S[ word3 & 63 ];
-    word1 = word1 + S[ word0 & 63 ];
-    word2 = word2 + S[ word1 & 63 ];
-    word3 = word3 + S[ word2 & 63 ];
- 
- 
-Decryption
- 
-The decryption operation is simply the inverse of the encryption operation.
-Note that the following pseudocode treats the S array as an array of 64 words
-rather than 128 bytes.
- 
-  for i = 15 downto 0 do
-    j = i * 4;
-    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
-    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
-    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
-    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
- 
-In addition the fifth and eleventh rounds subtract the contents of the S-box
-indexed by one of the data words from another one of the data words following
-the four subrounds as follows:
- 
-    word3 = word3 - S[ word2 & 63 ]
-    word2 = word2 - S[ word1 & 63 ]
-    word1 = word1 - S[ word0 & 63 ]
-    word0 = word0 - S[ word3 & 63 ]
- 
- 
-Test Vectors
- 
-The following test vectors may be used to test the correctness of an RRC.2
-implementation:
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
- 
-  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
- 
- 
-Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
-          Creating the S-Box
- 
-Beale Cipher No.1.
- 
-  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,
-  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,
- 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
- 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,
- 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,
- 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,
- 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,
- 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,
- 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,
- 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,
-  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,
- 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,
- 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,
-  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,
-   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,
- 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206
- 
-One-time Pad.
- 
- 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,
- 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,
- 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,
- 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,
- 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,
- 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,
- 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,
- 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,
- 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,
- 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,
- 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,
-  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,
-  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,
- 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,
-  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,
- 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99
- 
- 
-Implementation
- 
-A non-US based programmer who has never seen any encryption code before will
-shortly be implementing RRC.2 based solely on this specification and not on
-knowledge of any other encryption algorithms.  Stand by.
-
-
-
diff --git a/src/lib/libcrypto/rc2/version b/src/lib/libcrypto/rc2/version
deleted file mode 100644
index 6f89d595f1..0000000000
--- a/src/lib/libcrypto/rc2/version
+++ /dev/null
@@ -1,22 +0,0 @@
-1.1 23/08/96 - eay
-        Changed RC2_set_key() so it now takes another argument.  Many
-        thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
-        clarification and origional specification of RC2.  BSAFE uses
-        this last parameter, 'bits'.  It the key is 128 bits, BSAFE
-        also sets this parameter to 128.  The old behaviour can be
-        duplicated by setting this parameter to 1024.
-
-1.0 08/04/96 - eay
-        First version of SSLeay with rc2.  This has been written from the spec
-        posted sci.crypt.  It is in this directory under rrc2.doc
-        I have no test values for any mode other than ecb, my wrappers for the
-        other modes should be ok since they are basically the same as
-        the ones taken from idea and des :-).  I have implemented them as
-        little-endian operators.
-        While rc2 is included because it is used with SSL, I don't know how
-        far I trust it.  It is about the same speed as IDEA and DES.
-        So if you are paranoid, used Tripple DES, else IDEA.  If RC2
-        does get used more, perhaps more people will look for weaknesses in
-        it.
-        
-
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
deleted file mode 100644
index d6e98f0811..0000000000
--- a/src/lib/libcrypto/rc4/asm/rc4-586.pl
+++ /dev/null
@@ -1,229 +0,0 @@
-#!/usr/local/bin/perl
-
-# At some point it became apparent that the original SSLeay RC4
-# assembler implementation performs suboptimaly on latest IA-32
-# microarchitectures. After re-tuning performance has changed as
-# following:
-#
-# Pentium       +0%
-# Pentium III   +17%
-# AMD           +52%(*)
-# P4            +180%(**)
-#
-# (*)   This number is actually a trade-off:-) It's possible to
-#       achieve +72%, but at the cost of -48% off PIII performance.
-#       In other words code performing further 13% faster on AMD
-#       would perform almost 2 times slower on Intel PIII...
-#       For reference! This code delivers ~80% of rc4-amd64.pl
-#       performance on the same Opteron machine.
-# (**)  This number requires compressed key schedule set up by
-#       RC4_set_key and therefore doesn't apply to 0.9.7 [option for
-#       compressed key schedule is implemented in 0.9.8 and later,
-#       see commentary section in rc4_skey.c for further details].
-#
-#                                       <appro@fy.chalmers.se>
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"rc4-586.pl");
-
-$x="eax";
-$y="ebx";
-$tx="ecx";
-$ty="edx";
-$in="esi";
-$out="edi";
-$d="ebp";
-
-&RC4("RC4");
-
-&asm_finish();
-
-sub RC4_loop
-        {
-        local($n,$p,$char)=@_;
-
-        &comment("Round $n");
-
-        if ($char)
-                {
-                if ($p >= 0)
-                        {
-                         &mov($ty,      &swtmp(2));
-                        &cmp($ty,       $in);
-                         &jbe(&label("finished"));
-                        &inc($in);
-                        }
-                else
-                        {
-                        &add($ty,       8);
-                         &inc($in);
-                        &cmp($ty,       $in);
-                         &jb(&label("finished"));
-                        &mov(&swtmp(2), $ty);
-                        }
-                }
-        # Moved out
-        # &mov( $tx,            &DWP(0,$d,$x,4)) if $p < 0;
-
-        &add(   &LB($y),        &LB($tx));
-        &mov(   $ty,            &DWP(0,$d,$y,4));
-         # XXX
-        &mov(   &DWP(0,$d,$x,4),$ty);
-         &add(  $ty,            $tx);
-        &mov(   &DWP(0,$d,$y,4),$tx);
-         &and(  $ty,            0xff);
-         &inc(  &LB($x));                       # NEXT ROUND
-        &mov(   $tx,            &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
-         &mov(  $ty,            &DWP(0,$d,$ty,4));
-
-        if (!$char)
-                {
-                #moved up into last round
-                if ($p >= 1)
-                        {
-                        &add(   $out,   8)
-                        }
-                &movb(  &BP($n,"esp","",0),     &LB($ty));
-                }
-        else
-                {
-                # Note in+=8 has occured
-                &movb(  &HB($ty),       &BP(-1,$in,"",0));
-                 # XXX
-                &xorb(&LB($ty),         &HB($ty));
-                 # XXX
-                &movb(&BP($n,$out,"",0),&LB($ty));
-                }
-        }
-
-
-sub RC4
-        {
-        local($name)=@_;
-
-        &function_begin_B($name,"");
-
-        &mov($ty,&wparam(1));           # len
-        &cmp($ty,0);
-        &jne(&label("proceed"));
-        &ret();
-        &set_label("proceed");
-
-        &comment("");
-
-        &push("ebp");
-         &push("ebx");
-        &push("esi");
-         &xor(  $x,     $x);            # avoid partial register stalls
-        &push("edi");
-         &xor(  $y,     $y);            # avoid partial register stalls
-        &mov(   $d,     &wparam(0));    # key
-         &mov(  $in,    &wparam(2));
-
-        &movb(  &LB($x),        &BP(0,$d,"",1));
-         &movb( &LB($y),        &BP(4,$d,"",1));
-
-        &mov(   $out,   &wparam(3));
-         &inc(  &LB($x));
-
-        &stack_push(3); # 3 temp variables
-         &add(  $d,     8);
-
-        # detect compressed schedule, see commentary section in rc4_skey.c...
-        # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,
-        # as compressed key schedule is set up in 0.9.8 and later.
-        &cmp(&DWP(256,$d),-1);
-        &je(&label("RC4_CHAR"));
-
-         &lea(  $ty,    &DWP(-8,$ty,$in));
-
-        # check for 0 length input
-
-         &mov(  &swtmp(2),      $ty);   # this is now address to exit at
-        &mov(   $tx,    &DWP(0,$d,$x,4));
-
-         &cmp(  $ty,    $in);
-        &jb(    &label("end")); # less than 8 bytes
-
-        &set_label("start");
-
-        # filling DELAY SLOT
-        &add(   $in,    8);
-
-        &RC4_loop(0,-1,0);
-        &RC4_loop(1,0,0);
-        &RC4_loop(2,0,0);
-        &RC4_loop(3,0,0);
-        &RC4_loop(4,0,0);
-        &RC4_loop(5,0,0);
-        &RC4_loop(6,0,0);
-        &RC4_loop(7,1,0);
-        
-        &comment("apply the cipher text");
-        # xor the cipher data with input
-
-        #&add(  $out,   8); #moved up into last round
-
-        &mov(   $tx,    &swtmp(0));
-         &mov(  $ty,    &DWP(-8,$in,"",0));
-        &xor(   $tx,    $ty);
-         &mov(  $ty,    &DWP(-4,$in,"",0)); 
-        &mov(   &DWP(-8,$out,"",0),     $tx);
-         &mov(  $tx,    &swtmp(1));
-        &xor(   $tx,    $ty);
-         &mov(  $ty,    &swtmp(2));     # load end ptr;
-        &mov(   &DWP(-4,$out,"",0),     $tx);
-         &mov(  $tx,            &DWP(0,$d,$x,4));
-        &cmp($in,       $ty);
-         &jbe(&label("start"));
-
-        &set_label("end");
-
-        # There is quite a bit of extra crap in RC4_loop() for this
-        # first round
-        &RC4_loop(0,-1,1);
-        &RC4_loop(1,0,1);
-        &RC4_loop(2,0,1);
-        &RC4_loop(3,0,1);
-        &RC4_loop(4,0,1);
-        &RC4_loop(5,0,1);
-        &RC4_loop(6,1,1);
-
-        &jmp(&label("finished"));
-
-        &align(16);
-        # this is essentially Intel P4 specific codepath, see rc4_skey.c,
-        # and is engaged in 0.9.8 and later context...
-        &set_label("RC4_CHAR");
-
-        &lea    ($ty,&DWP(0,$in,$ty));
-        &mov    (&swtmp(2),$ty);
-
-        # strangely enough unrolled loop performs over 20% slower...
-        &set_label("RC4_CHAR_loop");
-                &movz   ($tx,&BP(0,$d,$x));
-                &add    (&LB($y),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$y));
-                &movb   (&BP(0,$d,$y),&LB($tx));
-                &movb   (&BP(0,$d,$x),&LB($ty));
-                &add    (&LB($ty),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$ty));
-                &xorb   (&LB($ty),&BP(0,$in));
-                &movb   (&BP(0,$out),&LB($ty));
-                &inc    (&LB($x));
-                &inc    ($in);
-                &inc    ($out);
-                &cmp    ($in,&swtmp(2));
-        &jb     (&label("RC4_CHAR_loop"));
-
-        &set_label("finished");
-        &dec(   $x);
-         &stack_pop(3);
-        &movb(  &BP(-4,$d,"",0),&LB($y));
-         &movb( &BP(-8,$d,"",0),&LB($x));
-
-        &function_end($name);
-        }
-
diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
deleted file mode 100755
index b628daca70..0000000000
--- a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ /dev/null
@@ -1,150 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
-# ====================================================================
-#
-# Unlike 0.9.7f this code expects RC4_CHAR back in config line! See
-# commentary section in corresponding script in development branch
-# for background information about this option carousel. For those
-# who don't have energy to figure out these gory details, here is
-# basis in form of performance matrix relative to the original
-# 0.9.7e C code-base:
-#
-#               0.9.7e  0.9.7f  this
-# AMD64         1x      3.3x    2.4x
-# EM64T         1x      0.8x    1.5x
-#
-# In other words idea is to trade -25% AMD64 performance to compensate
-# for deterioration and gain +90% on EM64T core. Development branch
-# maintains best performance for either target, i.e. 3.3x for AMD64
-# and 1.5x for EM64T.
-
-$output=shift;
-
-open STDOUT,">$output" || die "can't open $output: $!";
-
-$dat="%rdi";        # arg1
-$len="%rsi";        # arg2
-$inp="%rdx";        # arg3
-$out="%rcx";        # arg4
-
-@XX=("%r8","%r10");
-@TX=("%r9","%r11");
-$YY="%r12";
-$TY="%r13";
-
-$code=<<___;;
-.text
-
-.globl  RC4
-.type   RC4,\@function
-.align  16
-RC4:    or      $len,$len
-        jne     .Lentry
-        repret
-.Lentry:
-        push    %r12
-        push    %r13
-
-        add     \$2,$dat
-        movzb   -2($dat),$XX[0]#d
-        movzb   -1($dat),$YY#d
-
-        add     \$1,$XX[0]#b
-        movzb   ($dat,$XX[0]),$TX[0]#d
-        test    \$-8,$len
-        jz      .Lcloop1
-        push    %rbx
-.align  16      # incidentally aligned already
-.Lcloop8:
-        mov     ($inp),%eax
-        mov     4($inp),%ebx
-___
-# unroll 2x4-wise, because 64-bit rotates kill Intel P4...
-for ($i=0;$i<4;$i++) {
-$code.=<<___;
-        add     $TX[0]#b,$YY#b
-        lea     1($XX[0]),$XX[1]
-        movzb   ($dat,$YY),$TY#d
-        movzb   $XX[1]#b,$XX[1]#d
-        movzb   ($dat,$XX[1]),$TX[1]#d
-        movb    $TX[0]#b,($dat,$YY)
-        cmp     $XX[1],$YY
-        movb    $TY#b,($dat,$XX[0])
-        jne     .Lcmov$i                        # Intel cmov is sloooow...
-        mov     $TX[0],$TX[1]
-.Lcmov$i:
-        add     $TX[0]#b,$TY#b
-        xor     ($dat,$TY),%al
-        ror     \$8,%eax
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
-}
-for ($i=4;$i<8;$i++) {
-$code.=<<___;
-        add     $TX[0]#b,$YY#b
-        lea     1($XX[0]),$XX[1]
-        movzb   ($dat,$YY),$TY#d
-        movzb   $XX[1]#b,$XX[1]#d
-        movzb   ($dat,$XX[1]),$TX[1]#d
-        movb    $TX[0]#b,($dat,$YY)
-        cmp     $XX[1],$YY
-        movb    $TY#b,($dat,$XX[0])
-        jne     .Lcmov$i                        # Intel cmov is sloooow...
-        mov     $TX[0],$TX[1]
-.Lcmov$i:
-        add     $TX[0]#b,$TY#b
-        xor     ($dat,$TY),%bl
-        ror     \$8,%ebx
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
-}
-$code.=<<___;
-        lea     -8($len),$len
-        mov     %eax,($out)
-        lea     8($inp),$inp
-        mov     %ebx,4($out)
-        lea     8($out),$out
-
-        test    \$-8,$len
-        jnz     .Lcloop8
-        pop     %rbx
-        cmp     \$0,$len
-        jne     .Lcloop1
-.Lexit:
-        sub     \$1,$XX[0]#b
-        movb    $XX[0]#b,-2($dat)
-        movb    $YY#b,-1($dat)
-
-        pop     %r13
-        pop     %r12
-        repret
-
-.align  16
-.Lcloop1:
-        add     $TX[0]#b,$YY#b
-        movzb   ($dat,$YY),$TY#d
-        movb    $TX[0]#b,($dat,$YY)
-        movb    $TY#b,($dat,$XX[0])
-        add     $TX[0]#b,$TY#b
-        add     \$1,$XX[0]#b
-        movzb   ($dat,$TY),$TY#d
-        movzb   ($dat,$XX[0]),$TX[0]#d
-        xorb    ($inp),$TY#b
-        lea     1($inp),$inp
-        movb    $TY#b,($out)
-        lea     1($out),$out
-        sub     \$1,$len
-        jnz     .Lcloop1
-        jmp     .Lexit
-.size   RC4,.-RC4
-___
-
-$code =~ s/#([bwd])/$1/gm;
-
-$code =~ s/repret/.byte\t0xF3,0xC3/gm;
-
-print $code;
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
deleted file mode 100644
index ae0cea75b8..0000000000
--- a/src/lib/libcrypto/rc4/rc4.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-#ifdef OPENSSL_NO_RC4
-#error RC4 is disabled.
-#endif
-
-#include <openssl/opensslconf.h> /* RC4_INT */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc4_key_st
-        {
-        RC4_INT x,y;
-        RC4_INT data[256];
-        } RC4_KEY;
-
- 
-const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
-                unsigned char *outdata);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
deleted file mode 100644
index d5f18a3a70..0000000000
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/* crypto/rc4/rc4_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
-             unsigned char *outdata)
-        {
-        register RC4_INT *d;
-        register RC4_INT x,y,tx,ty;
-        int i;
-        
-        x=key->x;     
-        y=key->y;     
-        d=key->data; 
-
-#if defined(RC4_CHUNK)
-        /*
-         * The original reason for implementing this(*) was the fact that
-         * pre-21164a Alpha CPUs don't have byte load/store instructions
-         * and e.g. a byte store has to be done with 64-bit load, shift,
-         * and, or and finally 64-bit store. Peaking data and operating
-         * at natural word size made it possible to reduce amount of
-         * instructions as well as to perform early read-ahead without
-         * suffering from RAW (read-after-write) hazard. This resulted
-         * in ~40%(**) performance improvement on 21064 box with gcc.
-         * But it's not only Alpha users who win here:-) Thanks to the
-         * early-n-wide read-ahead this implementation also exhibits
-         * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
-         * on sizeof(RC4_INT)).
-         *
-         * (*)  "this" means code which recognizes the case when input
-         *      and output pointers appear to be aligned at natural CPU
-         *      word boundary
-         * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
-         *      crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
-         *
-         * Cavets.
-         *
-         * - RC4_CHUNK="unsigned long long" should be a #1 choice for
-         *   UltraSPARC. Unfortunately gcc generates very slow code
-         *   (2.5-3 times slower than one generated by Sun's WorkShop
-         *   C) and therefore gcc (at least 2.95 and earlier) should
-         *   always be told that RC4_CHUNK="unsigned long".
-         *
-         *                                      <appro@fy.chalmers.se>
-         */
-
-# define RC4_STEP       ( \
-                        x=(x+1) &0xff,  \
-                        tx=d[x],        \
-                        y=(tx+y)&0xff,  \
-                        ty=d[y],        \
-                        d[y]=tx,        \
-                        d[x]=ty,        \
-                        (RC4_CHUNK)d[(tx+ty)&0xff]\
-                        )
-
-        if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
-               ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
-                {
-                RC4_CHUNK ichunk,otp;
-                const union { long one; char little; } is_endian = {1};
-
-                /*
-                 * I reckon we can afford to implement both endian
-                 * cases and to decide which way to take at run-time
-                 * because the machine code appears to be very compact
-                 * and redundant 1-2KB is perfectly tolerable (i.e.
-                 * in case the compiler fails to eliminate it:-). By
-                 * suggestion from Terrel Larson <terr@terralogic.net>
-                 * who also stands for the is_endian union:-)
-                 *
-                 * Special notes.
-                 *
-                 * - is_endian is declared automatic as doing otherwise
-                 *   (declaring static) prevents gcc from eliminating
-                 *   the redundant code;
-                 * - compilers (those I've tried) don't seem to have
-                 *   problems eliminating either the operators guarded
-                 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
-                 *   expressions themselves so I've got 'em to replace
-                 *   corresponding #ifdefs from the previous version;
-                 * - I chose to let the redundant switch cases when
-                 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
-                 *   before);
-                 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
-                 *   [LB]ESHFT guards against "shift is out of range"
-                 *   warnings when sizeof(RC4_CHUNK)!=8 
-                 *
-                 *                      <appro@fy.chalmers.se>
-                 */
-                if (!is_endian.little)
-                        {       /* BIG-ENDIAN CASE */
-# define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
-                                {
-                                ichunk  = *(RC4_CHUNK *)indata;
-                                otp  = RC4_STEP<<BESHFT(0);
-                                otp |= RC4_STEP<<BESHFT(1);
-                                otp |= RC4_STEP<<BESHFT(2);
-                                otp |= RC4_STEP<<BESHFT(3);
-                                if (sizeof(RC4_CHUNK)==8)
-                                        {
-                                        otp |= RC4_STEP<<BESHFT(4);
-                                        otp |= RC4_STEP<<BESHFT(5);
-                                        otp |= RC4_STEP<<BESHFT(6);
-                                        otp |= RC4_STEP<<BESHFT(7);
-                                        }
-                                *(RC4_CHUNK *)outdata = otp^ichunk;
-                                indata  += sizeof(RC4_CHUNK);
-                                outdata += sizeof(RC4_CHUNK);
-                                }
-                        if (len)
-                                {
-                                RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
-                                ichunk = *(RC4_CHUNK *)indata;
-                                ochunk = *(RC4_CHUNK *)outdata;
-                                otp = 0;
-                                i = BESHFT(0);
-                                mask <<= (sizeof(RC4_CHUNK)-len)<<3;
-                                switch (len&(sizeof(RC4_CHUNK)-1))
-                                        {
-                                        case 7: otp  = RC4_STEP<<i, i-=8;
-                                        case 6: otp |= RC4_STEP<<i, i-=8;
-                                        case 5: otp |= RC4_STEP<<i, i-=8;
-                                        case 4: otp |= RC4_STEP<<i, i-=8;
-                                        case 3: otp |= RC4_STEP<<i, i-=8;
-                                        case 2: otp |= RC4_STEP<<i, i-=8;
-                                        case 1: otp |= RC4_STEP<<i, i-=8;
-                                        case 0: ; /*
-                                                   * it's never the case,
-                                                   * but it has to be here
-                                                   * for ultrix?
-                                                   */
-                                        }
-                                ochunk &= ~mask;
-                                ochunk |= (otp^ichunk) & mask;
-                                *(RC4_CHUNK *)outdata = ochunk;
-                                }
-                        key->x=x;     
-                        key->y=y;
-                        return;
-                        }
-                else
-                        {       /* LITTLE-ENDIAN CASE */
-# define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
-                                {
-                                ichunk  = *(RC4_CHUNK *)indata;
-                                otp  = RC4_STEP;
-                                otp |= RC4_STEP<<8;
-                                otp |= RC4_STEP<<16;
-                                otp |= RC4_STEP<<24;
-                                if (sizeof(RC4_CHUNK)==8)
-                                        {
-                                        otp |= RC4_STEP<<LESHFT(4);
-                                        otp |= RC4_STEP<<LESHFT(5);
-                                        otp |= RC4_STEP<<LESHFT(6);
-                                        otp |= RC4_STEP<<LESHFT(7);
-                                        }
-                                *(RC4_CHUNK *)outdata = otp^ichunk;
-                                indata  += sizeof(RC4_CHUNK);
-                                outdata += sizeof(RC4_CHUNK);
-                                }
-                        if (len)
-                                {
-                                RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
-                                ichunk = *(RC4_CHUNK *)indata;
-                                ochunk = *(RC4_CHUNK *)outdata;
-                                otp = 0;
-                                i   = 0;
-                                mask >>= (sizeof(RC4_CHUNK)-len)<<3;
-                                switch (len&(sizeof(RC4_CHUNK)-1))
-                                        {
-                                        case 7: otp  = RC4_STEP,    i+=8;
-                                        case 6: otp |= RC4_STEP<<i, i+=8;
-                                        case 5: otp |= RC4_STEP<<i, i+=8;
-                                        case 4: otp |= RC4_STEP<<i, i+=8;
-                                        case 3: otp |= RC4_STEP<<i, i+=8;
-                                        case 2: otp |= RC4_STEP<<i, i+=8;
-                                        case 1: otp |= RC4_STEP<<i, i+=8;
-                                        case 0: ; /*
-                                                   * it's never the case,
-                                                   * but it has to be here
-                                                   * for ultrix?
-                                                   */
-                                        }
-                                ochunk &= ~mask;
-                                ochunk |= (otp^ichunk) & mask;
-                                *(RC4_CHUNK *)outdata = ochunk;
-                                }
-                        key->x=x;     
-                        key->y=y;
-                        return;
-                        }
-                }
-#endif
-#define LOOP(in,out) \
-                x=((x+1)&0xff); \
-                tx=d[x]; \
-                y=(tx+y)&0xff; \
-                d[x]=ty=d[y]; \
-                d[y]=tx; \
-                (out) = d[(tx+ty)&0xff]^ (in);
-
-#ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
-#else
-#define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
-#endif
-
-        i=(int)(len>>3L);
-        if (i)
-                {
-                for (;;)
-                        {
-                        RC4_LOOP(indata,outdata,0);
-                        RC4_LOOP(indata,outdata,1);
-                        RC4_LOOP(indata,outdata,2);
-                        RC4_LOOP(indata,outdata,3);
-                        RC4_LOOP(indata,outdata,4);
-                        RC4_LOOP(indata,outdata,5);
-                        RC4_LOOP(indata,outdata,6);
-                        RC4_LOOP(indata,outdata,7);
-#ifdef RC4_INDEX
-                        indata+=8;
-                        outdata+=8;
-#endif
-                        if (--i == 0) break;
-                        }
-                }
-        i=(int)len&0x07;
-        if (i)
-                {
-                for (;;)
-                        {
-                        RC4_LOOP(indata,outdata,0); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,1); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,2); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,3); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,4); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,5); if (--i == 0) break;
-                        RC4_LOOP(indata,outdata,6); if (--i == 0) break;
-                        }
-                }               
-        key->x=x;     
-        key->y=y;
-        }
diff --git a/src/lib/libcrypto/rc4/rc4_locl.h b/src/lib/libcrypto/rc4/rc4_locl.h
deleted file mode 100644
index c712e1632e..0000000000
--- a/src/lib/libcrypto/rc4/rc4_locl.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#ifndef HEADER_RC4_LOCL_H
-#define HEADER_RC4_LOCL_H
-#include <openssl/opensslconf.h>
-#include <cryptlib.h>
-#endif
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
deleted file mode 100644
index 60510624fd..0000000000
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/rc4/rc4_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include "rc4_locl.h"
-#include <openssl/opensslv.h>
-
-const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
-
-const char *RC4_options(void)
-        {
-#ifdef RC4_INDEX
-        if (sizeof(RC4_INT) == 1)
-                return("rc4(idx,char)");
-        else
-                return("rc4(idx,int)");
-#else
-        if (sizeof(RC4_INT) == 1)
-                return("rc4(ptr,char)");
-        else
-                return("rc4(ptr,int)");
-#endif
-        }
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-FIPS_NON_FIPS_VCIPHER_Init(RC4)
-        {
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-
-        for (i=0; i<256; i++)
-                d[i]=i;
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
-
-#define SK_LOOP(n) { \
-                tmp=d[(n)]; \
-                id2 = (data[id1] + tmp + id2) & 0xff; \
-                if (++id1 == len) id1=0; \
-                d[(n)]=d[id2]; \
-                d[id2]=tmp; }
-
-        for (i=0; i < 256; i+=4)
-                {
-                SK_LOOP(i+0);
-                SK_LOOP(i+1);
-                SK_LOOP(i+2);
-                SK_LOOP(i+3);
-                }
-        }
-    
diff --git a/src/lib/libcrypto/ripemd/README b/src/lib/libcrypto/ripemd/README
deleted file mode 100644
index f1ffc8b134..0000000000
--- a/src/lib/libcrypto/ripemd/README
+++ /dev/null
@@ -1,15 +0,0 @@
-RIPEMD-160
-http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
-
-This is my implementation of RIPEMD-160.  The pentium assember is a little
-off the pace since I only get 1050 cycles, while the best is 1013.
-I have a few ideas for how to get another 20 or so cycles, but at
-this point I will not bother right now.  I believe the trick will be
-to remove my 'copy X array onto stack' until inside the RIP1() finctions the
-first time round.  To do this I need another register and will only have one
-temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
-after the first half of the calculation.  I should read the origional
-value, add then write.  Currently I just save the new and read the origioal.
-I then read both at the end.  Bad.
-
-eric (20-Jan-1998)
diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
deleted file mode 100644
index 0ab6f76bff..0000000000
--- a/src/lib/libcrypto/ripemd/asm/rmd-586.pl
+++ /dev/null
@@ -1,590 +0,0 @@
-#!/usr/local/bin/perl
-
-# Normal is the
-# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
-
-$normal=0;
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$A="ecx";
-$B="esi";
-$C="edi";
-$D="ebx";
-$E="ebp";
-$tmp1="eax";
-$tmp2="edx";
-
-$KL1=0x5A827999;
-$KL2=0x6ED9EBA1;
-$KL3=0x8F1BBCDC;
-$KL4=0xA953FD4E;
-$KR0=0x50A28BE6;
-$KR1=0x5C4DD124; 
-$KR2=0x6D703EF3;
-$KR3=0x7A6D76E9;
-
-
-@wl=(    0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
-         7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
-         3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
-         1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
-         4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
-         );
-
-@wr=(    5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
-         6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
-        15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
-         8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
-        12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
-        );
-
-@sl=(   11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
-         7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
-        11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
-        11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
-         9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
-         );
-
-@sr=(    8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
-         9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
-         9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
-        15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
-         8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
-        );
-
-&ripemd160_block("ripemd160_block_asm_host_order");
-&asm_finish();
-
-sub Xv
-        {
-        local($n)=@_;
-        return(&swtmp($n));
-        # tmp on stack
-        }
-
-sub Np
-        {
-        local($p)=@_;
-        local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
-        return($n{$p});
-        }
-
-sub RIP1
-        {
-        local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
-
-        &comment($p++);
-        if ($p & 1)
-                {
-         #&mov($tmp1,   $c) if $o == -1;
-        &xor($tmp1,     $d) if $o == -1;
-         &mov($tmp2,    &Xv($pos));
-        &xor($tmp1,     $b);
-         &add($a,       $tmp2);
-        &rotl($c,       10);
-        &add($a,        $tmp1);
-         &mov($tmp1,    &Np($c));       # NEXT
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        else
-                {
-         &xor($tmp1,    $d);
-        &mov($tmp2,     &Xv($pos));
-         &xor($tmp1,    $b);
-        &add($a,        $tmp1);
-         &mov($tmp1,    &Np($c)) if $o <= 0;
-         &mov($tmp1,    -1) if $o == 1;
-         # XXX if $o == 2;
-        &rotl($c,       10);
-        &add($a,        $tmp2);
-         &xor($tmp1,    &Np($d)) if $o <= 0;
-         &mov($tmp2,    &Xv($pos2)) if $o == 1;
-         &mov($tmp2,    &wparam(0)) if $o == 2;
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        }
-
-sub RIP2
-        {
-        local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
-
-# XXXXXX
-        &comment($p++);
-        if ($p & 1)
-                {
-#        &mov($tmp2,    &Xv($pos)) if $o < -1;
-#       &mov($tmp1,     -1) if $o < -1;
-
-         &add($a,       $tmp2);
-        &mov($tmp2,     $c);
-         &sub($tmp1,    $b);
-        &and($tmp2,     $b);
-         &and($tmp1,    $d);
-        &or($tmp2,      $tmp1);
-         &mov($tmp1,    &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
-         # XXX
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2,1));
-         &mov($tmp2,    -1) if $o <= 0;
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        else
-                {
-         # XXX
-         &add($a,       $tmp1);
-        &mov($tmp1,     $c);
-         &sub($tmp2,    $b);
-        &and($tmp1,     $b);
-         &and($tmp2,    $d);
-        if ($o != 2)
-                {
-        &or($tmp1,      $tmp2);
-         &mov($tmp2,    &Xv($pos2)) if $o <= 0;
-         &mov($tmp2,    -1) if $o == 1;
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp1,1));
-         &mov($tmp1,    -1) if $o <= 0;
-         &sub($tmp2,    &Np($c)) if $o == 1;
-                } else {
-        &or($tmp2,      $tmp1);
-         &mov($tmp1,    &Np($c));
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2,1));
-         &xor($tmp1,    &Np($d));
-                }
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        }
-
-sub RIP3
-        {
-        local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
-
-        &comment($p++);
-        if ($p & 1)
-                {
-#        &mov($tmp2,    -1) if $o < -1;
-#       &sub($tmp2,     $c) if $o < -1;
-         &mov($tmp1,    &Xv($pos));
-        &or($tmp2,      $b);
-         &add($a,       $tmp1);
-        &xor($tmp2,     $d);
-         &mov($tmp1,    -1) if $o <= 0;         # NEXT
-         # XXX
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2,1));
-         &sub($tmp1,    &Np($c)) if $o <= 0;    # NEXT
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        else
-                {
-         &mov($tmp2,    &Xv($pos));
-        &or($tmp1,      $b);
-         &add($a,       $tmp2);
-        &xor($tmp1,     $d);
-         &mov($tmp2,    -1) if $o <= 0;         # NEXT
-         &mov($tmp2,    -1) if $o == 1;
-         &mov($tmp2,    &Xv($pos2)) if $o == 2;
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp1,1));
-         &sub($tmp2,    &Np($c)) if $o <= 0;    # NEXT
-         &mov($tmp1,    &Np($d)) if $o == 1;
-         &mov($tmp1,    -1) if $o == 2;
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        }
-
-sub RIP4
-        {
-        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
-
-        &comment($p++);
-        if ($p & 1)
-                {
-#        &mov($tmp2,    -1) if $o == -2;
-#       &mov($tmp1,     $d) if $o == -2;
-         &sub($tmp2,    $d);
-        &and($tmp1,     $b);
-         &and($tmp2,    $c);
-        &or($tmp2,      $tmp1);
-         &mov($tmp1,    &Xv($pos));
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2));
-         &mov($tmp2,    -1) unless $o > 0;      # NEXT
-         # XXX
-        &add($a,        $tmp1);
-         &mov($tmp1,    &Np($d)) unless $o > 0; # NEXT
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        else
-                {
-         &sub($tmp2,    $d);
-        &and($tmp1,     $b);
-         &and($tmp2,    $c);
-        &or($tmp2,      $tmp1);
-         &mov($tmp1,    &Xv($pos));
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2));
-         &mov($tmp2,    -1) if $o == 0; # NEXT
-         &mov($tmp2,    -1) if $o == 1;
-         &mov($tmp2,    -1) if $o == 2;
-         # XXX
-        &add($a,        $tmp1);
-         &mov($tmp1,    &Np($d)) if $o == 0;    # NEXT
-         &sub($tmp2,    &Np($d)) if $o == 1;
-         &sub($tmp2,    &Np($c)) if $o == 2;
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        }
-
-sub RIP5
-        {
-        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
-
-        &comment($p++);
-        if ($p & 1)
-                {
-         &mov($tmp2,    -1) if $o == -2;
-        &sub($tmp2,     $d) if $o == -2;
-         &mov($tmp1,    &Xv($pos));
-        &or($tmp2,      $c);
-         &add($a,       $tmp1);
-        &xor($tmp2,     $b);
-         &mov($tmp1,    -1) if $o <= 0;
-         # XXX
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp2,1));
-         &sub($tmp1,    &Np($d)) if $o <= 0;
-         # XXX
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        else
-                {
-         &mov($tmp2,    &Xv($pos));
-        &or($tmp1,      $c);
-         &add($a,       $tmp2);
-        &xor($tmp1,     $b);
-         &mov($tmp2,    -1) if $o <= 0;
-         &mov($tmp2,    &wparam(0)) if $o == 1; # Middle code
-         &mov($tmp2,    -1) if $o == 2;
-        &rotl($c,       10);
-        &lea($a,        &DWP($K,$a,$tmp1,1));
-         &sub($tmp2,    &Np($d)) if $o <= 0;
-         &mov(&swtmp(16),       $A) if $o == 1;
-         &mov($tmp1,    &Np($d)) if $o == 2;
-        &rotl($a,       $s);
-        &add($a,        $e);
-                }
-        }
-
-sub ripemd160_block
-        {
-        local($name)=@_;
-
-        &function_begin_B($name,"",3);
-
-        # parameter 1 is the RIPEMD160_CTX structure.
-        # A     0
-        # B     4
-        # C     8
-        # D     12
-        # E     16
-
-        &mov($tmp2,     &wparam(0));
-         &mov($tmp1,    &wparam(1));
-        &push("esi");
-         &mov($A,       &DWP( 0,$tmp2,"",0));
-        &push("edi");
-         &mov($B,       &DWP( 4,$tmp2,"",0));
-        &push("ebp");
-         &mov($C,       &DWP( 8,$tmp2,"",0));
-        &push("ebx");
-         &stack_push(16+5+6);
-                          # Special comment about the figure of 6.
-                          # Idea is to pad the current frame so
-                          # that the top of the stack gets fairly
-                          # aligned. Well, as you realize it would
-                          # always depend on how the frame below is
-                          # aligned. The good news are that gcc-2.95
-                          # and later does keep first argument at
-                          # least double-wise aligned.
-                          #                     <appro@fy.chalmers.se>
-
-        &set_label("start") unless $normal;
-        &comment("");
-
-        # &mov($tmp1,   &wparam(1)); # Done at end of loop
-        # &mov($tmp2,   &wparam(0)); # Done at end of loop
-
-        for ($z=0; $z<16; $z+=2)
-                {
-                &mov($D,                &DWP( $z*4,$tmp1,"",0));
-                 &mov($E,               &DWP( ($z+1)*4,$tmp1,"",0));
-                &mov(&swtmp($z),        $D);
-                 &mov(&swtmp($z+1),     $E);
-                }
-        &mov($tmp1,     $C);
-         &mov($D,       &DWP(12,$tmp2,"",0));
-        &mov($E,        &DWP(16,$tmp2,"",0));
-
-        &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
-        &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
-        &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
-        &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
-        &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
-        &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
-        &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
-        &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
-        &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
-        &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
-        &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
-        &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
-        &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
-        &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
-        &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
-        &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
-
-        &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
-        &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
-        &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
-        &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
-        &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
-        &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
-        &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
-        &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
-        &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
-        &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
-        &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
-        &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
-        &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
-        &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
-        &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
-        &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
-
-        &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
-        &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
-        &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
-        &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
-        &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
-        &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
-        &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
-        &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
-        &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
-        &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
-        &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
-        &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
-        &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
-        &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
-        &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
-        &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
-
-        &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
-        &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
-        &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
-        &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
-        &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
-        &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
-        &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
-        &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
-        &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
-        &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
-        &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
-        &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
-        &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
-        &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
-        &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
-        &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
-
-        &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
-        &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
-        &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
-        &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
-        &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
-        &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
-        &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
-        &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
-        &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
-        &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
-        &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
-        &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
-        &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
-        &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
-        &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
-        &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
-
-        # &mov($tmp2,   &wparam(0)); # moved into last RIP5
-        # &mov(&swtmp(16),      $A);
-         &mov($A,       &DWP( 0,$tmp2,"",0));
-        &mov(&swtmp(16+1),      $B);
-         &mov(&swtmp(16+2),     $C);
-        &mov($B,        &DWP( 4,$tmp2,"",0));
-         &mov(&swtmp(16+3),     $D);
-        &mov($C,        &DWP( 8,$tmp2,"",0));
-         &mov(&swtmp(16+4),     $E);
-        &mov($D,        &DWP(12,$tmp2,"",0));
-         &mov($E,       &DWP(16,$tmp2,"",0));
-
-        &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
-        &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
-        &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
-        &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
-        &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
-        &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
-        &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
-        &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
-        &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
-        &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
-        &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
-        &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
-        &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
-        &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
-        &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
-        &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
-
-        &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
-        &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
-        &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
-        &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
-        &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
-        &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
-        &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
-        &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
-        &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
-        &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
-        &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
-        &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
-        &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
-        &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
-        &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
-        &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
-
-        &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
-        &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
-        &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
-        &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
-        &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
-        &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
-        &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
-        &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
-        &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
-        &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
-        &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
-        &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
-        &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
-        &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
-        &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
-        &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
-
-        &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
-        &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
-        &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
-        &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
-        &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
-        &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
-        &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
-        &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
-        &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
-        &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
-        &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
-        &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
-        &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
-        &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
-        &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
-        &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
-
-        &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
-        &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
-        &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
-        &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
-        &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
-        &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
-        &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
-        &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
-        &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
-        &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
-        &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
-        &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
-        &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
-        &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
-        &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
-        &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
-
-        # &mov($tmp2,   &wparam(0)); # Moved into last round
-
-         &mov($tmp1,    &DWP( 4,$tmp2,"",0));   # ctx->B
-        &add($D,        $tmp1); 
-         &mov($tmp1,    &swtmp(16+2));          # $c
-        &add($D,        $tmp1);
-
-         &mov($tmp1,    &DWP( 8,$tmp2,"",0));   # ctx->C
-        &add($E,        $tmp1); 
-         &mov($tmp1,    &swtmp(16+3));          # $d
-        &add($E,        $tmp1);
-
-         &mov($tmp1,    &DWP(12,$tmp2,"",0));   # ctx->D
-        &add($A,        $tmp1); 
-         &mov($tmp1,    &swtmp(16+4));          # $e
-        &add($A,        $tmp1);
-
-
-         &mov($tmp1,    &DWP(16,$tmp2,"",0));   # ctx->E
-        &add($B,        $tmp1); 
-         &mov($tmp1,    &swtmp(16+0));          # $a
-        &add($B,        $tmp1);
-
-         &mov($tmp1,    &DWP( 0,$tmp2,"",0));   # ctx->A
-        &add($C,        $tmp1); 
-         &mov($tmp1,    &swtmp(16+1));          # $b
-        &add($C,        $tmp1);
-
-         &mov($tmp1,    &wparam(2));
-
-        &mov(&DWP( 0,$tmp2,"",0),       $D);
-         &mov(&DWP( 4,$tmp2,"",0),      $E);
-        &mov(&DWP( 8,$tmp2,"",0),       $A);
-         &sub($tmp1,1);
-        &mov(&DWP(12,$tmp2,"",0),       $B);
-         &mov(&DWP(16,$tmp2,"",0),      $C);
-
-        &jle(&label("get_out"));
-
-        &mov(&wparam(2),$tmp1);
-         &mov($C,       $A);
-        &mov($tmp1,     &wparam(1));
-         &mov($A,       $D);
-        &add($tmp1,     64);
-         &mov($B,       $E);
-        &mov(&wparam(1),$tmp1);
-
-        &jmp(&label("start"));
-
-        &set_label("get_out");
-
-        &stack_pop(16+5+6);
-
-        &pop("ebx");
-        &pop("ebp");
-        &pop("edi");
-        &pop("esi");
-        &ret();
-        &function_end_B($name);
-        }
-
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
deleted file mode 100644
index 7d0d998189..0000000000
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/ripemd/ripemd.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RIPEMD_H
-#define HEADER_RIPEMD_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_RIPEMD
-#error RIPEMD is disabled.
-#endif
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define RIPEMD160_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define RIPEMD160_LONG unsigned long
-#define RIPEMD160_LONG_LOG2 3
-#else
-#define RIPEMD160_LONG unsigned int
-#endif
-
-#define RIPEMD160_CBLOCK        64
-#define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
-#define RIPEMD160_DIGEST_LENGTH 20
-
-typedef struct RIPEMD160state_st
-        {
-        RIPEMD160_LONG A,B,C,D,E;
-        RIPEMD160_LONG Nl,Nh;
-        RIPEMD160_LONG data[RIPEMD160_LBLOCK];
-        int num;
-        } RIPEMD160_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
-int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
-        unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
deleted file mode 100644
index 58ff010d11..0000000000
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ /dev/null
@@ -1,495 +0,0 @@
-/* crypto/ripemd/rmd_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "rmd_locl.h"
-#include <openssl/fips.h>
-#include <openssl/opensslv.h>
-
-const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
-
-#  ifdef RMD160_ASM
-     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
-#    define ripemd160_block ripemd160_block_x86
-#  else
-     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
-#  endif
-
-FIPS_NON_FIPS_MD_Init(RIPEMD160)
-        {
-        c->A=RIPEMD160_A;
-        c->B=RIPEMD160_B;
-        c->C=RIPEMD160_C;
-        c->D=RIPEMD160_D;
-        c->E=RIPEMD160_E;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
-        return 1;
-        }
-
-#ifndef ripemd160_block_host_order
-#ifdef X
-#undef X
-#endif
-#define X(i)    XX[i]
-void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
-        {
-        const RIPEMD160_LONG *XX=p;
-        register volatile unsigned MD32_REG_T A,B,C,D,E;
-        register unsigned MD32_REG_T a,b,c,d,e;
-
-        for (;num--;XX+=HASH_LBLOCK)
-                {
-
-        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
-        RIP1(A,B,C,D,E,WL00,SL00);
-        RIP1(E,A,B,C,D,WL01,SL01);
-        RIP1(D,E,A,B,C,WL02,SL02);
-        RIP1(C,D,E,A,B,WL03,SL03);
-        RIP1(B,C,D,E,A,WL04,SL04);
-        RIP1(A,B,C,D,E,WL05,SL05);
-        RIP1(E,A,B,C,D,WL06,SL06);
-        RIP1(D,E,A,B,C,WL07,SL07);
-        RIP1(C,D,E,A,B,WL08,SL08);
-        RIP1(B,C,D,E,A,WL09,SL09);
-        RIP1(A,B,C,D,E,WL10,SL10);
-        RIP1(E,A,B,C,D,WL11,SL11);
-        RIP1(D,E,A,B,C,WL12,SL12);
-        RIP1(C,D,E,A,B,WL13,SL13);
-        RIP1(B,C,D,E,A,WL14,SL14);
-        RIP1(A,B,C,D,E,WL15,SL15);
-
-        RIP2(E,A,B,C,D,WL16,SL16,KL1);
-        RIP2(D,E,A,B,C,WL17,SL17,KL1);
-        RIP2(C,D,E,A,B,WL18,SL18,KL1);
-        RIP2(B,C,D,E,A,WL19,SL19,KL1);
-        RIP2(A,B,C,D,E,WL20,SL20,KL1);
-        RIP2(E,A,B,C,D,WL21,SL21,KL1);
-        RIP2(D,E,A,B,C,WL22,SL22,KL1);
-        RIP2(C,D,E,A,B,WL23,SL23,KL1);
-        RIP2(B,C,D,E,A,WL24,SL24,KL1);
-        RIP2(A,B,C,D,E,WL25,SL25,KL1);
-        RIP2(E,A,B,C,D,WL26,SL26,KL1);
-        RIP2(D,E,A,B,C,WL27,SL27,KL1);
-        RIP2(C,D,E,A,B,WL28,SL28,KL1);
-        RIP2(B,C,D,E,A,WL29,SL29,KL1);
-        RIP2(A,B,C,D,E,WL30,SL30,KL1);
-        RIP2(E,A,B,C,D,WL31,SL31,KL1);
-
-        RIP3(D,E,A,B,C,WL32,SL32,KL2);
-        RIP3(C,D,E,A,B,WL33,SL33,KL2);
-        RIP3(B,C,D,E,A,WL34,SL34,KL2);
-        RIP3(A,B,C,D,E,WL35,SL35,KL2);
-        RIP3(E,A,B,C,D,WL36,SL36,KL2);
-        RIP3(D,E,A,B,C,WL37,SL37,KL2);
-        RIP3(C,D,E,A,B,WL38,SL38,KL2);
-        RIP3(B,C,D,E,A,WL39,SL39,KL2);
-        RIP3(A,B,C,D,E,WL40,SL40,KL2);
-        RIP3(E,A,B,C,D,WL41,SL41,KL2);
-        RIP3(D,E,A,B,C,WL42,SL42,KL2);
-        RIP3(C,D,E,A,B,WL43,SL43,KL2);
-        RIP3(B,C,D,E,A,WL44,SL44,KL2);
-        RIP3(A,B,C,D,E,WL45,SL45,KL2);
-        RIP3(E,A,B,C,D,WL46,SL46,KL2);
-        RIP3(D,E,A,B,C,WL47,SL47,KL2);
-
-        RIP4(C,D,E,A,B,WL48,SL48,KL3);
-        RIP4(B,C,D,E,A,WL49,SL49,KL3);
-        RIP4(A,B,C,D,E,WL50,SL50,KL3);
-        RIP4(E,A,B,C,D,WL51,SL51,KL3);
-        RIP4(D,E,A,B,C,WL52,SL52,KL3);
-        RIP4(C,D,E,A,B,WL53,SL53,KL3);
-        RIP4(B,C,D,E,A,WL54,SL54,KL3);
-        RIP4(A,B,C,D,E,WL55,SL55,KL3);
-        RIP4(E,A,B,C,D,WL56,SL56,KL3);
-        RIP4(D,E,A,B,C,WL57,SL57,KL3);
-        RIP4(C,D,E,A,B,WL58,SL58,KL3);
-        RIP4(B,C,D,E,A,WL59,SL59,KL3);
-        RIP4(A,B,C,D,E,WL60,SL60,KL3);
-        RIP4(E,A,B,C,D,WL61,SL61,KL3);
-        RIP4(D,E,A,B,C,WL62,SL62,KL3);
-        RIP4(C,D,E,A,B,WL63,SL63,KL3);
-
-        RIP5(B,C,D,E,A,WL64,SL64,KL4);
-        RIP5(A,B,C,D,E,WL65,SL65,KL4);
-        RIP5(E,A,B,C,D,WL66,SL66,KL4);
-        RIP5(D,E,A,B,C,WL67,SL67,KL4);
-        RIP5(C,D,E,A,B,WL68,SL68,KL4);
-        RIP5(B,C,D,E,A,WL69,SL69,KL4);
-        RIP5(A,B,C,D,E,WL70,SL70,KL4);
-        RIP5(E,A,B,C,D,WL71,SL71,KL4);
-        RIP5(D,E,A,B,C,WL72,SL72,KL4);
-        RIP5(C,D,E,A,B,WL73,SL73,KL4);
-        RIP5(B,C,D,E,A,WL74,SL74,KL4);
-        RIP5(A,B,C,D,E,WL75,SL75,KL4);
-        RIP5(E,A,B,C,D,WL76,SL76,KL4);
-        RIP5(D,E,A,B,C,WL77,SL77,KL4);
-        RIP5(C,D,E,A,B,WL78,SL78,KL4);
-        RIP5(B,C,D,E,A,WL79,SL79,KL4);
-
-        a=A; b=B; c=C; d=D; e=E;
-        /* Do other half */
-        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
-        RIP5(A,B,C,D,E,WR00,SR00,KR0);
-        RIP5(E,A,B,C,D,WR01,SR01,KR0);
-        RIP5(D,E,A,B,C,WR02,SR02,KR0);
-        RIP5(C,D,E,A,B,WR03,SR03,KR0);
-        RIP5(B,C,D,E,A,WR04,SR04,KR0);
-        RIP5(A,B,C,D,E,WR05,SR05,KR0);
-        RIP5(E,A,B,C,D,WR06,SR06,KR0);
-        RIP5(D,E,A,B,C,WR07,SR07,KR0);
-        RIP5(C,D,E,A,B,WR08,SR08,KR0);
-        RIP5(B,C,D,E,A,WR09,SR09,KR0);
-        RIP5(A,B,C,D,E,WR10,SR10,KR0);
-        RIP5(E,A,B,C,D,WR11,SR11,KR0);
-        RIP5(D,E,A,B,C,WR12,SR12,KR0);
-        RIP5(C,D,E,A,B,WR13,SR13,KR0);
-        RIP5(B,C,D,E,A,WR14,SR14,KR0);
-        RIP5(A,B,C,D,E,WR15,SR15,KR0);
-
-        RIP4(E,A,B,C,D,WR16,SR16,KR1);
-        RIP4(D,E,A,B,C,WR17,SR17,KR1);
-        RIP4(C,D,E,A,B,WR18,SR18,KR1);
-        RIP4(B,C,D,E,A,WR19,SR19,KR1);
-        RIP4(A,B,C,D,E,WR20,SR20,KR1);
-        RIP4(E,A,B,C,D,WR21,SR21,KR1);
-        RIP4(D,E,A,B,C,WR22,SR22,KR1);
-        RIP4(C,D,E,A,B,WR23,SR23,KR1);
-        RIP4(B,C,D,E,A,WR24,SR24,KR1);
-        RIP4(A,B,C,D,E,WR25,SR25,KR1);
-        RIP4(E,A,B,C,D,WR26,SR26,KR1);
-        RIP4(D,E,A,B,C,WR27,SR27,KR1);
-        RIP4(C,D,E,A,B,WR28,SR28,KR1);
-        RIP4(B,C,D,E,A,WR29,SR29,KR1);
-        RIP4(A,B,C,D,E,WR30,SR30,KR1);
-        RIP4(E,A,B,C,D,WR31,SR31,KR1);
-
-        RIP3(D,E,A,B,C,WR32,SR32,KR2);
-        RIP3(C,D,E,A,B,WR33,SR33,KR2);
-        RIP3(B,C,D,E,A,WR34,SR34,KR2);
-        RIP3(A,B,C,D,E,WR35,SR35,KR2);
-        RIP3(E,A,B,C,D,WR36,SR36,KR2);
-        RIP3(D,E,A,B,C,WR37,SR37,KR2);
-        RIP3(C,D,E,A,B,WR38,SR38,KR2);
-        RIP3(B,C,D,E,A,WR39,SR39,KR2);
-        RIP3(A,B,C,D,E,WR40,SR40,KR2);
-        RIP3(E,A,B,C,D,WR41,SR41,KR2);
-        RIP3(D,E,A,B,C,WR42,SR42,KR2);
-        RIP3(C,D,E,A,B,WR43,SR43,KR2);
-        RIP3(B,C,D,E,A,WR44,SR44,KR2);
-        RIP3(A,B,C,D,E,WR45,SR45,KR2);
-        RIP3(E,A,B,C,D,WR46,SR46,KR2);
-        RIP3(D,E,A,B,C,WR47,SR47,KR2);
-
-        RIP2(C,D,E,A,B,WR48,SR48,KR3);
-        RIP2(B,C,D,E,A,WR49,SR49,KR3);
-        RIP2(A,B,C,D,E,WR50,SR50,KR3);
-        RIP2(E,A,B,C,D,WR51,SR51,KR3);
-        RIP2(D,E,A,B,C,WR52,SR52,KR3);
-        RIP2(C,D,E,A,B,WR53,SR53,KR3);
-        RIP2(B,C,D,E,A,WR54,SR54,KR3);
-        RIP2(A,B,C,D,E,WR55,SR55,KR3);
-        RIP2(E,A,B,C,D,WR56,SR56,KR3);
-        RIP2(D,E,A,B,C,WR57,SR57,KR3);
-        RIP2(C,D,E,A,B,WR58,SR58,KR3);
-        RIP2(B,C,D,E,A,WR59,SR59,KR3);
-        RIP2(A,B,C,D,E,WR60,SR60,KR3);
-        RIP2(E,A,B,C,D,WR61,SR61,KR3);
-        RIP2(D,E,A,B,C,WR62,SR62,KR3);
-        RIP2(C,D,E,A,B,WR63,SR63,KR3);
-
-        RIP1(B,C,D,E,A,WR64,SR64);
-        RIP1(A,B,C,D,E,WR65,SR65);
-        RIP1(E,A,B,C,D,WR66,SR66);
-        RIP1(D,E,A,B,C,WR67,SR67);
-        RIP1(C,D,E,A,B,WR68,SR68);
-        RIP1(B,C,D,E,A,WR69,SR69);
-        RIP1(A,B,C,D,E,WR70,SR70);
-        RIP1(E,A,B,C,D,WR71,SR71);
-        RIP1(D,E,A,B,C,WR72,SR72);
-        RIP1(C,D,E,A,B,WR73,SR73);
-        RIP1(B,C,D,E,A,WR74,SR74);
-        RIP1(A,B,C,D,E,WR75,SR75);
-        RIP1(E,A,B,C,D,WR76,SR76);
-        RIP1(D,E,A,B,C,WR77,SR77);
-        RIP1(C,D,E,A,B,WR78,SR78);
-        RIP1(B,C,D,E,A,WR79,SR79);
-
-        D     =ctx->B+c+D;
-        ctx->B=ctx->C+d+E;
-        ctx->C=ctx->D+e+A;
-        ctx->D=ctx->E+a+B;
-        ctx->E=ctx->A+b+C;
-        ctx->A=D;
-
-                }
-        }
-#endif
-
-#ifndef ripemd160_block_data_order
-#ifdef X
-#undef X
-#endif
-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num)
-        {
-        const unsigned char *data=p;
-        register volatile unsigned MD32_REG_T A,B,C,D,E;
-        unsigned MD32_REG_T a,b,c,d,e,l;
-#ifndef MD32_XARRAY
-        /* See comment in crypto/sha/sha_locl.h for details. */
-        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)   XX##i
-#else
-        RIPEMD160_LONG  XX[16];
-# define X(i)   XX[i]
-#endif
-
-        for (;num--;)
-                {
-
-        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
-        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
-        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
-        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
-        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
-        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
-        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
-        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
-        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
-        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
-        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
-        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
-        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
-        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
-        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
-        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
-        RIP1(B,C,D,E,A,WL14,SL14);
-        RIP1(A,B,C,D,E,WL15,SL15);
-
-        RIP2(E,A,B,C,D,WL16,SL16,KL1);
-        RIP2(D,E,A,B,C,WL17,SL17,KL1);
-        RIP2(C,D,E,A,B,WL18,SL18,KL1);
-        RIP2(B,C,D,E,A,WL19,SL19,KL1);
-        RIP2(A,B,C,D,E,WL20,SL20,KL1);
-        RIP2(E,A,B,C,D,WL21,SL21,KL1);
-        RIP2(D,E,A,B,C,WL22,SL22,KL1);
-        RIP2(C,D,E,A,B,WL23,SL23,KL1);
-        RIP2(B,C,D,E,A,WL24,SL24,KL1);
-        RIP2(A,B,C,D,E,WL25,SL25,KL1);
-        RIP2(E,A,B,C,D,WL26,SL26,KL1);
-        RIP2(D,E,A,B,C,WL27,SL27,KL1);
-        RIP2(C,D,E,A,B,WL28,SL28,KL1);
-        RIP2(B,C,D,E,A,WL29,SL29,KL1);
-        RIP2(A,B,C,D,E,WL30,SL30,KL1);
-        RIP2(E,A,B,C,D,WL31,SL31,KL1);
-
-        RIP3(D,E,A,B,C,WL32,SL32,KL2);
-        RIP3(C,D,E,A,B,WL33,SL33,KL2);
-        RIP3(B,C,D,E,A,WL34,SL34,KL2);
-        RIP3(A,B,C,D,E,WL35,SL35,KL2);
-        RIP3(E,A,B,C,D,WL36,SL36,KL2);
-        RIP3(D,E,A,B,C,WL37,SL37,KL2);
-        RIP3(C,D,E,A,B,WL38,SL38,KL2);
-        RIP3(B,C,D,E,A,WL39,SL39,KL2);
-        RIP3(A,B,C,D,E,WL40,SL40,KL2);
-        RIP3(E,A,B,C,D,WL41,SL41,KL2);
-        RIP3(D,E,A,B,C,WL42,SL42,KL2);
-        RIP3(C,D,E,A,B,WL43,SL43,KL2);
-        RIP3(B,C,D,E,A,WL44,SL44,KL2);
-        RIP3(A,B,C,D,E,WL45,SL45,KL2);
-        RIP3(E,A,B,C,D,WL46,SL46,KL2);
-        RIP3(D,E,A,B,C,WL47,SL47,KL2);
-
-        RIP4(C,D,E,A,B,WL48,SL48,KL3);
-        RIP4(B,C,D,E,A,WL49,SL49,KL3);
-        RIP4(A,B,C,D,E,WL50,SL50,KL3);
-        RIP4(E,A,B,C,D,WL51,SL51,KL3);
-        RIP4(D,E,A,B,C,WL52,SL52,KL3);
-        RIP4(C,D,E,A,B,WL53,SL53,KL3);
-        RIP4(B,C,D,E,A,WL54,SL54,KL3);
-        RIP4(A,B,C,D,E,WL55,SL55,KL3);
-        RIP4(E,A,B,C,D,WL56,SL56,KL3);
-        RIP4(D,E,A,B,C,WL57,SL57,KL3);
-        RIP4(C,D,E,A,B,WL58,SL58,KL3);
-        RIP4(B,C,D,E,A,WL59,SL59,KL3);
-        RIP4(A,B,C,D,E,WL60,SL60,KL3);
-        RIP4(E,A,B,C,D,WL61,SL61,KL3);
-        RIP4(D,E,A,B,C,WL62,SL62,KL3);
-        RIP4(C,D,E,A,B,WL63,SL63,KL3);
-
-        RIP5(B,C,D,E,A,WL64,SL64,KL4);
-        RIP5(A,B,C,D,E,WL65,SL65,KL4);
-        RIP5(E,A,B,C,D,WL66,SL66,KL4);
-        RIP5(D,E,A,B,C,WL67,SL67,KL4);
-        RIP5(C,D,E,A,B,WL68,SL68,KL4);
-        RIP5(B,C,D,E,A,WL69,SL69,KL4);
-        RIP5(A,B,C,D,E,WL70,SL70,KL4);
-        RIP5(E,A,B,C,D,WL71,SL71,KL4);
-        RIP5(D,E,A,B,C,WL72,SL72,KL4);
-        RIP5(C,D,E,A,B,WL73,SL73,KL4);
-        RIP5(B,C,D,E,A,WL74,SL74,KL4);
-        RIP5(A,B,C,D,E,WL75,SL75,KL4);
-        RIP5(E,A,B,C,D,WL76,SL76,KL4);
-        RIP5(D,E,A,B,C,WL77,SL77,KL4);
-        RIP5(C,D,E,A,B,WL78,SL78,KL4);
-        RIP5(B,C,D,E,A,WL79,SL79,KL4);
-
-        a=A; b=B; c=C; d=D; e=E;
-        /* Do other half */
-        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
-        RIP5(A,B,C,D,E,WR00,SR00,KR0);
-        RIP5(E,A,B,C,D,WR01,SR01,KR0);
-        RIP5(D,E,A,B,C,WR02,SR02,KR0);
-        RIP5(C,D,E,A,B,WR03,SR03,KR0);
-        RIP5(B,C,D,E,A,WR04,SR04,KR0);
-        RIP5(A,B,C,D,E,WR05,SR05,KR0);
-        RIP5(E,A,B,C,D,WR06,SR06,KR0);
-        RIP5(D,E,A,B,C,WR07,SR07,KR0);
-        RIP5(C,D,E,A,B,WR08,SR08,KR0);
-        RIP5(B,C,D,E,A,WR09,SR09,KR0);
-        RIP5(A,B,C,D,E,WR10,SR10,KR0);
-        RIP5(E,A,B,C,D,WR11,SR11,KR0);
-        RIP5(D,E,A,B,C,WR12,SR12,KR0);
-        RIP5(C,D,E,A,B,WR13,SR13,KR0);
-        RIP5(B,C,D,E,A,WR14,SR14,KR0);
-        RIP5(A,B,C,D,E,WR15,SR15,KR0);
-
-        RIP4(E,A,B,C,D,WR16,SR16,KR1);
-        RIP4(D,E,A,B,C,WR17,SR17,KR1);
-        RIP4(C,D,E,A,B,WR18,SR18,KR1);
-        RIP4(B,C,D,E,A,WR19,SR19,KR1);
-        RIP4(A,B,C,D,E,WR20,SR20,KR1);
-        RIP4(E,A,B,C,D,WR21,SR21,KR1);
-        RIP4(D,E,A,B,C,WR22,SR22,KR1);
-        RIP4(C,D,E,A,B,WR23,SR23,KR1);
-        RIP4(B,C,D,E,A,WR24,SR24,KR1);
-        RIP4(A,B,C,D,E,WR25,SR25,KR1);
-        RIP4(E,A,B,C,D,WR26,SR26,KR1);
-        RIP4(D,E,A,B,C,WR27,SR27,KR1);
-        RIP4(C,D,E,A,B,WR28,SR28,KR1);
-        RIP4(B,C,D,E,A,WR29,SR29,KR1);
-        RIP4(A,B,C,D,E,WR30,SR30,KR1);
-        RIP4(E,A,B,C,D,WR31,SR31,KR1);
-
-        RIP3(D,E,A,B,C,WR32,SR32,KR2);
-        RIP3(C,D,E,A,B,WR33,SR33,KR2);
-        RIP3(B,C,D,E,A,WR34,SR34,KR2);
-        RIP3(A,B,C,D,E,WR35,SR35,KR2);
-        RIP3(E,A,B,C,D,WR36,SR36,KR2);
-        RIP3(D,E,A,B,C,WR37,SR37,KR2);
-        RIP3(C,D,E,A,B,WR38,SR38,KR2);
-        RIP3(B,C,D,E,A,WR39,SR39,KR2);
-        RIP3(A,B,C,D,E,WR40,SR40,KR2);
-        RIP3(E,A,B,C,D,WR41,SR41,KR2);
-        RIP3(D,E,A,B,C,WR42,SR42,KR2);
-        RIP3(C,D,E,A,B,WR43,SR43,KR2);
-        RIP3(B,C,D,E,A,WR44,SR44,KR2);
-        RIP3(A,B,C,D,E,WR45,SR45,KR2);
-        RIP3(E,A,B,C,D,WR46,SR46,KR2);
-        RIP3(D,E,A,B,C,WR47,SR47,KR2);
-
-        RIP2(C,D,E,A,B,WR48,SR48,KR3);
-        RIP2(B,C,D,E,A,WR49,SR49,KR3);
-        RIP2(A,B,C,D,E,WR50,SR50,KR3);
-        RIP2(E,A,B,C,D,WR51,SR51,KR3);
-        RIP2(D,E,A,B,C,WR52,SR52,KR3);
-        RIP2(C,D,E,A,B,WR53,SR53,KR3);
-        RIP2(B,C,D,E,A,WR54,SR54,KR3);
-        RIP2(A,B,C,D,E,WR55,SR55,KR3);
-        RIP2(E,A,B,C,D,WR56,SR56,KR3);
-        RIP2(D,E,A,B,C,WR57,SR57,KR3);
-        RIP2(C,D,E,A,B,WR58,SR58,KR3);
-        RIP2(B,C,D,E,A,WR59,SR59,KR3);
-        RIP2(A,B,C,D,E,WR60,SR60,KR3);
-        RIP2(E,A,B,C,D,WR61,SR61,KR3);
-        RIP2(D,E,A,B,C,WR62,SR62,KR3);
-        RIP2(C,D,E,A,B,WR63,SR63,KR3);
-
-        RIP1(B,C,D,E,A,WR64,SR64);
-        RIP1(A,B,C,D,E,WR65,SR65);
-        RIP1(E,A,B,C,D,WR66,SR66);
-        RIP1(D,E,A,B,C,WR67,SR67);
-        RIP1(C,D,E,A,B,WR68,SR68);
-        RIP1(B,C,D,E,A,WR69,SR69);
-        RIP1(A,B,C,D,E,WR70,SR70);
-        RIP1(E,A,B,C,D,WR71,SR71);
-        RIP1(D,E,A,B,C,WR72,SR72);
-        RIP1(C,D,E,A,B,WR73,SR73);
-        RIP1(B,C,D,E,A,WR74,SR74);
-        RIP1(A,B,C,D,E,WR75,SR75);
-        RIP1(E,A,B,C,D,WR76,SR76);
-        RIP1(D,E,A,B,C,WR77,SR77);
-        RIP1(C,D,E,A,B,WR78,SR78);
-        RIP1(B,C,D,E,A,WR79,SR79);
-
-        D     =ctx->B+c+D;
-        ctx->B=ctx->C+d+E;
-        ctx->C=ctx->D+e+A;
-        ctx->D=ctx->E+a+B;
-        ctx->E=ctx->A+b+C;
-        ctx->A=D;
-
-                }
-        }
-#endif
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
deleted file mode 100644
index 7b835dfbd4..0000000000
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/* crypto/ripemd/rmd_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/ripemd.h>
-
-#ifndef RIPEMD160_LONG_LOG2
-#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-/*
- * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
- * FOR EXPLANATIONS ON FOLLOWING "CODE."
- *                                      <appro@fy.chalmers.se>
- */
-#ifdef RMD160_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  define ripemd160_block_host_order ripemd160_block_asm_host_order
-# endif
-#endif
-
-void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
-void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#define ripemd160_block_data_order ripemd160_block_host_order
-#endif
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG               RIPEMD160_LONG
-#define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2
-#define HASH_CTX                RIPEMD160_CTX
-#define HASH_CBLOCK             RIPEMD160_CBLOCK
-#define HASH_LBLOCK             RIPEMD160_LBLOCK
-#define HASH_UPDATE             RIPEMD160_Update
-#define HASH_TRANSFORM          RIPEMD160_Transform
-#define HASH_FINAL              RIPEMD160_Final
-#define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order
-#define HASH_MAKE_STRING(c,s)   do {    \
-        unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        ll=(c)->E; HOST_l2c(ll,(s));    \
-        } while (0)
-#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)
-#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
-#endif
-
-#include "md32_common.h"
-
-#if 0
-#define F1(x,y,z)        ((x)^(y)^(z))
-#define F2(x,y,z)       (((x)&(y))|((~x)&z))
-#define F3(x,y,z)       (((x)|(~y))^(z))
-#define F4(x,y,z)       (((x)&(z))|((y)&(~(z))))
-#define F5(x,y,z)        ((x)^((y)|(~(z))))
-#else
-/*
- * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
- */
-#define F1(x,y,z)       ((x) ^ (y) ^ (z))
-#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
-#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
-#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
-#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
-#endif
-
-#define RIPEMD160_A     0x67452301L
-#define RIPEMD160_B     0xEFCDAB89L
-#define RIPEMD160_C     0x98BADCFEL
-#define RIPEMD160_D     0x10325476L
-#define RIPEMD160_E     0xC3D2E1F0L
-
-#include "rmdconst.h"
-
-#define RIP1(a,b,c,d,e,w,s) { \
-        a+=F1(b,c,d)+X(w); \
-        a=ROTATE(a,s)+e; \
-        c=ROTATE(c,10); }
-
-#define RIP2(a,b,c,d,e,w,s,K) { \
-        a+=F2(b,c,d)+X(w)+K; \
-        a=ROTATE(a,s)+e; \
-        c=ROTATE(c,10); }
-
-#define RIP3(a,b,c,d,e,w,s,K) { \
-        a+=F3(b,c,d)+X(w)+K; \
-        a=ROTATE(a,s)+e; \
-        c=ROTATE(c,10); }
-
-#define RIP4(a,b,c,d,e,w,s,K) { \
-        a+=F4(b,c,d)+X(w)+K; \
-        a=ROTATE(a,s)+e; \
-        c=ROTATE(c,10); }
-
-#define RIP5(a,b,c,d,e,w,s,K) { \
-        a+=F5(b,c,d)+X(w)+K; \
-        a=ROTATE(a,s)+e; \
-        c=ROTATE(c,10); }
-
diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c
deleted file mode 100644
index b88446b267..0000000000
--- a/src/lib/libcrypto/ripemd/rmd_one.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/* crypto/ripemd/rmd_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/ripemd.h>
-#include <openssl/crypto.h>
-
-unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
-             unsigned char *md)
-        {
-        RIPEMD160_CTX c;
-        static unsigned char m[RIPEMD160_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!RIPEMD160_Init(&c))
-                return NULL;
-        RIPEMD160_Update(&c,d,n);
-        RIPEMD160_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-        return(md);
-        }
-
diff --git a/src/lib/libcrypto/ripemd/rmdconst.h b/src/lib/libcrypto/ripemd/rmdconst.h
deleted file mode 100644
index 59c48dead1..0000000000
--- a/src/lib/libcrypto/ripemd/rmdconst.h
+++ /dev/null
@@ -1,399 +0,0 @@
-/* crypto/ripemd/rmdconst.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#define KL0 0x00000000L
-#define KL1 0x5A827999L
-#define KL2 0x6ED9EBA1L
-#define KL3 0x8F1BBCDCL
-#define KL4 0xA953FD4EL
-
-#define KR0 0x50A28BE6L
-#define KR1 0x5C4DD124L
-#define KR2 0x6D703EF3L
-#define KR3 0x7A6D76E9L
-#define KR4 0x00000000L
-
-#define WL00  0
-#define SL00 11
-#define WL01  1
-#define SL01 14
-#define WL02  2
-#define SL02 15
-#define WL03  3
-#define SL03 12
-#define WL04  4
-#define SL04  5
-#define WL05  5
-#define SL05  8
-#define WL06  6
-#define SL06  7
-#define WL07  7
-#define SL07  9
-#define WL08  8
-#define SL08 11
-#define WL09  9
-#define SL09 13
-#define WL10 10
-#define SL10 14
-#define WL11 11
-#define SL11 15
-#define WL12 12
-#define SL12  6
-#define WL13 13
-#define SL13  7
-#define WL14 14
-#define SL14  9
-#define WL15 15
-#define SL15  8
-
-#define WL16  7
-#define SL16  7
-#define WL17  4
-#define SL17  6
-#define WL18 13
-#define SL18  8
-#define WL19  1
-#define SL19 13
-#define WL20 10
-#define SL20 11
-#define WL21  6
-#define SL21  9
-#define WL22 15
-#define SL22  7
-#define WL23  3
-#define SL23 15
-#define WL24 12
-#define SL24  7
-#define WL25  0
-#define SL25 12
-#define WL26  9
-#define SL26 15
-#define WL27  5
-#define SL27  9
-#define WL28  2
-#define SL28 11
-#define WL29 14
-#define SL29  7
-#define WL30 11
-#define SL30 13
-#define WL31  8
-#define SL31 12
-
-#define WL32  3
-#define SL32 11
-#define WL33 10
-#define SL33 13
-#define WL34 14
-#define SL34  6
-#define WL35  4
-#define SL35  7
-#define WL36  9
-#define SL36 14
-#define WL37 15
-#define SL37  9
-#define WL38  8
-#define SL38 13
-#define WL39  1
-#define SL39 15
-#define WL40  2
-#define SL40 14
-#define WL41  7
-#define SL41  8
-#define WL42  0
-#define SL42 13
-#define WL43  6
-#define SL43  6
-#define WL44 13
-#define SL44  5
-#define WL45 11
-#define SL45 12
-#define WL46  5
-#define SL46  7
-#define WL47 12
-#define SL47  5
-
-#define WL48  1
-#define SL48 11
-#define WL49  9
-#define SL49 12
-#define WL50 11
-#define SL50 14
-#define WL51 10
-#define SL51 15
-#define WL52  0
-#define SL52 14
-#define WL53  8
-#define SL53 15
-#define WL54 12
-#define SL54  9
-#define WL55  4
-#define SL55  8
-#define WL56 13
-#define SL56  9
-#define WL57  3
-#define SL57 14
-#define WL58  7
-#define SL58  5
-#define WL59 15
-#define SL59  6
-#define WL60 14
-#define SL60  8
-#define WL61  5
-#define SL61  6
-#define WL62  6
-#define SL62  5
-#define WL63  2
-#define SL63 12
-
-#define WL64  4
-#define SL64  9
-#define WL65  0
-#define SL65 15
-#define WL66  5
-#define SL66  5
-#define WL67  9
-#define SL67 11
-#define WL68  7
-#define SL68  6
-#define WL69 12
-#define SL69  8
-#define WL70  2
-#define SL70 13
-#define WL71 10
-#define SL71 12
-#define WL72 14
-#define SL72  5
-#define WL73  1
-#define SL73 12
-#define WL74  3
-#define SL74 13
-#define WL75  8
-#define SL75 14
-#define WL76 11
-#define SL76 11
-#define WL77  6
-#define SL77  8
-#define WL78 15
-#define SL78  5
-#define WL79 13
-#define SL79  6
-
-#define WR00  5
-#define SR00  8
-#define WR01 14
-#define SR01  9
-#define WR02  7
-#define SR02  9
-#define WR03  0
-#define SR03 11
-#define WR04  9
-#define SR04 13
-#define WR05  2
-#define SR05 15
-#define WR06 11
-#define SR06 15
-#define WR07  4
-#define SR07  5
-#define WR08 13
-#define SR08  7
-#define WR09  6
-#define SR09  7
-#define WR10 15
-#define SR10  8
-#define WR11  8
-#define SR11 11
-#define WR12  1
-#define SR12 14
-#define WR13 10
-#define SR13 14
-#define WR14  3
-#define SR14 12
-#define WR15 12
-#define SR15  6
-
-#define WR16  6
-#define SR16  9
-#define WR17 11
-#define SR17 13
-#define WR18  3
-#define SR18 15
-#define WR19  7
-#define SR19  7
-#define WR20  0
-#define SR20 12
-#define WR21 13
-#define SR21  8
-#define WR22  5
-#define SR22  9
-#define WR23 10
-#define SR23 11
-#define WR24 14
-#define SR24  7
-#define WR25 15
-#define SR25  7
-#define WR26  8
-#define SR26 12
-#define WR27 12
-#define SR27  7
-#define WR28  4
-#define SR28  6
-#define WR29  9
-#define SR29 15
-#define WR30  1
-#define SR30 13
-#define WR31  2
-#define SR31 11
-
-#define WR32 15
-#define SR32  9
-#define WR33  5
-#define SR33  7
-#define WR34  1
-#define SR34 15
-#define WR35  3
-#define SR35 11
-#define WR36  7
-#define SR36  8
-#define WR37 14
-#define SR37  6
-#define WR38  6
-#define SR38  6
-#define WR39  9
-#define SR39 14
-#define WR40 11
-#define SR40 12
-#define WR41  8
-#define SR41 13
-#define WR42 12
-#define SR42  5
-#define WR43  2
-#define SR43 14
-#define WR44 10
-#define SR44 13
-#define WR45  0
-#define SR45 13
-#define WR46  4
-#define SR46  7
-#define WR47 13
-#define SR47  5
-
-#define WR48  8
-#define SR48 15
-#define WR49  6
-#define SR49  5
-#define WR50  4
-#define SR50  8
-#define WR51  1
-#define SR51 11
-#define WR52  3
-#define SR52 14
-#define WR53 11
-#define SR53 14
-#define WR54 15
-#define SR54  6
-#define WR55  0
-#define SR55 14
-#define WR56  5
-#define SR56  6
-#define WR57 12
-#define SR57  9
-#define WR58  2
-#define SR58 12
-#define WR59 13
-#define SR59  9
-#define WR60  9
-#define SR60 12
-#define WR61  7
-#define SR61  5
-#define WR62 10
-#define SR62 15
-#define WR63 14
-#define SR63  8
-
-#define WR64 12
-#define SR64  8
-#define WR65 15
-#define SR65  5
-#define WR66 10
-#define SR66 12
-#define WR67  4
-#define SR67  9
-#define WR68  1
-#define SR68 12
-#define WR69  5
-#define SR69  5
-#define WR70  8
-#define SR70 14
-#define WR71  7
-#define SR71  6
-#define WR72  6
-#define SR72  8
-#define WR73  2
-#define SR73 13
-#define WR74 13
-#define SR74  6
-#define WR75 14
-#define SR75  5
-#define WR76  0
-#define SR76 15
-#define WR77  3
-#define SR77 13
-#define WR78  9
-#define SR78 11
-#define WR79 11
-#define SR79 11
-
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
deleted file mode 100644
index dbed701e89..0000000000
--- a/src/lib/libcrypto/rsa/rsa.h
+++ /dev/null
@@ -1,413 +0,0 @@
-/* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-#define HEADER_RSA_H
-
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef OPENSSL_NO_RSA
-#error RSA is disabled.
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_RSA_SIZE_T int
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rsa_st RSA;
-
-typedef struct rsa_meth_st
-        {
-        const char *name;
-        int (*rsa_pub_enc)(int flen,const unsigned char *from,
-                           unsigned char *to,
-                           RSA *rsa,int padding);
-        int (*rsa_pub_dec)(int flen,const unsigned char *from,
-                           unsigned char *to,
-                           RSA *rsa,int padding);
-        int (*rsa_priv_enc)(int flen,const unsigned char *from,
-                            unsigned char *to,
-                            RSA *rsa,int padding);
-        int (*rsa_priv_dec)(int flen,const unsigned char *from,
-                            unsigned char *to,
-                            RSA *rsa,int padding);
-        int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx,
-                          BN_MONT_CTX *m_ctx); /* Can be null */
-        int (*init)(RSA *rsa);          /* called at new */
-        int (*finish)(RSA *rsa);        /* called at free */
-        int flags;                      /* RSA_METHOD_FLAG_* things */
-        char *app_data;                 /* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
-        int (*rsa_sign)(int type,
-                const unsigned char *m, unsigned int m_length,
-                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-        int (*rsa_verify)(int dtype,
-                const unsigned char *m, unsigned int m_length,
-                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-
-        } RSA_METHOD;
-
-struct rsa_st
-        {
-        /* The first parameter is used to pickup errors where
-         * this is passed instead of aEVP_PKEY, it is set to 0 */
-        int pad;
-        long version;
-        const RSA_METHOD *meth;
-        /* functional reference if 'meth' is ENGINE-provided */
-        ENGINE *engine;
-        BIGNUM *n;
-        BIGNUM *e;
-        BIGNUM *d;
-        BIGNUM *p;
-        BIGNUM *q;
-        BIGNUM *dmp1;
-        BIGNUM *dmq1;
-        BIGNUM *iqmp;
-        /* be careful using this if the RSA structure is shared */
-        CRYPTO_EX_DATA ex_data;
-        int references;
-        int flags;
-
-        /* Used to cache montgomery values */
-        BN_MONT_CTX *_method_mod_n;
-        BN_MONT_CTX *_method_mod_p;
-        BN_MONT_CTX *_method_mod_q;
-
-        /* all BIGNUM values are actually in the following data, if it is not
-         * NULL */
-        char *bignum_data;
-        BN_BLINDING *blinding;
-        };
-
-#define OPENSSL_RSA_MAX_MODULUS_BITS    16384
-
-#define OPENSSL_RSA_SMALL_MODULUS_BITS  3072
-#define OPENSSL_RSA_MAX_PUBEXP_BITS     64 /* exponent limit enforced for "small" modulus only */
-
-#define RSA_3   0x3L
-#define RSA_F4  0x10001L
-
-#define RSA_METHOD_FLAG_NO_CHECK        0x0001 /* don't check pub/private match */
-
-#define RSA_FLAG_CACHE_PUBLIC           0x0002
-#define RSA_FLAG_CACHE_PRIVATE          0x0004
-#define RSA_FLAG_BLINDING               0x0008
-#define RSA_FLAG_THREAD_SAFE            0x0010
-/* This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
- * gets called when private key components are absent.
- */
-#define RSA_FLAG_EXT_PKEY               0x0020
-
-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
- */
-#define RSA_FLAG_SIGN_VER               0x0040
-
-#define RSA_FLAG_NO_BLINDING            0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
-                                                * RSA implementation now uses blinding by
-                                                * default (ignoring RSA_FLAG_BLINDING),
-                                                * but other engines might not need it
-                                                */
-#define RSA_FLAG_NO_EXP_CONSTTIME       0x0100 /* new with 0.9.7h; the built-in RSA
-                                                * implementation now uses constant time
-                                                * modular exponentiation for secret exponents
-                                                * by default. This flag causes the
-                                                * faster variable sliding window method to
-                                                * be used for all exponents.
-                                                */
-
-#define RSA_PKCS1_PADDING       1
-#define RSA_SSLV23_PADDING      2
-#define RSA_NO_PADDING          3
-#define RSA_PKCS1_OAEP_PADDING  4
-#define RSA_X931_PADDING        5
-
-#define RSA_PKCS1_PADDING_SIZE  11
-
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
-
-RSA *   RSA_new(void);
-RSA *   RSA_new_method(ENGINE *engine);
-int     RSA_size(const RSA *);
-RSA *   RSA_generate_key(int bits, unsigned long e,void
-                (*callback)(int,int,void *),void *cb_arg);
-int     RSA_check_key(const RSA *);
-#ifdef OPENSSL_FIPS
-int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
-                        void (*cb)(int, int, void *), void *cb_arg,
-                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
-                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
-                        const BIGNUM *e);
-RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
-             void (*cb)(int,int,void *), void *cb_arg);
-#endif
-        /* next 4 return -1 on error */
-int     RSA_public_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-int     RSA_private_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-int     RSA_public_decrypt(int flen, const unsigned char *from, 
-                unsigned char *to, RSA *rsa,int padding);
-int     RSA_private_decrypt(int flen, const unsigned char *from, 
-                unsigned char *to, RSA *rsa,int padding);
-void    RSA_free (RSA *r);
-/* "up" the RSA object's reference count */
-int     RSA_up_ref(RSA *r);
-
-int     RSA_flags(const RSA *r);
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-#ifndef OPENSSL_NO_FP_API
-int     RSA_print_fp(FILE *fp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int     RSA_print(BIO *bp, const RSA *r,int offset);
-#endif
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
-
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
- * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
-        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
- * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type,
-        const unsigned char *m, unsigned int m_length,
-        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type,
-        const unsigned char *m, unsigned int m_length,
-        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-        const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-        const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len,
-        const unsigned char *seed, long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,
-        const unsigned char *p,int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len,
-        const unsigned char *p,int pl);
-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-        const unsigned char *f,int fl);
-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_none(unsigned char *to,int tlen,
-        const unsigned char *f,int fl);
-int RSA_padding_check_none(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_X931(unsigned char *to,int tlen,
-        const unsigned char *f,int fl);
-int RSA_padding_check_X931(unsigned char *to,int tlen,
-        const unsigned char *f,int fl,int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-                        const EVP_MD *Hash, const unsigned char *EM, int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-                        const unsigned char *mHash,
-                        const EVP_MD *Hash, int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_MEMORY_LOCK                                100
-#define RSA_F_RSA_CHECK_KEY                              123
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     104
-#define RSA_F_RSA_GENERATE_KEY                           105
-#define RSA_F_RSA_NEW_METHOD                             106
-#define RSA_F_RSA_NULL                                   124
-#define RSA_F_RSA_PADDING_ADD_NONE                       107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
-#define RSA_F_RSA_PADDING_ADD_SSLV23                     110
-#define RSA_F_RSA_PADDING_ADD_X931                       127
-#define RSA_F_RSA_PADDING_CHECK_NONE                     111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
-#define RSA_F_RSA_PADDING_CHECK_X931                     128
-#define RSA_F_RSA_PRINT                                  115
-#define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_SIGN                                   117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
-#define RSA_F_RSA_VERIFY                                 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
-#define RSA_F_RSA_VERIFY_PKCS1_PSS                       126
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH                         100
-#define RSA_R_BAD_E_VALUE                                101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
-#define RSA_R_BAD_PAD_BYTE_COUNT                         103
-#define RSA_R_BAD_SIGNATURE                              104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
-#define RSA_R_DATA_TOO_LARGE                             109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
-#define RSA_R_DATA_TOO_SMALL                             111
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
-#define RSA_R_FIRST_OCTET_INVALID                        133
-#define RSA_R_INVALID_HEADER                             137
-#define RSA_R_INVALID_MESSAGE_LENGTH                     131
-#define RSA_R_INVALID_PADDING                            138
-#define RSA_R_INVALID_TRAILER                            139
-#define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
-#define RSA_R_KEY_SIZE_TOO_SMALL                         120
-#define RSA_R_LAST_OCTET_INVALID                         134
-#define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
-#define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
-#define RSA_R_OAEP_DECODING_ERROR                        121
-#define RSA_R_PADDING_CHECK_FAILED                       114
-#define RSA_R_P_NOT_PRIME                                128
-#define RSA_R_Q_NOT_PRIME                                129
-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
-#define RSA_R_SLEN_CHECK_FAILED                          136
-#define RSA_R_SLEN_RECOVERY_FAILED                       135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
-#define RSA_R_UNKNOWN_PADDING_TYPE                       118
-#define RSA_R_WRONG_SIGNATURE_LENGTH                     119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
deleted file mode 100644
index 1455a7e0e4..0000000000
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* rsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/asn1t.h>
-
-static ASN1_METHOD method={
-        (int (*)())  i2d_RSAPrivateKey,
-        (char *(*)())d2i_RSAPrivateKey,
-        (char *(*)())RSA_new,
-        (void (*)()) RSA_free};
-
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
-        {
-        return(&method);
-        }
-
-/* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-        if(operation == ASN1_OP_NEW_PRE) {
-                *pval = (ASN1_VALUE *)RSA_new();
-                if(*pval) return 2;
-                return 0;
-        } else if(operation == ASN1_OP_FREE_PRE) {
-                RSA_free((RSA *)*pval);
-                *pval = NULL;
-                return 2;
-        }
-        return 1;
-}
-
-ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
-        ASN1_SIMPLE(RSA, version, LONG),
-        ASN1_SIMPLE(RSA, n, BIGNUM),
-        ASN1_SIMPLE(RSA, e, BIGNUM),
-        ASN1_SIMPLE(RSA, d, BIGNUM),
-        ASN1_SIMPLE(RSA, p, BIGNUM),
-        ASN1_SIMPLE(RSA, q, BIGNUM),
-        ASN1_SIMPLE(RSA, dmp1, BIGNUM),
-        ASN1_SIMPLE(RSA, dmq1, BIGNUM),
-        ASN1_SIMPLE(RSA, iqmp, BIGNUM)
-} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
-
-
-ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
-        ASN1_SIMPLE(RSA, n, BIGNUM),
-        ASN1_SIMPLE(RSA, e, BIGNUM),
-} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
-
-RSA *RSAPublicKey_dup(RSA *rsa)
-        {
-        return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
-        }
-
-RSA *RSAPrivateKey_dup(RSA *rsa)
-        {
-        return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
-        }
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
deleted file mode 100644
index 002f2cb487..0000000000
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-
-int RSA_check_key(const RSA *key)
-        {
-        BIGNUM *i, *j, *k, *l, *m;
-        BN_CTX *ctx;
-        int r;
-        int ret=1;
-        
-        i = BN_new();
-        j = BN_new();
-        k = BN_new();
-        l = BN_new();
-        m = BN_new();
-        ctx = BN_CTX_new();
-        if (i == NULL || j == NULL || k == NULL || l == NULL ||
-                m == NULL || ctx == NULL)
-                {
-                ret = -1;
-                RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        
-        /* p prime? */
-        r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
-        if (r != 1)
-                {
-                ret = r;
-                if (r != 0)
-                        goto err;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
-                }
-        
-        /* q prime? */
-        r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
-        if (r != 1)
-                {
-                ret = r;
-                if (r != 0)
-                        goto err;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
-                }
-        
-        /* n = p*q? */
-        r = BN_mul(i, key->p, key->q, ctx);
-        if (!r) { ret = -1; goto err; }
-        
-        if (BN_cmp(i, key->n) != 0)
-                {
-                ret = 0;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
-                }
-        
-        /* d*e = 1  mod lcm(p-1,q-1)? */
-
-        r = BN_sub(i, key->p, BN_value_one());
-        if (!r) { ret = -1; goto err; }
-        r = BN_sub(j, key->q, BN_value_one());
-        if (!r) { ret = -1; goto err; }
-
-        /* now compute k = lcm(i,j) */
-        r = BN_mul(l, i, j, ctx);
-        if (!r) { ret = -1; goto err; }
-        r = BN_gcd(m, i, j, ctx);
-        if (!r) { ret = -1; goto err; }
-        r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-        if (!r) { ret = -1; goto err; }
-
-        r = BN_mod_mul(i, key->d, key->e, k, ctx);
-        if (!r) { ret = -1; goto err; }
-
-        if (!BN_is_one(i))
-                {
-                ret = 0;
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
-                }
-        
-        if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
-                {
-                /* dmp1 = d mod (p-1)? */
-                r = BN_sub(i, key->p, BN_value_one());
-                if (!r) { ret = -1; goto err; }
-
-                r = BN_mod(j, key->d, i, ctx);
-                if (!r) { ret = -1; goto err; }
-
-                if (BN_cmp(j, key->dmp1) != 0)
-                        {
-                        ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                                RSA_R_DMP1_NOT_CONGRUENT_TO_D);
-                        }
-        
-                /* dmq1 = d mod (q-1)? */    
-                r = BN_sub(i, key->q, BN_value_one());
-                if (!r) { ret = -1; goto err; }
-        
-                r = BN_mod(j, key->d, i, ctx);
-                if (!r) { ret = -1; goto err; }
-
-                if (BN_cmp(j, key->dmq1) != 0)
-                        {
-                        ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                                RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
-                        }
-        
-                /* iqmp = q^-1 mod p? */
-                if(!BN_mod_inverse(i, key->q, key->p, ctx))
-                        {
-                        ret = -1;
-                        goto err;
-                        }
-
-                if (BN_cmp(i, key->iqmp) != 0)
-                        {
-                        ret = 0;
-                        RSAerr(RSA_F_RSA_CHECK_KEY,
-                                RSA_R_IQMP_NOT_INVERSE_OF_Q);
-                        }
-                }
-
- err:
-        if (i != NULL) BN_free(i);
-        if (j != NULL) BN_free(j);
-        if (k != NULL) BN_free(k);
-        if (l != NULL) BN_free(l);
-        if (m != NULL) BN_free(m);
-        if (ctx != NULL) BN_CTX_free(ctx);
-        return (ret);
-        }
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
deleted file mode 100644
index 610889dc80..0000000000
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,818 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-        "Eric Young's PKCS#1 RSA",
-        RSA_eay_public_encrypt,
-        RSA_eay_public_decrypt, /* signature verification */
-        RSA_eay_private_encrypt, /* signing */
-        RSA_eay_private_decrypt,
-        RSA_eay_mod_exp,
-        BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
-        RSA_eay_init,
-        RSA_eay_finish,
-        0, /* flags */
-        NULL,
-        0, /* rsa_sign */
-        0  /* rsa_verify */
-        };
-
-const RSA_METHOD *RSA_PKCS1_SSLeay(void)
-        {
-        return(&rsa_pkcs1_eay_meth);
-        }
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-                break;
-#ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                i=RSA_padding_add_SSLv23(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        
-        if (BN_ucmp(&f, rsa->n) >= 0)
-                {       
-                /* usually the padding functions would catch this */
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-                goto err;
-                }
-
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-                {
-                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-                                        CRYPTO_LOCK_RSA, rsa->n, ctx))
-                        goto err;
-                }
-
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL) 
-                {
-                OPENSSL_cleanse(buf,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-
-static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        int ret = 1;
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-        /* Check again inside the lock - the macro's check is racey */
-        if(rsa->blinding == NULL)
-                ret = RSA_blinding_on(rsa, ctx);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-        return ret;
-        }
-
-#define BLINDING_HELPER(rsa, ctx, err_instr) \
-        do { \
-                if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
-                    ((rsa)->blinding == NULL) && \
-                    !rsa_eay_blinding(rsa, ctx)) \
-                    err_instr \
-        } while(0)
-
-static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        BIGNUM *A, *Ai;
-        BN_BLINDING *ret = NULL;
-
-        /* added in OpenSSL 0.9.6j and 0.9.7b */
-
-        /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
-         * this should be placed in a new function of its own, but for reasons
-         * of binary compatibility can't */
-
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-                {
-                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
-                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
-                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
-                }
-        else
-                {
-                if (!BN_rand_range(A,rsa->n)) goto err;
-                }
-        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
-
-        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-                goto err;
-        ret = BN_BLINDING_new(A,Ai,rsa->n);
-        BN_free(Ai);
-err:
-        BN_CTX_end(ctx);
-        return ret;
-        }
-
-/* signing */
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret, *res;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        int local_blinding = 0;
-        BN_BLINDING *blinding = NULL;
-
-        BN_init(&f);
-        BN_init(&ret);
-
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-                return -1;
-                }
-
-        if (BN_ucmp(rsa->n, rsa->e) <= 0)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-                return -1;
-                }
-
-        /* for large moduli, enforce exponent limit */
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-                {
-                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-                        {
-                        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-                        return -1;
-                        }
-                }
-
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        case RSA_SSLV23_PADDING:
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        
-        if (BN_ucmp(&f, rsa->n) >= 0)
-                {       
-                /* usually the padding functions would catch this */
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-                goto err;
-                }
-
-        BLINDING_HELPER(rsa, ctx, goto err;);
-        blinding = rsa->blinding;
-        
-        /* Now unless blinding is disabled, 'blinding' is non-NULL.
-         * But the BN_BLINDING object may be owned by some other thread
-         * (we don't want to keep it constant and we don't want to use
-         * lots of locking to avoid race conditions, so only a single
-         * thread can use it; other threads have to use local blinding
-         * factors) */
-        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-                {
-                if (blinding == NULL)
-                        {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                }
-        
-        if (blinding != NULL)
-                {
-                if (blinding->thread_id != CRYPTO_thread_id())
-                        {
-                        /* we need a local one-time blinding factor */
-
-                        blinding = setup_blinding(rsa, ctx);
-                        if (blinding == NULL)
-                                goto err;
-                        local_blinding = 1;
-                        }
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
-
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { 
-                if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
-                }
-        else
-                {
-                BIGNUM local_d;
-                BIGNUM *d = NULL;
-                
-                if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                        {
-                        BN_init(&local_d);
-                        d = &local_d;
-                        BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        d = rsa->d;
-                if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
-
-        if (padding == RSA_X931_PADDING)
-                {
-                BN_sub(&f, rsa->n, &ret);
-                if (BN_cmp(&ret, &f))
-                        res = &f;
-                else
-                        res = &ret;
-                }
-        else
-                res = &ret;
-
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(res);
-        i=BN_bn2bin(res,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&ret);
-        BN_clear_free(&f);
-        if (local_blinding)
-                BN_BLINDING_free(blinding);
-        if (buf != NULL)
-                {
-                OPENSSL_cleanse(buf,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int j,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        int local_blinding = 0;
-        BN_BLINDING *blinding = NULL;
-
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-
-        num=BN_num_bytes(rsa->n);
-
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-
-        /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
-
-        if (BN_ucmp(&f, rsa->n) >= 0)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-                goto err;
-                }
-
-        BLINDING_HELPER(rsa, ctx, goto err;);
-        blinding = rsa->blinding;
-        
-        /* Now unless blinding is disabled, 'blinding' is non-NULL.
-         * But the BN_BLINDING object may be owned by some other thread
-         * (we don't want to keep it constant and we don't want to use
-         * lots of locking to avoid race conditions, so only a single
-         * thread can use it; other threads have to use local blinding
-         * factors) */
-        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-                {
-                if (blinding == NULL)
-                        {
-                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                }
-        
-        if (blinding != NULL)
-                {
-                if (blinding->thread_id != CRYPTO_thread_id())
-                        {
-                        /* we need a local one-time blinding factor */
-
-                        blinding = setup_blinding(rsa, ctx);
-                        if (blinding == NULL)
-                                goto err;
-                        local_blinding = 1;
-                        }
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
-
-        /* do the decrypt */
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                {
-                if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
-                }
-        else
-                {
-                BIGNUM local_d;
-                BIGNUM *d = NULL;
-                
-                if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                        {
-                        d = &local_d;
-                        BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        d = rsa->d;
-                if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
-                        goto err;
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
-
-        p=buf;
-        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
-
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-                break;
-#ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,j,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (local_blinding)
-                BN_BLINDING_free(blinding);
-        if (buf != NULL)
-                {
-                OPENSSL_cleanse(buf,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-
-/* signature verification */
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int i,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-                return -1;
-                }
-
-        if (BN_ucmp(rsa->n, rsa->e) <= 0)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-                return -1;
-                }
-
-        /* for large moduli, enforce exponent limit */
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-                {
-                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-                        {
-                        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-                        return -1;
-                        }
-                }
-
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-
-        num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)OPENSSL_malloc(num);
-        if (buf == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-
-        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-
-        if (BN_ucmp(&f, rsa->n) >= 0)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-                goto err;
-                }
-
-        /* do the decrypt */
-
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-                {
-                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
-                                        CRYPTO_LOCK_RSA, rsa->n, ctx))
-                        goto err;
-                }
-
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-
-        if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
-                BN_sub(&ret, rsa->n, &ret);
-
-        p=buf;
-        i=BN_bn2bin(&ret,p);
-
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,i,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                OPENSSL_cleanse(buf,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
-        {
-        BIGNUM r1,m1,vrfy;
-        BIGNUM local_dmp1, local_dmq1;
-        BIGNUM *dmp1, *dmq1;
-        int ret=0;
-        BN_CTX *ctx;
-
-        BN_init(&m1);
-        BN_init(&r1);
-        BN_init(&vrfy);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-                {
-                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
-                                        CRYPTO_LOCK_RSA, rsa->p, ctx))
-                        goto err;
-                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
-                                        CRYPTO_LOCK_RSA, rsa->q, ctx))
-                        goto err;
-                }
-
-        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                {
-                dmq1 = &local_dmq1;
-                BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
-                }
-        else
-                dmq1 = rsa->dmq1;
-        if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
-                rsa->_method_mod_q)) goto err;
-
-        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                {
-                dmp1 = &local_dmp1;
-                BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
-                }
-        else
-                dmp1 = rsa->dmp1;
-        if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
-                rsa->_method_mod_p)) goto err;
-
-        if (!BN_sub(r0,r0,&m1)) goto err;
-        /* This will help stop the size of r0 increasing, which does
-         * affect the multiply if it optimised for a power of 2 size */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-
-        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
-        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
-        /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
-         * negative. This can break the private key operations: the following
-         * second correction should *always* correct this rare occurrence.
-         * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,&r1,&m1)) goto err;
-
-        if (rsa->e && rsa->n)
-                {
-                if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
-                /* If 'I' was greater than (or equal to) rsa->n, the operation
-                 * will be equivalent to using 'I mod n'. However, the result of
-                 * the verify will *always* be less than 'n' so we don't check
-                 * for absolute equality, just congruency. */
-                if (!BN_sub(&vrfy, &vrfy, I)) goto err;
-                if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
-                if (vrfy.neg)
-                        if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
-                if (!BN_is_zero(&vrfy))
-                        {
-                        /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
-                         * miscalculated CRT output, just do a raw (slower)
-                         * mod_exp and return that instead. */
-
-                        BIGNUM local_d;
-                        BIGNUM *d = NULL;
-                
-                        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                                {
-                                d = &local_d;
-                                BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
-                                }
-                        else
-                                d = rsa->d;
-                        if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
-                        }
-                }
-        ret=1;
-err:
-        BN_clear_free(&m1);
-        BN_clear_free(&r1);
-        BN_clear_free(&vrfy);
-        BN_CTX_free(ctx);
-        return(ret);
-        }
-
-static int RSA_eay_init(RSA *rsa)
-        {
-        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        return(1);
-        }
-
-static int RSA_eay_finish(RSA *rsa)
-        {
-        if (rsa->_method_mod_n != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_n);
-        if (rsa->_method_mod_p != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_p);
-        if (rsa->_method_mod_q != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_q);
-        return(1);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
deleted file mode 100644
index ddcb28e663..0000000000
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* crypto/rsa/rsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[]=
-        {
-{ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_NULL),      "RSA_NULL"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),  "RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),  "RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),        "RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),  "RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),        "RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),  "RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),        "RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),        "RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),      "RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),  "RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),  "RSA_verify_PKCS1_PSS"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA RSA_str_reasons[]=
-        {
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_RSA_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,RSA_str_functs);
-                ERR_load_strings(0,RSA_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
deleted file mode 100644
index dd1422cc98..0000000000
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_FIPS
-
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-             void (*callback)(int,int,void *), void *cb_arg)
-        {
-        RSA *rsa=NULL;
-        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-        int bitsp,bitsq,ok= -1,n=0,i;
-        BN_CTX *ctx=NULL,*ctx2=NULL;
-
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        ctx2=BN_CTX_new();
-        if (ctx2 == NULL) goto err;
-        BN_CTX_start(ctx);
-        r0 = BN_CTX_get(ctx);
-        r1 = BN_CTX_get(ctx);
-        r2 = BN_CTX_get(ctx);
-        r3 = BN_CTX_get(ctx);
-        if (r3 == NULL) goto err;
-
-        bitsp=(bits+1)/2;
-        bitsq=bits-bitsp;
-        rsa=RSA_new();
-        if (rsa == NULL) goto err;
-
-        /* set e */ 
-        rsa->e=BN_new();
-        if (rsa->e == NULL) goto err;
-
-#if 1
-        /* The problem is when building with 8, 16, or 32 BN_ULONG,
-         * unsigned long can be larger */
-        for (i=0; i<sizeof(unsigned long)*8; i++)
-                {
-                if (e_value & (1UL<<i))
-                        BN_set_bit(rsa->e,i);
-                }
-#else
-        if (!BN_set_word(rsa->e,e_value)) goto err;
-#endif
-
-        /* generate p and q */
-        for (;;)
-                {
-                rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
-                if (rsa->p == NULL) goto err;
-                if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
-                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-                if (BN_is_one(r1)) break;
-                if (callback != NULL) callback(2,n++,cb_arg);
-                BN_free(rsa->p);
-                }
-        if (callback != NULL) callback(3,0,cb_arg);
-        for (;;)
-                {
-                rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
-                if (rsa->q == NULL) goto err;
-                if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
-                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-                if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
-                        break;
-                if (callback != NULL) callback(2,n++,cb_arg);
-                BN_free(rsa->q);
-                }
-        if (callback != NULL) callback(3,1,cb_arg);
-        if (BN_cmp(rsa->p,rsa->q) < 0)
-                {
-                tmp=rsa->p;
-                rsa->p=rsa->q;
-                rsa->q=tmp;
-                }
-
-        /* calculate n */
-        rsa->n=BN_new();
-        if (rsa->n == NULL) goto err;
-        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-
-        /* calculate d */
-        if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;        /* p-1 */
-        if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;        /* q-1 */
-        if (!BN_mul(r0,r1,r2,ctx)) goto err;    /* (p-1)(q-1) */
-
-/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
-/*      for (;;)
-                {
-                if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
-                if (BN_is_one(r3)) break;
-
-                if (1)
-                        {
-                        if (!BN_add_word(rsa->e,2L)) goto err;
-                        continue;
-                        }
-                RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
-                goto err;
-                }
-*/
-        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
-        if (rsa->d == NULL) goto err;
-
-        /* calculate d mod (p-1) */
-        rsa->dmp1=BN_new();
-        if (rsa->dmp1 == NULL) goto err;
-        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
-
-        /* calculate d mod (q-1) */
-        rsa->dmq1=BN_new();
-        if (rsa->dmq1 == NULL) goto err;
-        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
-
-        /* calculate inverse of q mod p */
-        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-        if (rsa->iqmp == NULL) goto err;
-
-        ok=1;
-err:
-        if (ok == -1)
-                {
-                RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
-                ok=0;
-                }
-        if (ctx != NULL)
-                BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-        BN_CTX_free(ctx2);
-        
-        if (!ok)
-                {
-                if (rsa != NULL) RSA_free(rsa);
-                return(NULL);
-                }
-        else
-                return(rsa);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
deleted file mode 100644
index e4d622851e..0000000000
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ /dev/null
@@ -1,414 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth=NULL;
-
-RSA *RSA_new(void)
-        {
-        RSA *r=RSA_new_method(NULL);
-
-        return r;
-        }
-
-void RSA_set_default_method(const RSA_METHOD *meth)
-        {
-        default_RSA_meth = meth;
-        }
-
-const RSA_METHOD *RSA_get_default_method(void)
-        {
-        if (default_RSA_meth == NULL)
-                {
-#ifdef RSA_NULL
-                default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
-                default_RSA_meth=RSA_PKCS1_RSAref();
-#else
-                default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                }
-
-        return default_RSA_meth;
-        }
-
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
-        {
-        return rsa->meth;
-        }
-
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
-        {
-        /* NB: The caller is specifically setting a method, so it's not up to us
-         * to deal with which ENGINE it comes from. */
-        const RSA_METHOD *mtmp;
-        mtmp = rsa->meth;
-        if (mtmp->finish) mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
-        if (rsa->engine)
-                {
-                ENGINE_finish(rsa->engine);
-                rsa->engine = NULL;
-                }
-#endif
-        rsa->meth = meth;
-        if (meth->init) meth->init(rsa);
-        return 1;
-        }
-
-RSA *RSA_new_method(ENGINE *engine)
-        {
-        RSA *ret;
-
-        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
-        if (ret == NULL)
-                {
-                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-
-        ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-        if (engine)
-                {
-                if (!ENGINE_init(engine))
-                        {
-                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                ret->engine = engine;
-                }
-        else
-                ret->engine = ENGINE_get_default_RSA();
-        if(ret->engine)
-                {
-                ret->meth = ENGINE_get_RSA(ret->engine);
-                if(!ret->meth)
-                        {
-                        RSAerr(RSA_F_RSA_NEW_METHOD,
-                                ERR_R_ENGINE_LIB);
-                        ENGINE_finish(ret->engine);
-                        OPENSSL_free(ret);
-                        return NULL;
-                        }
-                }
-#endif
-
-        ret->pad=0;
-        ret->version=0;
-        ret->n=NULL;
-        ret->e=NULL;
-        ret->d=NULL;
-        ret->p=NULL;
-        ret->q=NULL;
-        ret->dmp1=NULL;
-        ret->dmq1=NULL;
-        ret->iqmp=NULL;
-        ret->references=1;
-        ret->_method_mod_n=NULL;
-        ret->_method_mod_p=NULL;
-        ret->_method_mod_q=NULL;
-        ret->blinding=NULL;
-        ret->bignum_data=NULL;
-        ret->flags=ret->meth->flags;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-                {
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-                OPENSSL_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-void RSA_free(RSA *r)
-        {
-        int i;
-
-        if (r == NULL) return;
-
-        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-        REF_PRINT("RSA",r);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"RSA_free, bad reference count\n");
-                abort();
-                }
-#endif
-
-        if (r->meth->finish)
-                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        if (r->engine)
-                ENGINE_finish(r->engine);
-#endif
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
-        if (r->n != NULL) BN_clear_free(r->n);
-        if (r->e != NULL) BN_clear_free(r->e);
-        if (r->d != NULL) BN_clear_free(r->d);
-        if (r->p != NULL) BN_clear_free(r->p);
-        if (r->q != NULL) BN_clear_free(r->q);
-        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
-        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
-        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
-        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
-        OPENSSL_free(r);
-        }
-
-int RSA_up_ref(RSA *r)
-        {
-        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-        REF_PRINT("RSA",r);
-#endif
-#ifdef REF_CHECK
-        if (i < 2)
-                {
-                fprintf(stderr, "RSA_up_ref, bad reference count\n");
-                abort();
-                }
-#endif
-        return ((i > 1) ? 1 : 0);
-        }
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-        }
-
-void *RSA_get_ex_data(const RSA *r, int idx)
-        {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
-        }
-
-int RSA_size(const RSA *r)
-        {
-        return(BN_num_bytes(r->n));
-        }
-
-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-             RSA *rsa, int padding)
-        {
-        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-        }
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-             RSA *rsa, int padding)
-        {
-        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-        }
-
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-             RSA *rsa, int padding)
-        {
-        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-        }
-
-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-             RSA *rsa, int padding)
-        {
-        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-        }
-
-int RSA_flags(const RSA *r)
-        {
-        return((r == NULL)?0:r->meth->flags);
-        }
-
-void RSA_blinding_off(RSA *rsa)
-        {
-        if (rsa->blinding != NULL)
-                {
-                BN_BLINDING_free(rsa->blinding);
-                rsa->blinding=NULL;
-                }
-        rsa->flags &= ~RSA_FLAG_BLINDING;
-        rsa->flags |= RSA_FLAG_NO_BLINDING;
-        }
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
-        {
-        BIGNUM *A,*Ai = NULL;
-        BN_CTX *ctx;
-        int ret=0;
-
-        if (p_ctx == NULL)
-                {
-                if ((ctx=BN_CTX_new()) == NULL) goto err;
-                }
-        else
-                ctx=p_ctx;
-
-        /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
-        if (rsa->blinding != NULL)
-                {
-                BN_BLINDING_free(rsa->blinding);
-                rsa->blinding = NULL;
-                }
-
-        /* NB: similar code appears in setup_blinding (rsa_eay.c);
-         * this should be placed in a new function of its own, but for reasons
-         * of binary compatibility can't */
-
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-                {
-                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
-                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
-                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
-                }
-        else
-                {
-                if (!BN_rand_range(A,rsa->n)) goto err;
-                }
-        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
-
-        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-                goto err;
-        if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
-        /* to make things thread-safe without excessive locking,
-         * rsa->blinding will be used just by the current thread: */
-        rsa->blinding->thread_id = CRYPTO_thread_id();
-        rsa->flags |= RSA_FLAG_BLINDING;
-        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-        ret=1;
-err:
-        if (Ai != NULL) BN_free(Ai);
-        BN_CTX_end(ctx);
-        if (ctx != p_ctx) BN_CTX_free(ctx);
-        return(ret);
-        }
-
-int RSA_memory_lock(RSA *r)
-        {
-        int i,j,k,off;
-        char *p;
-        BIGNUM *bn,**t[6],*b;
-        BN_ULONG *ul;
-
-        if (r->d == NULL) return(1);
-        t[0]= &r->d;
-        t[1]= &r->p;
-        t[2]= &r->q;
-        t[3]= &r->dmp1;
-        t[4]= &r->dmq1;
-        t[5]= &r->iqmp;
-        k=sizeof(BIGNUM)*6;
-        off=k/sizeof(BN_ULONG)+1;
-        j=1;
-        for (i=0; i<6; i++)
-                j+= (*t[i])->top;
-        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
-                {
-                RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        bn=(BIGNUM *)p;
-        ul=(BN_ULONG *)&(p[off]);
-        for (i=0; i<6; i++)
-                {
-                b= *(t[i]);
-                *(t[i])= &(bn[i]);
-                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
-                bn[i].flags=BN_FLG_STATIC_DATA;
-                bn[i].d=ul;
-                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
-                ul+=b->top;
-                BN_clear_free(b);
-                }
-        
-        /* I should fix this so it can still be done */
-        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
-
-        r->bignum_data=p;
-        return(1);
-        }
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
deleted file mode 100644
index e6f3e627ca..0000000000
--- a/src/lib/libcrypto/rsa/rsa_none.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* crypto/rsa/rsa_none.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_none(unsigned char *to, int tlen,
-        const unsigned char *from, int flen)
-        {
-        if (flen > tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return(0);
-                }
-
-        if (flen < tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-                return(0);
-                }
-        
-        memcpy(to,from,(unsigned int)flen);
-        return(1);
-        }
-
-int RSA_padding_check_none(unsigned char *to, int tlen,
-        const unsigned char *from, int flen, int num)
-        {
-
-        if (flen > tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
-                return(-1);
-                }
-
-        memset(to,0,tlen-flen);
-        memcpy(to+tlen-flen,from,flen);
-        return(tlen);
-        }
-
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
deleted file mode 100644
index d43ecaca63..0000000000
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* crypto/rsa/rsa_oaep.c */
-/* Written by Ulf Moeller. This software is distributed on an "AS IS"
-   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
-
-/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
-
-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
- * <URL: http://www.shoup.net/papers/oaep.ps.Z>
- * for problems with the security proof for the
- * original OAEP scheme, which EME-OAEP is based on.
- * 
- * A new proof can be found in E. Fujisaki, T. Okamoto,
- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
- * The new proof has stronger requirements for the
- * underlying permutation: "partial-one-wayness" instead
- * of one-wayness.  For the RSA function, this is
- * an equivalent notion.
- */
-
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-        const unsigned char *from, int flen,
-        const unsigned char *param, int plen)
-        {
-        int i, emlen = tlen - 1;
-        unsigned char *db, *seed;
-        unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
-        if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-                   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return 0;
-                }
-
-        if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
-                return 0;
-                }
-
-        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-        if (dbmask == NULL)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-
-        to[0] = 0;
-        seed = to + 1;
-        db = to + SHA_DIGEST_LENGTH + 1;
-
-        EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
-        memset(db + SHA_DIGEST_LENGTH, 0,
-                emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
-        db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
-        memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
-        if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
-                return 0;
-#ifdef PKCS_TESTVECT
-        memcpy(seed,
-           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
-           20);
-#endif
-
-        PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
-                                                                EVP_sha1());
-        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
-                db[i] ^= dbmask[i];
-
-        PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
-                                                                EVP_sha1());
-        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-                seed[i] ^= seedmask[i];
-
-        OPENSSL_free(dbmask);
-        return 1;
-        }
-
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-        const unsigned char *from, int flen, int num,
-        const unsigned char *param, int plen)
-        {
-        int i, dblen, mlen = -1;
-        const unsigned char *maskeddb;
-        int lzero;
-        unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-        int bad = 0;
-
-        if (--num < 2 * SHA_DIGEST_LENGTH + 1)
-                /* 'num' is the length of the modulus, i.e. does not depend on the
-                 * particular ciphertext. */
-                goto decoding_err;
-
-        lzero = num - flen;
-        if (lzero < 0)
-                {
-                /* lzero == -1 */
-
-                /* signalling this error immediately after detection might allow
-                 * for side-channel attacks (e.g. timing if 'plen' is huge
-                 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
-                 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
-                 * so we use a 'bad' flag */
-                bad = 1;
-                lzero = 0;
-                }
-        maskeddb = from - lzero + SHA_DIGEST_LENGTH;
-
-        dblen = num - SHA_DIGEST_LENGTH;
-        db = OPENSSL_malloc(dblen);
-        if (db == NULL)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-                return -1;
-                }
-
-        PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
-        for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
-                seed[i] ^= from[i - lzero];
-  
-        PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
-        for (i = 0; i < dblen; i++)
-                db[i] ^= maskeddb[i];
-
-        EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
-
-        if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
-                goto decoding_err;
-        else
-                {
-                for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
-                        if (db[i] != 0x00)
-                                break;
-                if (db[i] != 0x01 || i++ >= dblen)
-                        goto decoding_err;
-                else
-                        {
-                        /* everything looks OK */
-
-                        mlen = dblen - i;
-                        if (tlen < mlen)
-                                {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
-                                mlen = -1;
-                                }
-                        else
-                                memcpy(to, db + i, mlen);
-                        }
-                }
-        OPENSSL_free(db);
-        return mlen;
-
-decoding_err:
-        /* to avoid chosen ciphertext attacks, the error message should not reveal
-         * which kind of decoding error happened */
-        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
-        if (db != NULL) OPENSSL_free(db);
-        return -1;
-        }
-
-int PKCS1_MGF1(unsigned char *mask, long len,
-        const unsigned char *seed, long seedlen, const EVP_MD *dgst)
-        {
-        long i, outlen = 0;
-        unsigned char cnt[4];
-        EVP_MD_CTX c;
-        unsigned char md[EVP_MAX_MD_SIZE];
-        int mdlen;
-
-        EVP_MD_CTX_init(&c);
-        mdlen = EVP_MD_size(dgst);
-        for (i = 0; outlen < len; i++)
-                {
-                cnt[0] = (unsigned char)((i >> 24) & 255);
-                cnt[1] = (unsigned char)((i >> 16) & 255);
-                cnt[2] = (unsigned char)((i >> 8)) & 255;
-                cnt[3] = (unsigned char)(i & 255);
-                EVP_DigestInit_ex(&c,dgst, NULL);
-                EVP_DigestUpdate(&c, seed, seedlen);
-                EVP_DigestUpdate(&c, cnt, 4);
-                if (outlen + mdlen <= len)
-                        {
-                        EVP_DigestFinal_ex(&c, mask + outlen, NULL);
-                        outlen += mdlen;
-                        }
-                else
-                        {
-                        EVP_DigestFinal_ex(&c, md, NULL);
-                        memcpy(mask + outlen, md, len - outlen);
-                        outlen = len;
-                        }
-                }
-        EVP_MD_CTX_cleanup(&c);
-        return 0;
-        }
-
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
-        {
-        return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
-        }
-#endif
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
deleted file mode 100644
index 8560755f1d..0000000000
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* crypto/rsa/rsa_pk1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-             const unsigned char *from, int flen)
-        {
-        int j;
-        unsigned char *p;
-
-        if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return(0);
-                }
-        
-        p=(unsigned char *)to;
-
-        *(p++)=0;
-        *(p++)=1; /* Private Key BT (Block Type) */
-
-        /* pad out with 0xff data */
-        j=tlen-3-flen;
-        memset(p,0xff,j);
-        p+=j;
-        *(p++)='\0';
-        memcpy(p,from,(unsigned int)flen);
-        return(1);
-        }
-
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-             const unsigned char *from, int flen, int num)
-        {
-        int i,j;
-        const unsigned char *p;
-
-        p=from;
-        if ((num != (flen+1)) || (*(p++) != 01))
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
-                return(-1);
-                }
-
-        /* scan over padding data */
-        j=flen-1; /* one for type. */
-        for (i=0; i<j; i++)
-                {
-                if (*p != 0xff) /* should decrypt to 0xff */
-                        {
-                        if (*p == 0)
-                                { p++; break; }
-                        else    {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
-                                return(-1);
-                                }
-                        }
-                p++;
-                }
-
-        if (i == j)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-                return(-1);
-                }
-
-        if (i < 8)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
-                return(-1);
-                }
-        i++; /* Skip over the '\0' */
-        j-=i;
-        if (j > tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
-                return(-1);
-                }
-        memcpy(to,p,(unsigned int)j);
-
-        return(j);
-        }
-
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-             const unsigned char *from, int flen)
-        {
-        int i,j;
-        unsigned char *p;
-        
-        if (flen > (tlen-11))
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return(0);
-                }
-        
-        p=(unsigned char *)to;
-
-        *(p++)=0;
-        *(p++)=2; /* Public Key BT (Block Type) */
-
-        /* pad out with non-zero random data */
-        j=tlen-3-flen;
-
-        if (RAND_bytes(p,j) <= 0)
-                return(0);
-        for (i=0; i<j; i++)
-                {
-                if (*p == '\0')
-                        do      {
-                                if (RAND_bytes(p,1) <= 0)
-                                        return(0);
-                                } while (*p == '\0');
-                p++;
-                }
-
-        *(p++)='\0';
-
-        memcpy(p,from,(unsigned int)flen);
-        return(1);
-        }
-
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-             const unsigned char *from, int flen, int num)
-        {
-        int i,j;
-        const unsigned char *p;
-
-        p=from;
-        if ((num != (flen+1)) || (*(p++) != 02))
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
-                return(-1);
-                }
-#ifdef PKCS1_CHECK
-        return(num-11);
-#endif
-
-        /* scan over padding data */
-        j=flen-1; /* one for type. */
-        for (i=0; i<j; i++)
-                if (*(p++) == 0) break;
-
-        if (i == j)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-                return(-1);
-                }
-
-        if (i < 8)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
-                return(-1);
-                }
-        i++; /* Skip over the '\0' */
-        j-=i;
-        if (j > tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
-                return(-1);
-                }
-        memcpy(to,p,(unsigned int)j);
-
-        return(j);
-        }
-
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
deleted file mode 100644
index 2815628f5f..0000000000
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* rsa_pss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-                        const EVP_MD *Hash, const unsigned char *EM, int sLen)
-        {
-        int i;
-        int ret = 0;
-        int hLen, maskedDBLen, MSBits, emLen;
-        const unsigned char *H;
-        unsigned char *DB = NULL;
-        EVP_MD_CTX ctx;
-        unsigned char H_[EVP_MAX_MD_SIZE];
-
-        hLen = EVP_MD_size(Hash);
-        /*
-         * Negative sLen has special meanings:
-         *      -1      sLen == hLen
-         *      -2      salt length is autorecovered from signature
-         *      -N      reserved
-         */
-        if      (sLen == -1)    sLen = hLen;
-        else if (sLen == -2)    sLen = -2;
-        else if (sLen < -2)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-                goto err;
-                }
-
-        MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-        emLen = RSA_size(rsa);
-        if (EM[0] & (0xFF << MSBits))
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
-                goto err;
-                }
-        if (MSBits == 0)
-                {
-                EM++;
-                emLen--;
-                }
-        if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
-                goto err;
-                }
-        if (EM[emLen - 1] != 0xbc)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
-                goto err;
-                }
-        maskedDBLen = emLen - hLen - 1;
-        H = EM + maskedDBLen;
-        DB = OPENSSL_malloc(maskedDBLen);
-        if (!DB)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
-        for (i = 0; i < maskedDBLen; i++)
-                DB[i] ^= EM[i];
-        if (MSBits)
-                DB[0] &= 0xFF >> (8 - MSBits);
-        for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
-        if (DB[i++] != 0x1)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
-                goto err;
-                }
-        if (sLen >= 0 && (maskedDBLen - i) != sLen)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-                goto err;
-                }
-        EVP_MD_CTX_init(&ctx);
-        EVP_DigestInit_ex(&ctx, Hash, NULL);
-        EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-        EVP_DigestUpdate(&ctx, mHash, hLen);
-        if (maskedDBLen - i)
-                EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
-        EVP_DigestFinal(&ctx, H_, NULL);
-        EVP_MD_CTX_cleanup(&ctx);
-        if (memcmp(H_, H, hLen))
-                {
-                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
-                ret = 0;
-                }
-        else 
-                ret = 1;
-
-        err:
-        if (DB)
-                OPENSSL_free(DB);
-
-        return ret;
-
-        }
-
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-                        const unsigned char *mHash,
-                        const EVP_MD *Hash, int sLen)
-        {
-        int i;
-        int ret = 0;
-        int hLen, maskedDBLen, MSBits, emLen;
-        unsigned char *H, *salt = NULL, *p;
-        EVP_MD_CTX ctx;
-
-        hLen = EVP_MD_size(Hash);
-        /*
-         * Negative sLen has special meanings:
-         *      -1      sLen == hLen
-         *      -2      salt length is maximized
-         *      -N      reserved
-         */
-        if      (sLen == -1)    sLen = hLen;
-        else if (sLen == -2)    sLen = -2;
-        else if (sLen < -2)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-                goto err;
-                }
-
-        MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-        emLen = RSA_size(rsa);
-        if (MSBits == 0)
-                {
-                *EM++ = 0;
-                emLen--;
-                }
-        if (sLen == -2)
-                {
-                sLen = emLen - hLen - 2;
-                }
-        else if (emLen < (hLen + sLen + 2))
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-                   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                goto err;
-                }
-        if (sLen > 0)
-                {
-                salt = OPENSSL_malloc(sLen);
-                if (!salt)
-                        {
-                        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-                                ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                if (!RAND_bytes(salt, sLen))
-                        goto err;
-                }
-        maskedDBLen = emLen - hLen - 1;
-        H = EM + maskedDBLen;
-        EVP_MD_CTX_init(&ctx);
-        EVP_DigestInit_ex(&ctx, Hash, NULL);
-        EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-        EVP_DigestUpdate(&ctx, mHash, hLen);
-        if (sLen)
-                EVP_DigestUpdate(&ctx, salt, sLen);
-        EVP_DigestFinal(&ctx, H, NULL);
-        EVP_MD_CTX_cleanup(&ctx);
-
-        /* Generate dbMask in place then perform XOR on it */
-        PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
-
-        p = EM;
-
-        /* Initial PS XORs with all zeroes which is a NOP so just update
-         * pointer. Note from a test above this value is guaranteed to
-         * be non-negative.
-         */
-        p += emLen - sLen - hLen - 2;
-        *p++ ^= 0x1;
-        if (sLen > 0)
-                {
-                for (i = 0; i < sLen; i++)
-                        *p++ ^= salt[i];
-                }
-        if (MSBits)
-                EM[0] &= 0xFF >> (8 - MSBits);
-
-        /* H is already in place so just set final 0xbc */
-
-        EM[emLen - 1] = 0xbc;
-
-        ret = 1;
-
-        err:
-        if (salt)
-                OPENSSL_free(salt);
-
-        return ret;
-
-        }
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
deleted file mode 100644
index 24fc94835e..0000000000
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int RSA_sign_ASN1_OCTET_STRING(int type,
-        const unsigned char *m, unsigned int m_len,
-        unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-        {
-        ASN1_OCTET_STRING sig;
-        int i,j,ret=1;
-        unsigned char *p,*s;
-
-        sig.type=V_ASN1_OCTET_STRING;
-        sig.length=m_len;
-        sig.data=(unsigned char *)m;
-
-        i=i2d_ASN1_OCTET_STRING(&sig,NULL);
-        j=RSA_size(rsa);
-        if (i > (j-RSA_PKCS1_PADDING_SIZE))
-                {
-                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-                return(0);
-                }
-        s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-        if (s == NULL)
-                {
-                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        p=s;
-        i2d_ASN1_OCTET_STRING(&sig,&p);
-        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-        if (i <= 0)
-                ret=0;
-        else
-                *siglen=i;
-
-        OPENSSL_cleanse(s,(unsigned int)j+1);
-        OPENSSL_free(s);
-        return(ret);
-        }
-
-int RSA_verify_ASN1_OCTET_STRING(int dtype,
-        const unsigned char *m,
-        unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-        RSA *rsa)
-        {
-        int i,ret=0;
-        unsigned char *p,*s;
-        ASN1_OCTET_STRING *sig=NULL;
-
-        if (siglen != (unsigned int)RSA_size(rsa))
-                {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
-                return(0);
-                }
-
-        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-        if (s == NULL)
-                {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-
-        if (i <= 0) goto err;
-
-        p=s;
-        sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
-        if (sig == NULL) goto err;
-
-        if (    ((unsigned int)sig->length != m_len) ||
-                (memcmp(m,sig->data,m_len) != 0))
-                {
-                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
-                }
-        else
-                ret=1;
-err:
-        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-        if (s != NULL)
-                {
-                OPENSSL_cleanse(s,(unsigned int)siglen);
-                OPENSSL_free(s);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
deleted file mode 100644
index db86f1ac58..0000000000
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-/* Size of an SSL signature: MD5+SHA1 */
-#define SSL_SIG_LENGTH  36
-
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-        {
-        X509_SIG sig;
-        ASN1_TYPE parameter;
-        int i,j,ret=1;
-        unsigned char *p, *tmps = NULL;
-        const unsigned char *s = NULL;
-        X509_ALGOR algor;
-        ASN1_OCTET_STRING digest;
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-                {
-                return rsa->meth->rsa_sign(type, m, m_len,
-                        sigret, siglen, rsa);
-                }
-        /* Special case: SSL signature, just check the length */
-        if(type == NID_md5_sha1) {
-                if(m_len != SSL_SIG_LENGTH) {
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
-                        return(0);
-                }
-                i = SSL_SIG_LENGTH;
-                s = m;
-        } else {
-                sig.algor= &algor;
-                sig.algor->algorithm=OBJ_nid2obj(type);
-                if (sig.algor->algorithm == NULL)
-                        {
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
-                        return(0);
-                        }
-                if (sig.algor->algorithm->length == 0)
-                        {
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                        return(0);
-                        }
-                parameter.type=V_ASN1_NULL;
-                parameter.value.ptr=NULL;
-                sig.algor->parameter= &parameter;
-
-                sig.digest= &digest;
-                sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
-                sig.digest->length=m_len;
-
-                i=i2d_X509_SIG(&sig,NULL);
-        }
-        j=RSA_size(rsa);
-        if (i > (j-RSA_PKCS1_PADDING_SIZE))
-                {
-                RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-                return(0);
-                }
-        if(type != NID_md5_sha1) {
-                tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-                if (tmps == NULL)
-                        {
-                        RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                p=tmps;
-                i2d_X509_SIG(&sig,&p);
-                s=tmps;
-        }
-        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-        if (i <= 0)
-                ret=0;
-        else
-                *siglen=i;
-
-        if(type != NID_md5_sha1) {
-                OPENSSL_cleanse(tmps,(unsigned int)j+1);
-                OPENSSL_free(tmps);
-        }
-        return(ret);
-        }
-
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-        {
-        int i,ret=0,sigtype;
-        unsigned char *p,*s;
-        X509_SIG *sig=NULL;
-
-        if (siglen != (unsigned int)RSA_size(rsa))
-                {
-                RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
-                return(0);
-                }
-
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-                {
-                return rsa->meth->rsa_verify(dtype, m, m_len,
-                        sigbuf, siglen, rsa);
-                }
-
-        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-        if (s == NULL)
-                {
-                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-                        goto err;
-        }
-        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-
-        if (i <= 0) goto err;
-
-        /* Special case: SSL signature */
-        if(dtype == NID_md5_sha1) {
-                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                else ret = 1;
-        } else {
-                p=s;
-                sig=d2i_X509_SIG(NULL,&p,(long)i);
-
-                if (sig == NULL) goto err;
-
-                /* Excess data can be used to create forgeries */
-                if(p != s+i)
-                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                        goto err;
-                        }
-
-                /* Parameters to the signature algorithm can also be used to
-                   create forgeries */
-                if(sig->algor->parameter
-                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
-                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                        goto err;
-                        }
-
-                sigtype=OBJ_obj2nid(sig->algor->algorithm);
-
-
-        #ifdef RSA_DEBUG
-                /* put a backward compatibility flag in EAY */
-                fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-                        OBJ_nid2ln(dtype));
-        #endif
-                if (sigtype != dtype)
-                        {
-                        if (((dtype == NID_md5) &&
-                                (sigtype == NID_md5WithRSAEncryption)) ||
-                                ((dtype == NID_md2) &&
-                                (sigtype == NID_md2WithRSAEncryption)))
-                                {
-                                /* ok, we will let it through */
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-                                fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
-#endif
-                                }
-                        else
-                                {
-                                RSAerr(RSA_F_RSA_VERIFY,
-                                                RSA_R_ALGORITHM_MISMATCH);
-                                goto err;
-                                }
-                        }
-                if (    ((unsigned int)sig->digest->length != m_len) ||
-                        (memcmp(m,sig->digest->data,m_len) != 0))
-                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                        }
-                else
-                        ret=1;
-        }
-err:
-        if (sig != NULL) X509_SIG_free(sig);
-        if (s != NULL)
-                {
-                OPENSSL_cleanse(s,(unsigned int)siglen);
-                OPENSSL_free(s);
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
deleted file mode 100644
index ea72629494..0000000000
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/rsa/rsa_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-        const unsigned char *from, int flen)
-        {
-        int i,j;
-        unsigned char *p;
-        
-        if (flen > (tlen-11))
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return(0);
-                }
-        
-        p=(unsigned char *)to;
-
-        *(p++)=0;
-        *(p++)=2; /* Public Key BT (Block Type) */
-
-        /* pad out with non-zero random data */
-        j=tlen-3-8-flen;
-
-        if (RAND_bytes(p,j) <= 0)
-                return(0);
-        for (i=0; i<j; i++)
-                {
-                if (*p == '\0')
-                        do      {
-                                if (RAND_bytes(p,1) <= 0)
-                                        return(0);
-                                } while (*p == '\0');
-                p++;
-                }
-
-        memset(p,3,8);
-        p+=8;
-        *(p++)='\0';
-
-        memcpy(p,from,(unsigned int)flen);
-        return(1);
-        }
-
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-        const unsigned char *from, int flen, int num)
-        {
-        int i,j,k;
-        const unsigned char *p;
-
-        p=from;
-        if (flen < 10)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
-                return(-1);
-                }
-        if ((num != (flen+1)) || (*(p++) != 02))
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
-                return(-1);
-                }
-
-        /* scan over padding data */
-        j=flen-1; /* one for type */
-        for (i=0; i<j; i++)
-                if (*(p++) == 0) break;
-
-        if ((i == j) || (i < 8))
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-                return(-1);
-                }
-        for (k= -8; k<0; k++)
-                {
-                if (p[k] !=  0x03) break;
-                }
-        if (k == -1)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
-                return(-1);
-                }
-
-        i++; /* Skip over the '\0' */
-        j-=i;
-        if (j > tlen)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
-                return(-1);
-                }
-        memcpy(to,p,(unsigned int)j);
-
-        return(j);
-        }
-
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
deleted file mode 100644
index df3c45f802..0000000000
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/* rsa_x931.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-
-int RSA_padding_add_X931(unsigned char *to, int tlen,
-             const unsigned char *from, int flen)
-        {
-        int j;
-        unsigned char *p;
-
-        /* Absolute minimum amount of padding is 1 header nibble, 1 padding
-         * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
-         */
-
-        j = tlen - flen - 2;
-
-        if (j < 0)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                return -1;
-                }
-        
-        p=(unsigned char *)to;
-
-        /* If no padding start and end nibbles are in one byte */
-        if (j == 0)
-                *p++ = 0x6A;
-        else
-                {
-                *p++ = 0x6B;
-                if (j > 1)
-                        {
-                        memset(p, 0xBB, j - 1);
-                        p += j - 1;
-                        }
-                *p++ = 0xBA;
-                }
-        memcpy(p,from,(unsigned int)flen);
-        p += flen;
-        *p = 0xCC;
-        return(1);
-        }
-
-int RSA_padding_check_X931(unsigned char *to, int tlen,
-             const unsigned char *from, int flen, int num)
-        {
-        int i,j;
-        const unsigned char *p;
-
-        p=from;
-        if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
-                return -1;
-                }
-
-        if (*p++ == 0x6B)
-                {
-                j=flen-3;
-                for (i = 0; i < j; i++)
-                        {
-                        unsigned char c = *p++;
-                        if (c == 0xBA)
-                                break;
-                        if (c != 0xBB)
-                                {
-                                RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-                                        RSA_R_INVALID_PADDING);
-                                return -1;
-                                }
-                        }
-
-                j -= i;
-
-                if (i == 0)
-                        {
-                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
-                        return -1;
-                        }
-
-                }
-        else j = flen - 2;
-
-        if (p[j] != 0xCC)
-                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
-                return -1;
-                }
-
-        memcpy(to,p,(unsigned int)j);
-
-        return(j);
-        }
-
-/* Translate between X931 hash ids and NIDs */
-
-int RSA_X931_hash_id(int nid)
-        {
-        switch (nid)
-                {
-                case NID_sha1:
-                return 0x33;
-
-                case NID_sha256:
-                return 0x34;
-
-                case NID_sha384:
-                return 0x36;
-
-                case NID_sha512:
-                return 0x35;
-
-                }
-        return -1;
-        }
-
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
deleted file mode 100644
index 041acc0348..0000000000
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ /dev/null
@@ -1,425 +0,0 @@
-#!/usr/local/bin/perl
-
-# It was noted that Intel IA-32 C compiler generates code which
-# performs ~30% *faster* on P4 CPU than original *hand-coded*
-# SHA1 assembler implementation. To address this problem (and
-# prove that humans are still better than machines:-), the
-# original code was overhauled, which resulted in following
-# performance changes:
-#
-#               compared with original  compared with Intel cc
-#               assembler impl.         generated code
-# Pentium       -25%                    +37%
-# PIII/AMD      +8%                     +16%
-# P4            +85%(!)                 +45%
-#
-# As you can see Pentium came out as looser:-( Yet I reckoned that
-# improvement on P4 outweights the loss and incorporate this
-# re-tuned code to 0.9.7 and later.
-# ----------------------------------------------------------------
-# Those who for any particular reason absolutely must score on
-# Pentium can replace this module with one from 0.9.6 distribution.
-# This "offer" shall be revoked the moment programming interface to
-# this module is changed, in which case this paragraph should be
-# removed.
-# ----------------------------------------------------------------
-#                                       <appro@fy.chalmers.se>
-
-$normal=0;
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
-
-$A="eax";
-$B="ecx";
-$C="ebx";
-$D="edx";
-$E="edi";
-$T="esi";
-$tmp1="ebp";
-
-$off=9*4;
-
-@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
-
-&sha1_block_data("sha1_block_asm_data_order");
-
-&asm_finish();
-
-sub Nn
-        {
-        local($p)=@_;
-        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
-        return($n{$p});
-        }
-
-sub Np
-        {
-        local($p)=@_;
-        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
-        local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
-        return($n{$p});
-        }
-
-sub Na
-        {
-        local($n)=@_;
-        return( (($n   )&0x0f),
-                (($n+ 2)&0x0f),
-                (($n+ 8)&0x0f),
-                (($n+13)&0x0f),
-                (($n+ 1)&0x0f));
-        }
-
-sub X_expand
-        {
-        local($in)=@_;
-
-        &comment("First, load the words onto the stack in network byte order");
-        for ($i=0; $i<16; $i+=2)
-                {
-                &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;
-                 &mov($B,&DWP(($i+1)*4,$in,"",0));
-                &bswap($A);
-                 &bswap($B);
-                &mov(&swtmp($i+0),$A);
-                 &mov(&swtmp($i+1),$B);
-                }
-
-        &comment("We now have the X array on the stack");
-        &comment("starting at sp-4");
-        }
-
-# Rules of engagement
-# F is always trashable at the start, the running total.
-# E becomes the next F so it can be trashed after it has been 'accumulated'
-# F becomes A in the next round.  We don't need to access it much.
-# During the X update part, the result ends up in $X[$n0].
-
-sub BODY_00_15
-        {
-        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-
-        &comment("00_15 $n");
-
-        &mov($tmp1,$a);
-         &mov($f,$c);                   # f to hold F_00_19(b,c,d)
-        &rotl($tmp1,5);                 # tmp1=ROTATE(a,5)
-         &xor($f,$d);
-        &and($f,$b);
-         &rotr($b,2);                   # b=ROTATE(b,30)
-        &add($tmp1,$e);                 # tmp1+=e;
-         &mov($e,&swtmp($n));           # e becomes volatile and
-                                        # is loaded with xi
-        &xor($f,$d);                    # f holds F_00_19(b,c,d)
-         &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
-        
-        &add($f,$tmp1);                 # f+=tmp1
-        }
-
-sub BODY_16_19
-        {
-        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-        local($n0,$n1,$n2,$n3,$np)=&Na($n);
-
-        &comment("16_19 $n");
-
-        &mov($f,&swtmp($n1));           # f to hold Xupdate(xi,xa,xb,xc,xd)
-         &mov($tmp1,$c);                # tmp1 to hold F_00_19(b,c,d)
-        &xor($f,&swtmp($n0));
-         &xor($tmp1,$d);
-        &xor($f,&swtmp($n2));
-         &and($tmp1,$b);                # tmp1 holds F_00_19(b,c,d)
-        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
-         &rotr($b,2);                   # b=ROTATE(b,30)
-        &xor($tmp1,$d);                 # tmp1=F_00_19(b,c,d)
-         &rotl($f,1);                   # f=ROATE(f,1)
-        &mov(&swtmp($n0),$f);           # xi=f
-        &lea($f,&DWP($K,$f,$e,1));      # f+=K_00_19+e
-         &mov($e,$a);                   # e becomes volatile
-        &add($f,$tmp1);                 # f+=F_00_19(b,c,d)
-         &rotl($e,5);                   # e=ROTATE(a,5)
-        &add($f,$e);                    # f+=ROTATE(a,5)
-        }
-
-sub BODY_20_39
-        {
-        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-
-        &comment("20_39 $n");
-        local($n0,$n1,$n2,$n3,$np)=&Na($n);
-
-        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
-         &mov($tmp1,$b);                # tmp1 to hold F_20_39(b,c,d)
-        &xor($f,&swtmp($n1));
-         &rotr($b,2);                   # b=ROTATE(b,30)
-        &xor($f,&swtmp($n2));
-         &xor($tmp1,$c);
-        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
-         &xor($tmp1,$d);                # tmp1 holds F_20_39(b,c,d)
-        &rotl($f,1);                    # f=ROTATE(f,1)
-        &mov(&swtmp($n0),$f);           # xi=f
-        &lea($f,&DWP($K,$f,$e,1));      # f+=K_20_39+e
-         &mov($e,$a);                   # e becomes volatile
-        &rotl($e,5);                    # e=ROTATE(a,5)
-         &add($f,$tmp1);                # f+=F_20_39(b,c,d)
-        &add($f,$e);                    # f+=ROTATE(a,5)
-        }
-
-sub BODY_40_59
-        {
-        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-
-        &comment("40_59 $n");
-        local($n0,$n1,$n2,$n3,$np)=&Na($n);
-
-        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
-         &mov($tmp1,$b);                # tmp1 to hold F_40_59(b,c,d)
-        &xor($f,&swtmp($n1));
-         &or($tmp1,$c);
-        &xor($f,&swtmp($n2));
-         &and($tmp1,$d);
-        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
-        &rotl($f,1);                    # f=ROTATE(f,1)
-        &mov(&swtmp($n0),$f);           # xi=f
-        &lea($f,&DWP($K,$f,$e,1));      # f+=K_40_59+e
-         &mov($e,$b);                   # e becomes volatile and is used
-                                        # to calculate F_40_59(b,c,d)
-        &rotr($b,2);                    # b=ROTATE(b,30)
-         &and($e,$c);
-        &or($tmp1,$e);                  # tmp1 holds F_40_59(b,c,d)             
-         &mov($e,$a);
-        &rotl($e,5);                    # e=ROTATE(a,5)
-        &add($tmp1,$e);                 # tmp1+=ROTATE(a,5)
-        &add($f,$tmp1);                 # f+=tmp1;
-        }
-
-sub BODY_60_79
-        {
-        &BODY_20_39(@_);
-        }
-
-sub sha1_block_host
-        {
-        local($name, $sclabel)=@_;
-
-        &function_begin_B($name,"");
-
-        # parameter 1 is the MD5_CTX structure.
-        # A     0
-        # B     4
-        # C     8
-        # D     12
-        # E     16
-
-        &mov("ecx",     &wparam(2));
-         &push("esi");
-        &shl("ecx",6);
-         &mov("esi",    &wparam(1));
-        &push("ebp");
-         &add("ecx","esi");     # offset to leave on
-        &push("ebx");
-         &mov("ebp",    &wparam(0));
-        &push("edi");
-         &mov($D,       &DWP(12,"ebp","",0));
-        &stack_push(18+9);
-         &mov($E,       &DWP(16,"ebp","",0));
-        &mov($C,        &DWP( 8,"ebp","",0));
-         &mov(&swtmp(17),"ecx");
-
-        &comment("First we need to setup the X array");
-
-        for ($i=0; $i<16; $i+=2)
-                {
-                &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;
-                 &mov($B,&DWP(($i+1)*4,"esi","",0));
-                &mov(&swtmp($i+0),$A);
-                 &mov(&swtmp($i+1),$B);
-                }
-        &jmp($sclabel);
-        &function_end_B($name);
-        }
-
-
-sub sha1_block_data
-        {
-        local($name)=@_;
-
-        &function_begin_B($name,"");
-
-        # parameter 1 is the MD5_CTX structure.
-        # A     0
-        # B     4
-        # C     8
-        # D     12
-        # E     16
-
-        &mov("ecx",     &wparam(2));
-         &push("esi");
-        &shl("ecx",6);
-         &mov("esi",    &wparam(1));
-        &push("ebp");
-         &add("ecx","esi");     # offset to leave on
-        &push("ebx");
-         &mov("ebp",    &wparam(0));
-        &push("edi");
-         &mov($D,       &DWP(12,"ebp","",0));
-        &stack_push(18+9);
-         &mov($E,       &DWP(16,"ebp","",0));
-        &mov($C,        &DWP( 8,"ebp","",0));
-         &mov(&swtmp(17),"ecx");
-
-        &comment("First we need to setup the X array");
-
-        &set_label("start") unless $normal;
-
-        &X_expand("esi");
-         &mov(&wparam(1),"esi");
-
-        &set_label("shortcut", 0, 1);
-        &comment("");
-        &comment("Start processing");
-
-        # odd start
-        &mov($A,        &DWP( 0,"ebp","",0));
-         &mov($B,       &DWP( 4,"ebp","",0));
-        $X="esp";
-        &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
-        &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
-        &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
-        &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
-        &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
-        &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
-        &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
-        &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
-        &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
-        &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
-        &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
-
-        &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
-
-        &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
-
-        &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
-
-        &comment("End processing");
-        &comment("");
-        # D is the tmp value
-
-        # E -> A
-        # T -> B
-        # A -> C
-        # B -> D
-        # C -> E
-        # D -> T
-
-        &mov($tmp1,&wparam(0));
-
-         &mov($D,       &DWP(12,$tmp1,"",0));
-        &add($D,$B);
-         &mov($B,       &DWP( 4,$tmp1,"",0));
-        &add($B,$T);
-         &mov($T,       $A);
-        &mov($A,        &DWP( 0,$tmp1,"",0));
-         &mov(&DWP(12,$tmp1,"",0),$D);
-
-        &add($A,$E);
-         &mov($E,       &DWP(16,$tmp1,"",0));
-        &add($E,$C);
-         &mov($C,       &DWP( 8,$tmp1,"",0));
-        &add($C,$T);
-
-         &mov(&DWP( 0,$tmp1,"",0),$A);
-        &mov("esi",&wparam(1));
-         &mov(&DWP( 8,$tmp1,"",0),$C);
-        &add("esi",64);
-         &mov("eax",&swtmp(17));
-        &mov(&DWP(16,$tmp1,"",0),$E);
-         &cmp("esi","eax");
-        &mov(&DWP( 4,$tmp1,"",0),$B);
-         &jb(&label("start"));
-
-        &stack_pop(18+9);
-         &pop("edi");
-        &pop("ebx");
-         &pop("ebp");
-        &pop("esi");
-         &ret();
-
-        # keep a note of shortcut label so it can be used outside
-        # block.
-        my $sclabel = &label("shortcut");
-
-        &function_end_B($name);
-        # Putting this here avoids problems with MASM in debugging mode
-        &sha1_block_host("sha1_block_asm_host_order", $sclabel);
-        }
-
diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
deleted file mode 100644
index cb9dfad124..0000000000
--- a/src/lib/libcrypto/sha/asm/sha1-ia64.pl
+++ /dev/null
@@ -1,549 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
-# ====================================================================
-#
-# Eternal question is what's wrong with compiler generated code? The
-# trick is that it's possible to reduce the number of shifts required
-# to perform rotations by maintaining copy of 32-bit value in upper
-# bits of 64-bit register. Just follow mux2 and shrp instructions...
-# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
-# is >50% better than HP C and >2x better than gcc. As of this moment
-# performance under little-endian OS such as Linux and Windows will be
-# a bit lower, because data has to be picked in reverse byte-order.
-# It's possible to resolve this issue by implementing third function,
-# sha1_block_asm_data_order_aligned, which would temporarily flip
-# BE field in User Mask register...
-
-$code=<<___;
-.ident  \"sha1-ia64.s, version 1.0\"
-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
-.explicit
-
-___
-
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-for (@ARGV) {   $big_endian=1 if (/\-DB_ENDIAN/);
-                $big_endian=0 if (/\-DL_ENDIAN/);   }
-if (!defined($big_endian))
-            {   $big_endian=(unpack('L',pack('N',1))==1);   }
-
-#$human=1;
-if ($human) {   # useful for visual code auditing...
-        ($A,$B,$C,$D,$E,$T)   = ("A","B","C","D","E","T");
-        ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
-        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-            (   "K_00_19","K_20_39","K_40_59","K_60_79" );
-        @X= (   "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
-                "X8", "X9","X10","X11","X12","X13","X14","X15"  );
-}
-else {
-        ($A,$B,$C,$D,$E,$T)   = ("loc0","loc1","loc2","loc3","loc4","loc5");
-        ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10");
-        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-            (   "r14", "r15", "loc11", "loc12"  );
-        @X= (   "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
-                "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"  );
-}
-
-sub BODY_00_15 {
-local   *code=shift;
-local   ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_;
-
-if ($unaligned) {
-        $code.=<<___;
-{ .mmi; ld1     tmp0=[inp],2                // MSB
-        ld1     tmp1=[tmp3],2           };;
-{ .mmi; ld1     tmp2=[inp],2
-        ld1     $X[$i&0xf]=[tmp3],2         // LSB
-        dep     tmp1=tmp0,tmp1,8,8      };;
-{ .mii; cmp.ne  p16,p0=r0,r0                // no misaligned prefetch
-        dep     $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;;
-        dep     $X[$i&0xf]=tmp1,$X[$i&0xf],16,16        };;
-{ .mmi; nop.m   0
-___
-        }
-elsif ($i<15) {
-        $code.=<<___;
-{ .mmi; ld4     $X[($i+1)&0xf]=[inp],4  // prefetch
-___
-        }
-else    {
-        $code.=<<___;
-{ .mmi; nop.m   0
-___
-        }
-if ($i<15) {
-        $code.=<<___;
-        and     tmp0=$c,$b
-        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mmi; andcm   tmp1=$d,$b
-        add     tmp4=$e,$K_00_19        };;
-{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-        add     $f=tmp4,$X[$i&0xf]          // f=xi+e+K_00_19
-        extr.u  tmp1=$a,27,5            };; // a>>27
-{ .mib; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mib; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-        mux2    $X[$i&0xf]=$X[$i&0xf],0x44
-        nop.i   0                       };;
-
-___
-        }
-else    {
-        $code.=<<___;
-        and     tmp0=$c,$b
-        dep.z   tmp5=$a,5,27            }   // a<<5 ;;?
-{ .mmi; andcm   tmp1=$d,$b
-        add     tmp4=$e,$K_00_19        };;
-{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-        add     $f=tmp4,$X[$i&0xf]          // f=xi+e+K_00_19
-        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-        nop.i   0                       };;
-{ .mmi; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
-        xor     tmp2=tmp2,tmp3              // +1
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-        mux2    $X[$i&0xf]=$X[$i&0xf],0x44  };;
-
-___
-        }
-}
-
-sub BODY_16_19 {
-local   *code=shift;
-local   ($i,$a,$b,$c,$d,$e,$f)=@_;
-
-$code.=<<___;
-{ .mmi; mov     $X[$i&0xf]=$f               // Xupdate
-        and     tmp0=$c,$b
-        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mmi; andcm   tmp1=$d,$b
-        add     tmp4=$e,$K_00_19        };;
-{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-        add     $f=$f,tmp4                  // f+=e+K_00_19
-        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-        nop.i   0                       };;
-{ .mmi; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
-        xor     tmp2=tmp2,tmp3              // +1
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-        nop.i   0                       };;
-
-___
-}
-
-sub BODY_20_39 {
-local   *code=shift;
-local   ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_;
-        $Konst = $K_20_39 if (!defined($Konst));
-
-if ($i<79) {
-$code.=<<___;
-{ .mib; mov     $X[$i&0xf]=$f               // Xupdate
-        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mib; xor     tmp0=$c,$b
-        add     tmp4=$e,$Konst          };;
-{ .mmi; xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
-        add     $f=$f,tmp4                  // f+=e+K_20_39
-        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-        nop.i   0                       };;
-{ .mmi; add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
-        xor     tmp2=tmp2,tmp3              // +1
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-        nop.i   0                       };;
-
-___
-}
-else {
-$code.=<<___;
-{ .mib; mov     $X[$i&0xf]=$f               // Xupdate
-        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mib; xor     tmp0=$c,$b
-        add     tmp4=$e,$Konst          };;
-{ .mib; xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
-        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mib; add     $f=$f,tmp4                  // f+=e+K_20_39
-        add     $h1=$h1,$a              };; // wrap up
-{ .mmi;
-(p16)   ld4.s   $X[0]=[inp],4               // non-faulting prefetch
-        add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30) ;;?
-{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        add     $h3=$h3,$c              };; // wrap up
-{ .mib; add     tmp3=1,inp                  // used in unaligned codepath
-        add     $f=$f,tmp1              }   // f+=ROTATE(a,5)
-{ .mib; add     $h2=$h2,$b                  // wrap up
-        add     $h4=$h4,$d              };; // wrap up
-
-___
-}
-}
-
-sub BODY_40_59 {
-local   *code=shift;
-local   ($i,$a,$b,$c,$d,$e,$f)=@_;
-
-$code.=<<___;
-{ .mmi; mov     $X[$i&0xf]=$f               // Xupdate
-        and     tmp0=$c,$b
-        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mmi; and     tmp1=$d,$b
-        add     tmp4=$e,$K_40_59        };;
-{ .mmi; or      tmp0=tmp0,tmp1              // (b&c)|(b&d)
-        add     $f=$f,tmp4                  // f+=e+K_40_59
-        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi; and     tmp4=$c,$d
-        xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-        };;
-{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-        xor     tmp2=tmp2,tmp3              // +1
-        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi; or      tmp0=tmp0,tmp4              // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d)
-        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii; add     $f=$f,tmp0                  // f+=F_40_59(b,c,d)
-        shrp    $e=tmp2,tmp2,31;;           // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-        add     $f=$f,tmp1              };; // f+=ROTATE(a,5)
-
-___
-}
-sub BODY_60_79  { &BODY_20_39(@_,$K_60_79); }
-
-$code.=<<___;
-.text
-
-tmp0=r8;
-tmp1=r9;
-tmp2=r10;
-tmp3=r11;
-ctx=r32;        // in0
-inp=r33;        // in1
-
-// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num);
-.global sha1_block_asm_host_order#
-.proc   sha1_block_asm_host_order#
-.align  32
-sha1_block_asm_host_order:
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r0
-        .save   ar.lc,r3
-{ .mmi; alloc   tmp1=ar.pfs,3,15,0,0
-        $ADDP   tmp0=4,ctx
-        mov     r3=ar.lc                }
-{ .mmi; $ADDP   ctx=0,ctx
-        $ADDP   inp=0,inp
-        mov     r2=pr                   };;
-tmp4=in2;
-tmp5=loc13;
-tmp6=loc14;
-        .body
-{ .mlx; ld4     $h0=[ctx],8
-        movl    $K_00_19=0x5a827999     }
-{ .mlx; ld4     $h1=[tmp0],8
-        movl    $K_20_39=0x6ed9eba1     };;
-{ .mlx; ld4     $h2=[ctx],8
-        movl    $K_40_59=0x8f1bbcdc     }
-{ .mlx; ld4     $h3=[tmp0]
-        movl    $K_60_79=0xca62c1d6     };;
-{ .mmi; ld4     $h4=[ctx],-16
-        add     in2=-1,in2                  // adjust num for ar.lc
-        mov     ar.ec=1                 };;
-{ .mmi; ld4     $X[0]=[inp],4               // prefetch
-        cmp.ne  p16,p0=r0,in2               // prefecth at loop end
-        mov     ar.lc=in2               };; // brp.loop.imp: too far
-
-.Lhtop:
-{ .mmi; mov     $A=$h0
-        mov     $B=$h1
-        mux2    tmp6=$h1,0x44           }
-{ .mmi; mov     $C=$h2
-        mov     $D=$h3
-        mov     $E=$h4                  };;
-
-___
-
-        &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C);
-        &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B);
-        &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A);
-        &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C);
-        &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B);
-        &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A);
-        &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T);
-        &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E);
-        &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D);
-        &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C);
-
-        &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
-        &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
-        &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
-        &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
-
-        &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
-
-        &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
-
-        &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
-
-$code.=<<___;
-{ .mmb; add     $h0=$h0,$E
-        nop.m   0
-        br.ctop.dptk.many       .Lhtop  };;
-.Lhend:
-{ .mmi; add     tmp0=4,ctx
-        mov     ar.lc=r3                };;
-{ .mmi; st4     [ctx]=$h0,8
-        st4     [tmp0]=$h1,8            };;
-{ .mmi; st4     [ctx]=$h2,8
-        st4     [tmp0]=$h3              };;
-{ .mib; st4     [ctx]=$h4,-16
-        mov     pr=r2,0x1ffff
-        br.ret.sptk.many        b0      };;
-.endp   sha1_block_asm_host_order#
-___
-
-
-$code.=<<___;
-// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num);
-.global sha1_block_asm_data_order#
-.proc   sha1_block_asm_data_order#
-.align  32
-sha1_block_asm_data_order:
-___
-$code.=<<___ if ($big_endian);
-{ .mmi; and     r2=3,inp                                };;
-{ .mib; cmp.eq  p6,p0=r0,r2
-(p6)    br.dptk.many    sha1_block_asm_host_order       };;
-___
-$code.=<<___;
-        .prologue
-        .fframe 0
-        .save   ar.pfs,r0
-        .save   ar.lc,r3
-{ .mmi; alloc   tmp1=ar.pfs,3,15,0,0
-        $ADDP   tmp0=4,ctx
-        mov     r3=ar.lc                }
-{ .mmi; $ADDP   ctx=0,ctx
-        $ADDP   inp=0,inp
-        mov     r2=pr                   };;
-tmp4=in2;
-tmp5=loc13;
-tmp6=loc14;
-        .body
-{ .mlx; ld4     $h0=[ctx],8
-        movl    $K_00_19=0x5a827999     }
-{ .mlx; ld4     $h1=[tmp0],8
-        movl    $K_20_39=0x6ed9eba1     };;
-{ .mlx; ld4     $h2=[ctx],8
-        movl    $K_40_59=0x8f1bbcdc     }
-{ .mlx; ld4     $h3=[tmp0]
-        movl    $K_60_79=0xca62c1d6     };;
-{ .mmi; ld4     $h4=[ctx],-16
-        add     in2=-1,in2                  // adjust num for ar.lc
-        mov     ar.ec=1                 };;
-{ .mmi; nop.m   0
-        add     tmp3=1,inp
-        mov     ar.lc=in2               };; // brp.loop.imp: too far
-
-.Ldtop:
-{ .mmi; mov     $A=$h0
-        mov     $B=$h1
-        mux2    tmp6=$h1,0x44           }
-{ .mmi; mov     $C=$h2
-        mov     $D=$h3
-        mov     $E=$h4                  };;
-
-___
-
-        &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1);
-        &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1);
-        &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1);
-        &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1);
-        &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1);
-        &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1);
-        &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1);
-        &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1);
-        &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1);
-        &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1);
-        &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1);
-        &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1);
-        &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1);
-        &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1);
-        &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1);
-        &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1);
-
-        &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
-        &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
-        &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
-        &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
-
-        &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
-        &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
-        &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
-        &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
-        &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
-        &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
-        &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
-
-        &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
-        &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
-        &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
-        &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
-        &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
-        &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
-        &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
-
-        &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
-        &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
-        &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
-        &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
-        &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
-        &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
-        &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
-
-$code.=<<___;
-{ .mmb; add     $h0=$h0,$E
-        nop.m   0
-        br.ctop.dptk.many       .Ldtop  };;
-.Ldend:
-{ .mmi; add     tmp0=4,ctx
-        mov     ar.lc=r3                };;
-{ .mmi; st4     [ctx]=$h0,8
-        st4     [tmp0]=$h1,8            };;
-{ .mmi; st4     [ctx]=$h2,8
-        st4     [tmp0]=$h3              };;
-{ .mib; st4     [ctx]=$h4,-16
-        mov     pr=r2,0x1ffff
-        br.ret.sptk.many        b0      };;
-.endp   sha1_block_asm_data_order#
-___
-
-print $code;
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
deleted file mode 100644
index 79c07b0fd1..0000000000
--- a/src/lib/libcrypto/sha/sha.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* crypto/sha/sha.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SHA_H
-#define HEADER_SHA_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-#error SHA is disabled.
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T unsigned long
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! SHA_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define SHA_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define SHA_LONG unsigned long
-#define SHA_LONG_LOG2 3
-#else
-#define SHA_LONG unsigned int
-#endif
-
-#define SHA_LBLOCK      16
-#define SHA_CBLOCK      (SHA_LBLOCK*4)  /* SHA treats input data as a
-                                         * contiguous array of 32 bit
-                                         * wide big-endian values. */
-#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
-#define SHA_DIGEST_LENGTH 20
-
-typedef struct SHAstate_st
-        {
-        SHA_LONG h0,h1,h2,h3,h4;
-        SHA_LONG Nl,Nh;
-        SHA_LONG data[SHA_LBLOCK];
-        int num;
-        } SHA_CTX;
-
-#ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-#ifndef OPENSSL_NO_SHA1
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
deleted file mode 100644
index f4694b701b..0000000000
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/* crypto/sha/sha1_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
-unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
-        {
-        SHA_CTX c;
-        static unsigned char m[SHA_DIGEST_LENGTH];
-
-        if (md == NULL) md=m;
-        if (!SHA1_Init(&c))
-                return NULL;
-        SHA1_Update(&c,d,n);
-        SHA1_Final(md,&c);
-        OPENSSL_cleanse(&c,sizeof(c));
-        return(md);
-        }
-#endif
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
deleted file mode 100644
index 1e2009b760..0000000000
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-#undef  SHA_0
-#define SHA_1
-
-#include <openssl/opensslv.h>
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-#include "sha_locl.h"
-
-#else /* ndef OPENSSL_FIPS */
-
-static void *dummy=&dummy;
-
-#endif /* ndef OPENSSL_FIPS */
-
-#endif
-
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
deleted file mode 100644
index a3623f72da..0000000000
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ /dev/null
@@ -1,481 +0,0 @@
-/* crypto/sha/sha_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-#include <openssl/sha.h>
-
-#ifndef SHA_LONG_LOG2
-#define SHA_LONG_LOG2   2       /* default to 32 bits */
-#endif
-
-#define DATA_ORDER_IS_BIG_ENDIAN
-
-#define HASH_LONG               SHA_LONG
-#define HASH_LONG_LOG2          SHA_LONG_LOG2
-#define HASH_CTX                SHA_CTX
-#define HASH_CBLOCK             SHA_CBLOCK
-#define HASH_LBLOCK             SHA_LBLOCK
-#define HASH_MAKE_STRING(c,s)   do {    \
-        unsigned long ll;               \
-        ll=(c)->h0; HOST_l2c(ll,(s));   \
-        ll=(c)->h1; HOST_l2c(ll,(s));   \
-        ll=(c)->h2; HOST_l2c(ll,(s));   \
-        ll=(c)->h3; HOST_l2c(ll,(s));   \
-        ll=(c)->h4; HOST_l2c(ll,(s));   \
-        } while (0)
-
-#if defined(SHA_0)
-
-# define HASH_UPDATE                    SHA_Update
-# define HASH_TRANSFORM                 SHA_Transform
-# define HASH_FINAL                     SHA_Final
-# define HASH_INIT                      SHA_Init
-# define HASH_BLOCK_HOST_ORDER          sha_block_host_order
-# define HASH_BLOCK_DATA_ORDER          sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id)      (ix=(a)=(ia^ib^ic^id))
-
-  void sha_block_host_order (SHA_CTX *c, const void *p,int num);
-  void sha_block_data_order (SHA_CTX *c, const void *p,int num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE                    SHA1_Update
-# define HASH_TRANSFORM                 SHA1_Transform
-# define HASH_FINAL                     SHA1_Final
-# define HASH_INIT                      SHA1_Init
-# define HASH_BLOCK_HOST_ORDER          sha1_block_host_order
-# define HASH_BLOCK_DATA_ORDER          sha1_block_data_order
-# if defined(__MWERKS__) && defined(__MC68K__)
-   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
-#  define Xupdate(a,ix,ia,ib,ic,id)     do { (a)=(ia^ib^ic^id);         \
-                                             ix=(a)=ROTATE((a),1);      \
-                                        } while (0)
-# else
-#  define Xupdate(a,ix,ia,ib,ic,id)     ( (a)=(ia^ib^ic^id),    \
-                                          ix=(a)=ROTATE((a),1)  \
-                                        )
-# endif
-
-# ifdef SHA1_ASM
-#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#   define sha1_block_host_order                sha1_block_asm_host_order
-#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
-#   define sha1_block_data_order                sha1_block_asm_data_order
-#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
-#   define HASH_BLOCK_DATA_ORDER_ALIGNED        sha1_block_asm_data_order
-#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-#   define sha1_block_host_order                sha1_block_asm_host_order
-#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
-#   define sha1_block_data_order                sha1_block_asm_data_order
-#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
-#  endif
-# endif
-  void sha1_block_host_order (SHA_CTX *c, const void *p,int num);
-  void sha1_block_data_order (SHA_CTX *c, const void *p,int num);
-
-#else
-# error "Either SHA_0 or SHA_1 must be defined."
-#endif
-
-#include "md32_common.h"
-
-#define INIT_DATA_h0 0x67452301UL
-#define INIT_DATA_h1 0xefcdab89UL
-#define INIT_DATA_h2 0x98badcfeUL
-#define INIT_DATA_h3 0x10325476UL
-#define INIT_DATA_h4 0xc3d2e1f0UL
-
-#if defined(SHA_0) && defined(OPENSSL_FIPS)
-FIPS_NON_FIPS_MD_Init(SHA)
-#else
-int HASH_INIT (SHA_CTX *c)
-#endif
-        {
-        c->h0=INIT_DATA_h0;
-        c->h1=INIT_DATA_h1;
-        c->h2=INIT_DATA_h2;
-        c->h3=INIT_DATA_h3;
-        c->h4=INIT_DATA_h4;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
-        return 1;
-        }
-
-#define K_00_19 0x5a827999UL
-#define K_20_39 0x6ed9eba1UL
-#define K_40_59 0x8f1bbcdcUL
-#define K_60_79 0xca62c1d6UL
-
-/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
- * simplified to the code in F_00_19.  Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d)) 
-#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d))) 
-#define F_60_79(b,c,d)  F_20_39(b,c,d)
-
-#define BODY_00_15(i,a,b,c,d,e,f,xi) \
-        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
-        Xupdate(f,xi,xa,xb,xc,xd); \
-        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
-        Xupdate(f,xi,xa,xb,xc,xd); \
-        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-        Xupdate(f,xa,xa,xb,xc,xd); \
-        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-        Xupdate(f,xa,xa,xb,xc,xd); \
-        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-        Xupdate(f,xa,xa,xb,xc,xd); \
-        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-
-#ifdef X
-#undef X
-#endif
-#ifndef MD32_XARRAY
-  /*
-   * Originally X was an array. As it's automatic it's natural
-   * to expect RISC compiler to accomodate at least part of it in
-   * the register bank, isn't it? Unfortunately not all compilers
-   * "find" this expectation reasonable:-( On order to make such
-   * compilers generate better code I replace X[] with a bunch of
-   * X0, X1, etc. See the function body below...
-   *                                    <appro@fy.chalmers.se>
-   */
-# define X(i)   XX##i
-#else
-  /*
-   * However! Some compilers (most notably HP C) get overwhelmed by
-   * that many local variables so that we have to have the way to
-   * fall down to the original behavior.
-   */
-# define X(i)   XX[i]
-#endif
-
-#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
-        {
-        const SHA_LONG *W=d;
-        register unsigned MD32_REG_T A,B,C,D,E,T;
-#ifndef MD32_XARRAY
-        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-#else
-        SHA_LONG        XX[16];
-#endif
-
-        A=c->h0;
-        B=c->h1;
-        C=c->h2;
-        D=c->h3;
-        E=c->h4;
-
-        for (;;)
-                {
-        BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
-        BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
-        BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
-        BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
-        BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
-        BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
-        BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
-        BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
-        BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
-        BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
-        BODY_00_15(10,C,D,E,T,A,B,W[10]);
-        BODY_00_15(11,B,C,D,E,T,A,W[11]);
-        BODY_00_15(12,A,B,C,D,E,T,W[12]);
-        BODY_00_15(13,T,A,B,C,D,E,W[13]);
-        BODY_00_15(14,E,T,A,B,C,D,W[14]);
-        BODY_00_15(15,D,E,T,A,B,C,W[15]);
-
-        BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
-        BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
-        BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
-        BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
-
-        BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
-        BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
-        BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
-        BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
-        BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
-        BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
-        BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
-        BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
-        BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
-        BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
-        BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
-        BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
-
-        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
-        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
-        BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
-        BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
-        BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
-        BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
-        BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
-        BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
-
-        BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
-        BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
-        BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
-        BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
-        BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
-        BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
-        BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
-        BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
-        BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
-        BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
-        BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
-        BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
-        BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
-        BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
-        BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
-        BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
-        BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
-        BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
-        BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
-        BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
-
-        BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
-        BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
-        BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
-        BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
-        BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
-        BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
-        BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
-        BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
-        BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
-        BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
-        BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
-        BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
-        BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
-        BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
-        BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
-        BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
-        BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
-        BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
-        BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
-        BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
-        
-        c->h0=(c->h0+E)&0xffffffffL; 
-        c->h1=(c->h1+T)&0xffffffffL;
-        c->h2=(c->h2+A)&0xffffffffL;
-        c->h3=(c->h3+B)&0xffffffffL;
-        c->h4=(c->h4+C)&0xffffffffL;
-
-        if (--num <= 0) break;
-
-        A=c->h0;
-        B=c->h1;
-        C=c->h2;
-        D=c->h3;
-        E=c->h4;
-
-        W+=SHA_LBLOCK;
-                }
-        }
-#endif
-
-#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
-void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
-        {
-        const unsigned char *data=p;
-        register unsigned MD32_REG_T A,B,C,D,E,T,l;
-#ifndef MD32_XARRAY
-        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-#else
-        SHA_LONG        XX[16];
-#endif
-
-        A=c->h0;
-        B=c->h1;
-        C=c->h2;
-        D=c->h3;
-        E=c->h4;
-
-        for (;;)
-                {
-
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-        BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-        BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-        BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-        BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-        BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-        BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-        BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-        BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
-        BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-        BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-        BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-        BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-        BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-        BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
-        BODY_00_15(14,E,T,A,B,C,D,X(14));
-        BODY_00_15(15,D,E,T,A,B,C,X(15));
-
-        BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
-        BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
-        BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
-        BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
-
-        BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
-        BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
-        BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
-        BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
-        BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
-        BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
-        BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
-        BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
-        BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
-        BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
-        BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
-        BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
-
-        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
-        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
-        BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
-        BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
-        BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
-        BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
-        BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
-        BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
-
-        BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
-        BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
-        BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
-        BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
-        BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
-        BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
-        BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
-        BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
-        BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
-        BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
-        BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
-        BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
-        BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
-        BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
-        BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
-        BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
-        BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
-        BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
-        BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
-        BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
-
-        BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
-        BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
-        BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
-        BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
-        BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
-        BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
-        BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
-        BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
-        BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
-        BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
-        BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
-        BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
-        BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
-        BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
-        BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
-        BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
-        BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
-        BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
-        BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
-        BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
-        
-        c->h0=(c->h0+E)&0xffffffffL; 
-        c->h1=(c->h1+T)&0xffffffffL;
-        c->h2=(c->h2+A)&0xffffffffL;
-        c->h3=(c->h3+B)&0xffffffffL;
-        c->h4=(c->h4+C)&0xffffffffL;
-
-        if (--num <= 0) break;
-
-        A=c->h0;
-        B=c->h1;
-        C=c->h2;
-        D=c->h3;
-        E=c->h4;
-
-                }
-        }
-#endif
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
deleted file mode 100644
index 6010b7f122..0000000000
--- a/src/lib/libcrypto/stack/safestack.h
+++ /dev/null
@@ -1,1574 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SAFESTACK_H
-#define HEADER_SAFESTACK_H
-
-typedef void (*openssl_fptr)(void);
-#define openssl_fcast(f) ((openssl_fptr)f)
-
-#include <openssl/stack.h>
-
-#ifdef DEBUG_SAFESTACK
-
-#define STACK_OF(type) struct stack_st_##type
-#define PREDECLARE_STACK_OF(type) STACK_OF(type);
-
-#define DECLARE_STACK_OF(type) \
-STACK_OF(type) \
-    { \
-    STACK stack; \
-    };
-
-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
-
-/* SKM_sk_... stack macros are internal to safestack.h:
- * never use them directly, use sk_<type>_... instead */
-#define SKM_sk_new(type, cmp) \
-        ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
-#define SKM_sk_new_null(type) \
-        ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
-#define SKM_sk_free(type, st) \
-        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
-#define SKM_sk_num(type, st) \
-        ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
-#define SKM_sk_value(type, st,i) \
-        ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
-#define SKM_sk_set(type, st,i,val) \
-        ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
-#define SKM_sk_zero(type, st) \
-        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
-#define SKM_sk_push(type, st,val) \
-        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
-#define SKM_sk_unshift(type, st,val) \
-        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
-#define SKM_sk_find(type, st,val) \
-        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
-#define SKM_sk_delete(type, st,i) \
-        ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
-#define SKM_sk_delete_ptr(type, st,ptr) \
-        ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
-#define SKM_sk_insert(type, st,val,i) \
-        ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
-        ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
-          (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
-        (st, cmp)
-#define SKM_sk_dup(type, st) \
-        ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
-#define SKM_sk_pop_free(type, st,free_func) \
-        ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
-        (st, free_func)
-#define SKM_sk_shift(type, st) \
-        ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
-#define SKM_sk_pop(type, st) \
-        ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
-#define SKM_sk_sort(type, st) \
-        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
-#define SKM_sk_is_sorted(type, st) \
-        ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
-
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
-                                       type *(*)(type **, unsigned char **,long), \
-                                       void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
-                                                (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        ((int (*)(STACK_OF(type) *,unsigned char **, \
-                           int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
-                                                (st,pp,i2d_func,ex_tag,ex_class,is_set)
-
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ((unsigned char *(*)(STACK_OF(type) *, \
-                                    int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
-                                (st, i2d_func, buf, len)
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        ((STACK_OF(type) * (*)(unsigned char *,int, \
-                                       type *(*)(type **,unsigned char **, long), \
-                                       void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
-                                        (buf,len,d2i_func, free_func)
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        ((STACK_OF(type) * (*)(X509_ALGOR *, \
-                                type *(*)(type **, unsigned char **, long), void (*)(type *), \
-                                const char *, int, \
-                                ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
-                                (algor,d2i_func,free_func,pass,passlen,oct,seq)
-
-#else
-
-#define STACK_OF(type) STACK
-#define PREDECLARE_STACK_OF(type) /* nada */
-#define DECLARE_STACK_OF(type)    /* nada */
-#define IMPLEMENT_STACK_OF(type)  /* nada */
-
-#define SKM_sk_new(type, cmp) \
-        sk_new((int (*)(const char * const *, const char * const *))(cmp))
-#define SKM_sk_new_null(type) \
-        sk_new_null()
-#define SKM_sk_free(type, st) \
-        sk_free(st)
-#define SKM_sk_num(type, st) \
-        sk_num(st)
-#define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(st, i))
-#define SKM_sk_set(type, st,i,val) \
-        ((type *)sk_set(st, i,(char *)val))
-#define SKM_sk_zero(type, st) \
-        sk_zero(st)
-#define SKM_sk_push(type, st,val) \
-        sk_push(st, (char *)val)
-#define SKM_sk_unshift(type, st,val) \
-        sk_unshift(st, val)
-#define SKM_sk_find(type, st,val) \
-        sk_find(st, (char *)val)
-#define SKM_sk_delete(type, st,i) \
-        ((type *)sk_delete(st, i))
-#define SKM_sk_delete_ptr(type, st,ptr) \
-        ((type *)sk_delete_ptr(st,(char *)ptr))
-#define SKM_sk_insert(type, st,val,i) \
-        sk_insert(st, (char *)val, i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
-        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
-#define SKM_sk_dup(type, st) \
-        sk_dup(st)
-#define SKM_sk_pop_free(type, st,free_func) \
-        sk_pop_free(st, (void (*)(void *))free_func)
-#define SKM_sk_shift(type, st) \
-        ((type *)sk_shift(st))
-#define SKM_sk_pop(type, st) \
-        ((type *)sk_pop(st))
-#define SKM_sk_sort(type, st) \
-        sk_sort(st)
-#define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(st)
-
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set)
-
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(st, i2d_func, buf, len)
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func)
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
-
-#endif
-
-/* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-
-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-
-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-
-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-
-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-
-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-
-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-
-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
-#define sk_BIO_new_null() SKM_sk_new_null(BIO)
-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-
-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-
-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-
-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-
-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-
-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-
-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-
-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-
-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-
-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-
-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-
-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-
-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-
-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-
-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-
-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-
-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-
-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-
-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-
-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-
-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-
-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-
-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-
-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-
-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-
-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-
-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-
-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-
-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-
-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-
-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-
-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-
-#define sk_X509_new(st) SKM_sk_new(X509, (st))
-#define sk_X509_new_null() SKM_sk_new_null(X509)
-#define sk_X509_free(st) SKM_sk_free(X509, (st))
-#define sk_X509_num(st) SKM_sk_num(X509, (st))
-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
-#define sk_X509_dup(st) SKM_sk_dup(X509, st)
-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-
-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-
-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-
-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-
-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-
-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-
-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-
-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-
-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-
-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-
-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-
-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-
-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-
-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
-        SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
-        SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-
-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-/* End of util/mkstack.pl block, you may now edit :-) */
-
-#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c
deleted file mode 100644
index c7173eb6ab..0000000000
--- a/src/lib/libcrypto/stack/stack.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/* crypto/stack/stack.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for stacks
- * Author - Eric Young v 1.0
- * 1.2 eay 12-Mar-97 -  Modified sk_find so that it _DOES_ return the
- *                      lowest index for the searched item.
- *
- * 1.1 eay - Take from netdb and added to SSLeay
- *
- * 1.0 eay - First version 29/07/92
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-
-#undef MIN_NODES
-#define MIN_NODES       4
-
-const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
-
-#include <errno.h>
-
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
-                (const char * const *, const char * const *)
-        {
-        int (*old)(const char * const *,const char * const *)=sk->comp;
-
-        if (sk->comp != c)
-                sk->sorted=0;
-        sk->comp=c;
-
-        return old;
-        }
-
-STACK *sk_dup(STACK *sk)
-        {
-        STACK *ret;
-        char **s;
-
-        if ((ret=sk_new(sk->comp)) == NULL) goto err;
-        s=(char **)OPENSSL_realloc((char *)ret->data,
-                (unsigned int)sizeof(char *)*sk->num_alloc);
-        if (s == NULL) goto err;
-        ret->data=s;
-
-        ret->num=sk->num;
-        memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
-        ret->sorted=sk->sorted;
-        ret->num_alloc=sk->num_alloc;
-        ret->comp=sk->comp;
-        return(ret);
-err:
-        if(ret)
-                sk_free(ret);
-        return(NULL);
-        }
-
-STACK *sk_new_null(void)
-        {
-        return sk_new((int (*)(const char * const *, const char * const *))0);
-        }
-
-STACK *sk_new(int (*c)(const char * const *, const char * const *))
-        {
-        STACK *ret;
-        int i;
-
-        if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
-                goto err;
-        if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
-                goto err;
-        for (i=0; i<MIN_NODES; i++)
-                ret->data[i]=NULL;
-        ret->comp=c;
-        ret->num_alloc=MIN_NODES;
-        ret->num=0;
-        ret->sorted=0;
-        return(ret);
-err:
-        if(ret)
-                OPENSSL_free(ret);
-        return(NULL);
-        }
-
-int sk_insert(STACK *st, char *data, int loc)
-        {
-        char **s;
-
-        if(st == NULL) return 0;
-        if (st->num_alloc <= st->num+1)
-                {
-                s=(char **)OPENSSL_realloc((char *)st->data,
-                        (unsigned int)sizeof(char *)*st->num_alloc*2);
-                if (s == NULL)
-                        return(0);
-                st->data=s;
-                st->num_alloc*=2;
-                }
-        if ((loc >= (int)st->num) || (loc < 0))
-                st->data[st->num]=data;
-        else
-                {
-                int i;
-                char **f,**t;
-
-                f=(char **)st->data;
-                t=(char **)&(st->data[1]);
-                for (i=st->num; i>=loc; i--)
-                        t[i]=f[i];
-                        
-#ifdef undef /* no memmove on sunos :-( */
-                memmove( (char *)&(st->data[loc+1]),
-                        (char *)&(st->data[loc]),
-                        sizeof(char *)*(st->num-loc));
-#endif
-                st->data[loc]=data;
-                }
-        st->num++;
-        st->sorted=0;
-        return(st->num);
-        }
-
-char *sk_delete_ptr(STACK *st, char *p)
-        {
-        int i;
-
-        for (i=0; i<st->num; i++)
-                if (st->data[i] == p)
-                        return(sk_delete(st,i));
-        return(NULL);
-        }
-
-char *sk_delete(STACK *st, int loc)
-        {
-        char *ret;
-        int i,j;
-
-        if(!st || (loc < 0) || (loc >= st->num)) return NULL;
-
-        ret=st->data[loc];
-        if (loc != st->num-1)
-                {
-                j=st->num-1;
-                for (i=loc; i<j; i++)
-                        st->data[i]=st->data[i+1];
-                /* In theory memcpy is not safe for this
-                 * memcpy( &(st->data[loc]),
-                 *      &(st->data[loc+1]),
-                 *      sizeof(char *)*(st->num-loc-1));
-                 */
-                }
-        st->num--;
-        return(ret);
-        }
-
-int sk_find(STACK *st, char *data)
-        {
-        char **r;
-        int i;
-        int (*comp_func)(const void *,const void *);
-        if(st == NULL) return -1;
-
-        if (st->comp == NULL)
-                {
-                for (i=0; i<st->num; i++)
-                        if (st->data[i] == data)
-                                return(i);
-                return(-1);
-                }
-        sk_sort(st);
-        if (data == NULL) return(-1);
-        /* This (and the "qsort" below) are the two places in OpenSSL
-         * where we need to convert from our standard (type **,type **)
-         * compare callback type to the (void *,void *) type required by
-         * bsearch. However, the "data" it is being called(back) with are
-         * not (type *) pointers, but the *pointers* to (type *) pointers,
-         * so we get our extra level of pointer dereferencing that way. */
-        comp_func=(int (*)(const void *,const void *))(st->comp);
-        r=(char **)bsearch(&data,(char *)st->data,
-                st->num,sizeof(char *), comp_func);
-        if (r == NULL) return(-1);
-        i=(int)(r-st->data);
-        for ( ; i>0; i--)
-                /* This needs a cast because the type being pointed to from
-                 * the "&" expressions are (char *) rather than (const char *).
-                 * For an explanation, read:
-                 * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */
-                if ((*st->comp)((const char * const *)&(st->data[i-1]),
-                                (const char * const *)&data) < 0)
-                        break;
-        return(i);
-        }
-
-int sk_push(STACK *st, char *data)
-        {
-        return(sk_insert(st,data,st->num));
-        }
-
-int sk_unshift(STACK *st, char *data)
-        {
-        return(sk_insert(st,data,0));
-        }
-
-char *sk_shift(STACK *st)
-        {
-        if (st == NULL) return(NULL);
-        if (st->num <= 0) return(NULL);
-        return(sk_delete(st,0));
-        }
-
-char *sk_pop(STACK *st)
-        {
-        if (st == NULL) return(NULL);
-        if (st->num <= 0) return(NULL);
-        return(sk_delete(st,st->num-1));
-        }
-
-void sk_zero(STACK *st)
-        {
-        if (st == NULL) return;
-        if (st->num <= 0) return;
-        memset((char *)st->data,0,sizeof(st->data)*st->num);
-        st->num=0;
-        }
-
-void sk_pop_free(STACK *st, void (*func)(void *))
-        {
-        int i;
-
-        if (st == NULL) return;
-        for (i=0; i<st->num; i++)
-                if (st->data[i] != NULL)
-                        func(st->data[i]);
-        sk_free(st);
-        }
-
-void sk_free(STACK *st)
-        {
-        if (st == NULL) return;
-        if (st->data != NULL) OPENSSL_free(st->data);
-        OPENSSL_free(st);
-        }
-
-int sk_num(const STACK *st)
-{
-        if(st == NULL) return -1;
-        return st->num;
-}
-
-char *sk_value(const STACK *st, int i)
-{
-        if(!st || (i < 0) || (i >= st->num)) return NULL;
-        return st->data[i];
-}
-
-char *sk_set(STACK *st, int i, char *value)
-{
-        if(!st || (i < 0) || (i >= st->num)) return NULL;
-        return (st->data[i] = value);
-}
-
-void sk_sort(STACK *st)
-        {
-        if (st && !st->sorted)
-                {
-                int (*comp_func)(const void *,const void *);
-
-                /* same comment as in sk_find ... previously st->comp was declared
-                 * as a (void*,void*) callback type, but this made the population
-                 * of the callback pointer illogical - our callbacks compare
-                 * type** with type**, so we leave the casting until absolutely
-                 * necessary (ie. "now"). */
-                comp_func=(int (*)(const void *,const void *))(st->comp);
-                qsort(st->data,st->num,sizeof(char *), comp_func);
-                st->sorted=1;
-                }
-        }
-
-int sk_is_sorted(const STACK *st)
-        {
-        if (!st)
-                return 1;
-        return st->sorted;
-        }
diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h
deleted file mode 100644
index 7570b85fe8..0000000000
--- a/src/lib/libcrypto/stack/stack.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/stack/stack.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_STACK_H
-#define HEADER_STACK_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct stack_st
-        {
-        int num;
-        char **data;
-        int sorted;
-
-        int num_alloc;
-        int (*comp)(const char * const *, const char * const *);
-        } STACK;
-
-#define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
-#define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
-
-int sk_num(const STACK *);
-char *sk_value(const STACK *, int);
-
-char *sk_set(STACK *, int, char *);
-
-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
-STACK *sk_new_null(void);
-void sk_free(STACK *);
-void sk_pop_free(STACK *st, void (*func)(void *));
-int sk_insert(STACK *sk,char *data,int where);
-char *sk_delete(STACK *st,int loc);
-char *sk_delete_ptr(STACK *st, char *p);
-int sk_find(STACK *st,char *data);
-int sk_push(STACK *st,char *data);
-int sk_unshift(STACK *st,char *data);
-char *sk_shift(STACK *st);
-char *sk_pop(STACK *st);
-void sk_zero(STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
-                        const char * const *)))
-                        (const char * const *, const char * const *);
-STACK *sk_dup(STACK *st);
-void sk_sort(STACK *st);
-int sk_is_sorted(const STACK *st);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c
deleted file mode 100644
index 58b300b00b..0000000000
--- a/src/lib/libcrypto/txt_db/txt_db.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/* crypto/txt_db/txt_db.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/txt_db.h>
-
-#undef BUFSIZE
-#define BUFSIZE 512
-
-const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
-
-TXT_DB *TXT_DB_read(BIO *in, int num)
-        {
-        TXT_DB *ret=NULL;
-        int er=1;
-        int esc=0;
-        long ln=0;
-        int i,add,n;
-        int size=BUFSIZE;
-        int offset=0;
-        char *p,**pp,*f;
-        BUF_MEM *buf=NULL;
-
-        if ((buf=BUF_MEM_new()) == NULL) goto err;
-        if (!BUF_MEM_grow(buf,size)) goto err;
-
-        if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
-                goto err;
-        ret->num_fields=num;
-        ret->index=NULL;
-        ret->qual=NULL;
-        if ((ret->data=sk_new_null()) == NULL)
-                goto err;
-        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
-                goto err;
-        if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL)
-                goto err;
-        for (i=0; i<num; i++)
-                {
-                ret->index[i]=NULL;
-                ret->qual[i]=NULL;
-                }
-
-        add=(num+1)*sizeof(char *);
-        buf->data[size-1]='\0';
-        offset=0;
-        for (;;)
-                {
-                if (offset != 0)
-                        {
-                        size+=BUFSIZE;
-                        if (!BUF_MEM_grow_clean(buf,size)) goto err;
-                        }
-                buf->data[offset]='\0';
-                BIO_gets(in,&(buf->data[offset]),size-offset);
-                ln++;
-                if (buf->data[offset] == '\0') break;
-                if ((offset == 0) && (buf->data[0] == '#')) continue;
-                i=strlen(&(buf->data[offset]));
-                offset+=i;
-                if (buf->data[offset-1] != '\n')
-                        continue;
-                else
-                        {
-                        buf->data[offset-1]='\0'; /* blat the '\n' */
-                        if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
-                        offset=0;
-                        }
-                pp=(char **)p;
-                p+=add;
-                n=0;
-                pp[n++]=p;
-                i=0;
-                f=buf->data;
-
-                esc=0;
-                for (;;)
-                        {
-                        if (*f == '\0') break;
-                        if (*f == '\t')
-                                {
-                                if (esc)
-                                        p--;
-                                else
-                                        {       
-                                        *(p++)='\0';
-                                        f++;
-                                        if (n >=  num) break;
-                                        pp[n++]=p;
-                                        continue;
-                                        }
-                                }
-                        esc=(*f == '\\');
-                        *(p++)= *(f++);
-                        }
-                *(p++)='\0';
-                if ((n != num) || (*f != '\0'))
-                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
-                        fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
-#endif
-                        er=2;
-                        goto err;
-                        }
-                pp[n]=p;
-                if (!sk_push(ret->data,(char *)pp))
-                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
-                        fprintf(stderr,"failure in sk_push\n");
-#endif
-                        er=2;
-                        goto err;
-                        }
-                }
-        er=0;
-err:
-        BUF_MEM_free(buf);
-        if (er)
-                {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-                if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
-#endif
-                if (ret->data != NULL) sk_free(ret->data);
-                if (ret->index != NULL) OPENSSL_free(ret->index);
-                if (ret->qual != NULL) OPENSSL_free(ret->qual);
-                if (ret != NULL) OPENSSL_free(ret);
-                return(NULL);
-                }
-        else
-                return(ret);
-        }
-
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
-        {
-        char **ret;
-        LHASH *lh;
-
-        if (idx >= db->num_fields)
-                {
-                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-                return(NULL);
-                }
-        lh=db->index[idx];
-        if (lh == NULL)
-                {
-                db->error=DB_ERROR_NO_INDEX;
-                return(NULL);
-                }
-        ret=(char **)lh_retrieve(lh,value);
-        db->error=DB_ERROR_OK;
-        return(ret);
-        }
-
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
-        {
-        LHASH *idx;
-        char *r;
-        int i,n;
-
-        if (field >= db->num_fields)
-                {
-                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-                return(0);
-                }
-        if ((idx=lh_new(hash,cmp)) == NULL)
-                {
-                db->error=DB_ERROR_MALLOC;
-                return(0);
-                }
-        n=sk_num(db->data);
-        for (i=0; i<n; i++)
-                {
-                r=(char *)sk_value(db->data,i);
-                if ((qual != NULL) && (qual(r) == 0)) continue;
-                if ((r=lh_insert(idx,r)) != NULL)
-                        {
-                        db->error=DB_ERROR_INDEX_CLASH;
-                        db->arg1=sk_find(db->data,r);
-                        db->arg2=i;
-                        lh_free(idx);
-                        return(0);
-                        }
-                }
-        if (db->index[field] != NULL) lh_free(db->index[field]);
-        db->index[field]=idx;
-        db->qual[field]=qual;
-        return(1);
-        }
-
-long TXT_DB_write(BIO *out, TXT_DB *db)
-        {
-        long i,j,n,nn,l,tot=0;
-        char *p,**pp,*f;
-        BUF_MEM *buf=NULL;
-        long ret= -1;
-
-        if ((buf=BUF_MEM_new()) == NULL)
-                goto err;
-        n=sk_num(db->data);
-        nn=db->num_fields;
-        for (i=0; i<n; i++)
-                {
-                pp=(char **)sk_value(db->data,i);
-
-                l=0;
-                for (j=0; j<nn; j++)
-                        {
-                        if (pp[j] != NULL)
-                                l+=strlen(pp[j]);
-                        }
-                if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
-
-                p=buf->data;
-                for (j=0; j<nn; j++)
-                        {
-                        f=pp[j];
-                        if (f != NULL)
-                                for (;;) 
-                                        {
-                                        if (*f == '\0') break;
-                                        if (*f == '\t') *(p++)='\\';
-                                        *(p++)= *(f++);
-                                        }
-                        *(p++)='\t';
-                        }
-                p[-1]='\n';
-                j=p-buf->data;
-                if (BIO_write(out,buf->data,(int)j) != j)
-                        goto err;
-                tot+=j;
-                }
-        ret=tot;
-err:
-        if (buf != NULL) BUF_MEM_free(buf);
-        return(ret);
-        }
-
-int TXT_DB_insert(TXT_DB *db, char **row)
-        {
-        int i;
-        char **r;
-
-        for (i=0; i<db->num_fields; i++)
-                {
-                if (db->index[i] != NULL)
-                        {
-                        if ((db->qual[i] != NULL) &&
-                                (db->qual[i](row) == 0)) continue;
-                        r=(char **)lh_retrieve(db->index[i],row);
-                        if (r != NULL)
-                                {
-                                db->error=DB_ERROR_INDEX_CLASH;
-                                db->arg1=i;
-                                db->arg_row=r;
-                                goto err;
-                                }
-                        }
-                }
-        /* We have passed the index checks, now just append and insert */
-        if (!sk_push(db->data,(char *)row))
-                {
-                db->error=DB_ERROR_MALLOC;
-                goto err;
-                }
-
-        for (i=0; i<db->num_fields; i++)
-                {
-                if (db->index[i] != NULL)
-                        {
-                        if ((db->qual[i] != NULL) &&
-                                (db->qual[i](row) == 0)) continue;
-                        lh_insert(db->index[i],row);
-                        }
-                }
-        return(1);
-err:
-        return(0);
-        }
-
-void TXT_DB_free(TXT_DB *db)
-        {
-        int i,n;
-        char **p,*max;
-
-        if(db == NULL)
-            return;
-
-        if (db->index != NULL)
-                {
-                for (i=db->num_fields-1; i>=0; i--)
-                        if (db->index[i] != NULL) lh_free(db->index[i]);
-                OPENSSL_free(db->index);
-                }
-        if (db->qual != NULL)
-                OPENSSL_free(db->qual);
-        if (db->data != NULL)
-                {
-                for (i=sk_num(db->data)-1; i>=0; i--)
-                        {
-                        /* check if any 'fields' have been allocated
-                         * from outside of the initial block */
-                        p=(char **)sk_value(db->data,i);
-                        max=p[db->num_fields]; /* last address */
-                        if (max == NULL) /* new row */
-                                {
-                                for (n=0; n<db->num_fields; n++)
-                                        if (p[n] != NULL) OPENSSL_free(p[n]);
-                                }
-                        else
-                                {
-                                for (n=0; n<db->num_fields; n++)
-                                        {
-                                        if (((p[n] < (char *)p) || (p[n] > max))
-                                                && (p[n] != NULL))
-                                                OPENSSL_free(p[n]);
-                                        }
-                                }
-                        OPENSSL_free(sk_value(db->data,i));
-                        }
-                sk_free(db->data);
-                }
-        OPENSSL_free(db);
-        }
diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h
deleted file mode 100644
index 563392aeff..0000000000
--- a/src/lib/libcrypto/txt_db/txt_db.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TXT_DB_H
-#define HEADER_TXT_DB_H
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-
-#define DB_ERROR_OK                     0
-#define DB_ERROR_MALLOC                 1
-#define DB_ERROR_INDEX_CLASH            2
-#define DB_ERROR_INDEX_OUT_OF_RANGE     3
-#define DB_ERROR_NO_INDEX               4
-#define DB_ERROR_INSERT_INDEX_CLASH     5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct txt_db_st
-        {
-        int num_fields;
-        STACK /* char ** */ *data;
-        LHASH **index;
-        int (**qual)();
-        long error;
-        long arg1;
-        long arg2;
-        char **arg_row;
-        } TXT_DB;
-
-#ifndef OPENSSL_NO_BIO
-TXT_DB *TXT_DB_read(BIO *in, int num);
-long TXT_DB_write(BIO *out, TXT_DB *db);
-#else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-#endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-void TXT_DB_free(TXT_DB *db);
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
-int TXT_DB_insert(TXT_DB *db,char **value);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libcrypto/ui/ui.h b/src/lib/libcrypto/ui/ui.h
deleted file mode 100644
index 735a2d988e..0000000000
--- a/src/lib/libcrypto/ui/ui.h
+++ /dev/null
@@ -1,387 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_H
-#define HEADER_UI_H
-
-#include <openssl/crypto.h>
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* The UI type is a holder for a specific user interface session.  It can
-   contain an illimited number of informational or error strings as well
-   as things to prompt for, both passwords (noecho mode) and others (echo
-   mode), and verification of the same.  All of these are called strings,
-   and are further described below. */
-typedef struct ui_st UI;
-
-/* All instances of UI have a reference to a method structure, which is a
-   ordered vector of functions that implement the lower level things to do.
-   There is an instruction on the implementation further down, in the section
-   for method implementors. */
-typedef struct ui_method_st UI_METHOD;
-
-
-/* All the following functions return -1 or NULL on error and in some cases
-   (UI_process()) -2 if interrupted or in some other way cancelled.
-   When everything is fine, they return 0, a positive value or a non-NULL
-   pointer, all depending on their purpose. */
-
-/* Creators and destructor.   */
-UI *UI_new(void);
-UI *UI_new_method(const UI_METHOD *method);
-void UI_free(UI *ui);
-
-/* The following functions are used to add strings to be printed and prompt
-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
-   and UI_{add,dup}_input_boolean.
-
-   UI_{add,dup}_<function>_string have the following meanings:
-        add     add a text or prompt string.  The pointers given to these
-                functions are used verbatim, no copying is done.
-        dup     make a copy of the text or prompt string, then add the copy
-                to the collection of strings in the user interface.
-        <function>
-                The function is a name for the functionality that the given
-                string shall be used for.  It can be one of:
-                        input   use the string as data prompt.
-                        verify  use the string as verification prompt.  This
-                                is used to verify a previous input.
-                        info    use the string for informational output.
-                        error   use the string for error output.
-   Honestly, there's currently no difference between info and error for the
-   moment.
-
-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
-   and are typically used when one wants to prompt for a yes/no response.
-
-
-   All of the functions in this group take a UI and a prompt string.
-   The string input and verify addition functions also take a flag argument,
-   a buffer for the result to end up with, a minimum input size and a maximum
-   input size (the result buffer MUST be large enough to be able to contain
-   the maximum number of characters).  Additionally, the verify addition
-   functions takes another buffer to compare the result against.
-   The boolean input functions take an action description string (which should
-   be safe to ignore if the expected user action is obvious, for example with
-   a dialog box with an OK button and a Cancel button), a string of acceptable
-   characters to mean OK and to mean Cancel.  The two last strings are checked
-   to make sure they don't have common characters.  Additionally, the same
-   flag argument as for the string input is taken, as well as a result buffer.
-   The result buffer is required to be at least one byte long.  Depending on
-   the answer, the first character from the OK or the Cancel character strings
-   will be stored in the first byte of the result buffer.  No NUL will be
-   added, so the result is *not* a string.
-
-   On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize);
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize);
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-        const char *ok_chars, const char *cancel_chars,
-        int flags, char *result_buf);
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-        const char *ok_chars, const char *cancel_chars,
-        int flags, char *result_buf);
-int UI_add_info_string(UI *ui, const char *text);
-int UI_dup_info_string(UI *ui, const char *text);
-int UI_add_error_string(UI *ui, const char *text);
-int UI_dup_error_string(UI *ui, const char *text);
-
-/* These are the possible flags.  They can be or'ed together. */
-/* Use to have echoing of input */
-#define UI_INPUT_FLAG_ECHO              0x01
-/* Use a default password.  Where that password is found is completely
-   up to the application, it might for example be in the user data set
-   with UI_add_user_data().  It is not recommended to have more than
-   one input in each UI being marked with this flag, or the application
-   might get confused. */
-#define UI_INPUT_FLAG_DEFAULT_PWD       0x02
-
-/* The user of these routines may want to define flags of their own.  The core
-   UI won't look at those, but will pass them on to the method routines.  They
-   must use higher bits so they don't get confused with the UI bits above.
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-   example of use is this:
-
-        #define MY_UI_FLAG1     (0x01 << UI_INPUT_FLAG_USER_BASE)
-
-*/
-#define UI_INPUT_FLAG_USER_BASE 16
-
-
-/* The following function helps construct a prompt.  object_desc is a
-   textual short description of the object, for example "pass phrase",
-   and object_name is the name of the object (might be a card name or
-   a file name.
-   The returned string shall always be allocated on the heap with
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
-   If the ui_method doesn't contain a pointer to a user-defined prompt
-   constructor, a default string is built, looking like this:
-
-        "Enter {object_desc} for {object_name}:"
-
-   So, if object_desc has the value "pass phrase" and object_name has
-   the value "foo.key", the resulting string is:
-
-        "Enter pass phrase for foo.key:"
-*/
-char *UI_construct_prompt(UI *ui_method,
-        const char *object_desc, const char *object_name);
-
-
-/* The following function is used to store a pointer to user-specific data.
-   Any previous such pointer will be returned and replaced.
-
-   For callback purposes, this function makes a lot more sense than using
-   ex_data, since the latter requires that different parts of OpenSSL or
-   applications share the same ex_data index.
-
-   Note that the UI_OpenSSL() method completely ignores the user data.
-   Other methods may not, however.  */
-void *UI_add_user_data(UI *ui, void *user_data);
-/* We need a user data retrieving function as well.  */
-void *UI_get0_user_data(UI *ui);
-
-/* Return the result associated with a prompt given with the index i. */
-const char *UI_get0_result(UI *ui, int i);
-
-/* When all strings have been added, process the whole thing. */
-int UI_process(UI *ui);
-
-/* Give a user interface parametrised control commands.  This can be used to
-   send down an integer, a data pointer or a function pointer, as well as
-   be used to get information from a UI. */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
-
-/* The commands */
-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
-   OpenSSL error stack before printing any info or added error messages and
-   before any prompting. */
-#define UI_CTRL_PRINT_ERRORS            1
-/* Check if a UI_process() is possible to do again with the same instance of
-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
-   if not. */
-#define UI_CTRL_IS_REDOABLE             2
-
-
-/* Some methods may use extra data */
-#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
-#define UI_get_app_data(s)             UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int UI_set_ex_data(UI *r,int idx,void *arg);
-void *UI_get_ex_data(UI *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-void UI_set_default_method(const UI_METHOD *meth);
-const UI_METHOD *UI_get_default_method(void);
-const UI_METHOD *UI_get_method(UI *ui);
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void);
-
-
-/* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
-   of the User Interface.  The functions are:
-
-        an opener       This function starts a session, maybe by opening
-                        a channel to a tty, or by opening a window.
-        a writer        This function is called to write a given string,
-                        maybe to the tty, maybe as a field label in a
-                        window.
-        a flusher       This function is called to flush everything that
-                        has been output so far.  It can be used to actually
-                        display a dialog box after it has been built.
-        a reader        This function is called to read a given prompt,
-                        maybe from the tty, maybe from a field in a
-                        window.  Note that it's called wth all string
-                        structures, not only the prompt ones, so it must
-                        check such things itself.
-        a closer        This function closes the session, maybe by closing
-                        the channel to the tty, or closing the window.
-
-   All these functions are expected to return:
-
-        0       on error.
-        1       on success.
-        -1      on out-of-band events, for example if some prompting has
-                been canceled (by pressing Ctrl-C, for example).  This is
-                only checked when returned by the flusher or the reader.
-
-   The way this is used, the opener is first called, then the writer for all
-   strings, then the flusher, then the reader for all strings and finally the
-   closer.  Note that if you want to prompt from a terminal or other command
-   line interface, the best is to have the reader also write the prompts
-   instead of having the writer do it.  If you want to prompt from a dialog
-   box, the writer can be used to build up the contents of the box, and the
-   flusher to actually display the box and run the event loop until all data
-   has been given, after which the reader only grabs the given data and puts
-   them back into the UI strings.
-
-   All method functions take a UI as argument.  Additionally, the writer and
-   the reader take a UI_STRING.
-*/
-
-/* The UI_STRING type is the data structure that contains all the needed info
-   about a string or a prompt, including test data for a verification prompt.
-*/
-DECLARE_STACK_OF(UI_STRING)
-typedef struct ui_string_st UI_STRING;
-
-/* The different types of strings that are currently supported.
-   This is only needed by method authors. */
-enum UI_string_types
-        {
-        UIT_NONE=0,
-        UIT_PROMPT,             /* Prompt for a string */
-        UIT_VERIFY,             /* Prompt for a string and verify */
-        UIT_BOOLEAN,            /* Prompt for a yes/no response */
-        UIT_INFO,               /* Send info to the user */
-        UIT_ERROR               /* Send an error message to the user */
-        };
-
-/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
-void UI_destroy_method(UI_METHOD *ui_method);
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
-int (*UI_method_get_opener(UI_METHOD *method))(UI*);
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-
-/* The following functions are helpers for method writers to access relevant
-   data from a UI_STRING. */
-
-/* Return type of the UI_STRING */
-enum UI_string_types UI_get_string_type(UI_STRING *uis);
-/* Return input flags of the UI_STRING */
-int UI_get_input_flags(UI_STRING *uis);
-/* Return the actual string to output (the prompt, info or error) */
-const char *UI_get0_output_string(UI_STRING *uis);
-/* Return the optional action string to output (the boolean promtp instruction) */
-const char *UI_get0_action_string(UI_STRING *uis);
-/* Return the result of a prompt */
-const char *UI_get0_result_string(UI_STRING *uis);
-/* Return the string to test the result against.  Only useful with verifies. */
-const char *UI_get0_test_string(UI_STRING *uis);
-/* Return the required minimum size of the result */
-int UI_get_result_minsize(UI_STRING *uis);
-/* Return the required maximum size of the result */
-int UI_get_result_maxsize(UI_STRING *uis);
-/* Set the result of a UI_STRING. */
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
-
-
-/* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-#define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
-#define UI_F_GENERAL_ALLOCATE_PROMPT                     109
-#define UI_F_GENERAL_ALLOCATE_STRING                     100
-#define UI_F_UI_CTRL                                     111
-#define UI_F_UI_DUP_ERROR_STRING                         101
-#define UI_F_UI_DUP_INFO_STRING                          102
-#define UI_F_UI_DUP_INPUT_BOOLEAN                        110
-#define UI_F_UI_DUP_INPUT_STRING                         103
-#define UI_F_UI_DUP_VERIFY_STRING                        106
-#define UI_F_UI_GET0_RESULT                              107
-#define UI_F_UI_NEW_METHOD                               104
-#define UI_F_UI_SET_RESULT                               105
-
-/* Reason codes. */
-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
-#define UI_R_INDEX_TOO_LARGE                             102
-#define UI_R_INDEX_TOO_SMALL                             103
-#define UI_R_NO_RESULT_BUFFER                            105
-#define UI_R_RESULT_TOO_LARGE                            100
-#define UI_R_RESULT_TOO_SMALL                            101
-#define UI_R_UNKNOWN_CONTROL_COMMAND                     106
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/ui/ui_compat.h b/src/lib/libcrypto/ui/ui_compat.h
deleted file mode 100644
index b35c9bb7fd..0000000000
--- a/src/lib/libcrypto/ui/ui_compat.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-#define HEADER_UI_COMPAT_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/ui.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* The following functions were previously part of the DES section,
-   and are provided here for backward compatibility reasons. */
-
-#define des_read_pw_string(b,l,p,v) \
-        _ossl_old_des_read_pw_string((b),(l),(p),(v))
-#define des_read_pw(b,bf,s,p,v) \
-        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
deleted file mode 100644
index d983cdd66f..0000000000
--- a/src/lib/libcrypto/ui/ui_err.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* crypto/ui/ui_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ui.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
-
-static ERR_STRING_DATA UI_str_functs[]=
-        {
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN),       "GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT),        "GENERAL_ALLOCATE_PROMPT"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING),        "GENERAL_ALLOCATE_STRING"},
-{ERR_FUNC(UI_F_UI_CTRL),        "UI_ctrl"},
-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING),    "UI_dup_error_string"},
-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING),     "UI_dup_info_string"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN),   "UI_dup_input_boolean"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING),    "UI_dup_input_string"},
-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING),   "UI_dup_verify_string"},
-{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
-{ERR_FUNC(UI_F_UI_NEW_METHOD),  "UI_new_method"},
-{ERR_FUNC(UI_F_UI_SET_RESULT),  "UI_set_result"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA UI_str_reasons[]=
-        {
-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
-{ERR_REASON(UI_R_INDEX_TOO_LARGE)        ,"index too large"},
-{ERR_REASON(UI_R_INDEX_TOO_SMALL)        ,"index too small"},
-{ERR_REASON(UI_R_NO_RESULT_BUFFER)       ,"no result buffer"},
-{ERR_REASON(UI_R_RESULT_TOO_LARGE)       ,"result too large"},
-{ERR_REASON(UI_R_RESULT_TOO_SMALL)       ,"result too small"},
-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_UI_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,UI_str_functs);
-                ERR_load_strings(0,UI_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
deleted file mode 100644
index dbc9711a2d..0000000000
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ /dev/null
@@ -1,902 +0,0 @@
-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#include "ui_locl.h"
-#include "cryptlib.h"
-
-IMPLEMENT_STACK_OF(UI_STRING_ST)
-
-static const UI_METHOD *default_UI_meth=NULL;
-
-UI *UI_new(void)
-        {
-        return(UI_new_method(NULL));
-        }
-
-UI *UI_new_method(const UI_METHOD *method)
-        {
-        UI *ret;
-
-        ret=(UI *)OPENSSL_malloc(sizeof(UI));
-        if (ret == NULL)
-                {
-                UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-        if (method == NULL)
-                ret->meth=UI_get_default_method();
-        else
-                ret->meth=method;
-
-        ret->strings=NULL;
-        ret->user_data=NULL;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
-        return ret;
-        }
-
-static void free_string(UI_STRING *uis)
-        {
-        if (uis->flags & OUT_STRING_FREEABLE)
-                {
-                OPENSSL_free((char *)uis->out_string);
-                switch(uis->type)
-                        {
-                case UIT_BOOLEAN:
-                        OPENSSL_free((char *)uis->_.boolean_data.action_desc);
-                        OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
-                        OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
-                        break;
-                default:
-                        break;
-                        }
-                }
-        OPENSSL_free(uis);
-        }
-
-void UI_free(UI *ui)
-        {
-        if (ui == NULL)
-                return;
-        sk_UI_STRING_pop_free(ui->strings,free_string);
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
-        OPENSSL_free(ui);
-        }
-
-static int allocate_string_stack(UI *ui)
-        {
-        if (ui->strings == NULL)
-                {
-                ui->strings=sk_UI_STRING_new_null();
-                if (ui->strings == NULL)
-                        {
-                        return -1;
-                        }
-                }
-        return 0;
-        }
-
-static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
-        int prompt_freeable, enum UI_string_types type, int input_flags,
-        char *result_buf)
-        {
-        UI_STRING *ret = NULL;
-
-        if (prompt == NULL)
-                {
-                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
-                }
-        else if ((type == UIT_PROMPT || type == UIT_VERIFY
-                         || type == UIT_BOOLEAN) && result_buf == NULL)
-                {
-                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
-                }
-        else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
-                {
-                ret->out_string=prompt;
-                ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
-                ret->input_flags=input_flags;
-                ret->type=type;
-                ret->result_buf=result_buf;
-                }
-        return ret;
-        }
-
-static int general_allocate_string(UI *ui, const char *prompt,
-        int prompt_freeable, enum UI_string_types type, int input_flags,
-        char *result_buf, int minsize, int maxsize, const char *test_buf)
-        {
-        int ret = -1;
-        UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
-                type, input_flags, result_buf);
-
-        if (s)
-                {
-                if (allocate_string_stack(ui) >= 0)
-                        {
-                        s->_.string_data.result_minsize=minsize;
-                        s->_.string_data.result_maxsize=maxsize;
-                        s->_.string_data.test_buf=test_buf;
-                        ret=sk_UI_STRING_push(ui->strings, s);
-                        /* sk_push() returns 0 on error.  Let's addapt that */
-                        if (ret <= 0) ret--;
-                        }
-                else
-                        free_string(s);
-                }
-        return ret;
-        }
-
-static int general_allocate_boolean(UI *ui,
-        const char *prompt, const char *action_desc,
-        const char *ok_chars, const char *cancel_chars,
-        int prompt_freeable, enum UI_string_types type, int input_flags,
-        char *result_buf)
-        {
-        int ret = -1;
-        UI_STRING *s;
-        const char *p;
-
-        if (ok_chars == NULL)
-                {
-                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-                }
-        else if (cancel_chars == NULL)
-                {
-                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-                }
-        else
-                {
-                for(p = ok_chars; *p; p++)
-                        {
-                        if (strchr(cancel_chars, *p))
-                                {
-                                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-                                        UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
-                                }
-                        }
-
-                s = general_allocate_prompt(ui, prompt, prompt_freeable,
-                        type, input_flags, result_buf);
-
-                if (s)
-                        {
-                        if (allocate_string_stack(ui) >= 0)
-                                {
-                                s->_.boolean_data.action_desc = action_desc;
-                                s->_.boolean_data.ok_chars = ok_chars;
-                                s->_.boolean_data.cancel_chars = cancel_chars;
-                                ret=sk_UI_STRING_push(ui->strings, s);
-                                /* sk_push() returns 0 on error.
-                                   Let's addapt that */
-                                if (ret <= 0) ret--;
-                                }
-                        else
-                                free_string(s);
-                        }
-                }
-        return ret;
-        }
-
-/* Returns the index to the place in the stack or -1 for error.  Uses a
-   direct reference to the prompt.  */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize)
-        {
-        return general_allocate_string(ui, prompt, 0,
-                UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-        }
-
-/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize)
-        {
-        char *prompt_copy=NULL;
-
-        if (prompt)
-                {
-                prompt_copy=BUF_strdup(prompt);
-                if (prompt_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                }
-        
-        return general_allocate_string(ui, prompt_copy, 1,
-                UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-        }
-
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize, const char *test_buf)
-        {
-        return general_allocate_string(ui, prompt, 0,
-                UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-        }
-
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-        char *result_buf, int minsize, int maxsize, const char *test_buf)
-        {
-        char *prompt_copy=NULL;
-
-        if (prompt)
-                {
-                prompt_copy=BUF_strdup(prompt);
-                if (prompt_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
-                        return -1;
-                        }
-                }
-        
-        return general_allocate_string(ui, prompt_copy, 1,
-                UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-        }
-
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-        const char *ok_chars, const char *cancel_chars,
-        int flags, char *result_buf)
-        {
-        return general_allocate_boolean(ui, prompt, action_desc,
-                ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
-        }
-
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-        const char *ok_chars, const char *cancel_chars,
-        int flags, char *result_buf)
-        {
-        char *prompt_copy = NULL;
-        char *action_desc_copy = NULL;
-        char *ok_chars_copy = NULL;
-        char *cancel_chars_copy = NULL;
-
-        if (prompt)
-                {
-                prompt_copy=BUF_strdup(prompt);
-                if (prompt_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        
-        if (action_desc)
-                {
-                action_desc_copy=BUF_strdup(action_desc);
-                if (action_desc_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        
-        if (ok_chars)
-                {
-                ok_chars_copy=BUF_strdup(ok_chars);
-                if (ok_chars_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        
-        if (cancel_chars)
-                {
-                cancel_chars_copy=BUF_strdup(cancel_chars);
-                if (cancel_chars_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        
-        return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-                ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
-                result_buf);
- err:
-        if (prompt_copy) OPENSSL_free(prompt_copy);
-        if (action_desc_copy) OPENSSL_free(action_desc_copy);
-        if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
-        if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
-        return -1;
-        }
-
-int UI_add_info_string(UI *ui, const char *text)
-        {
-        return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
-                NULL);
-        }
-
-int UI_dup_info_string(UI *ui, const char *text)
-        {
-        char *text_copy=NULL;
-
-        if (text)
-                {
-                text_copy=BUF_strdup(text);
-                if (text_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
-                        return -1;
-                        }
-                }
-
-        return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-                0, 0, NULL);
-        }
-
-int UI_add_error_string(UI *ui, const char *text)
-        {
-        return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
-                NULL);
-        }
-
-int UI_dup_error_string(UI *ui, const char *text)
-        {
-        char *text_copy=NULL;
-
-        if (text)
-                {
-                text_copy=BUF_strdup(text);
-                if (text_copy == NULL)
-                        {
-                        UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
-                        return -1;
-                        }
-                }
-        return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-                0, 0, NULL);
-        }
-
-char *UI_construct_prompt(UI *ui, const char *object_desc,
-        const char *object_name)
-        {
-        char *prompt = NULL;
-
-        if (ui->meth->ui_construct_prompt)
-                prompt = ui->meth->ui_construct_prompt(ui,
-                        object_desc, object_name);
-        else
-                {
-                char prompt1[] = "Enter ";
-                char prompt2[] = " for ";
-                char prompt3[] = ":";
-                int len = 0;
-
-                if (object_desc == NULL)
-                        return NULL;
-                len = sizeof(prompt1) - 1 + strlen(object_desc);
-                if (object_name)
-                        len += sizeof(prompt2) - 1 + strlen(object_name);
-                len += sizeof(prompt3) - 1;
-
-                prompt = (char *)OPENSSL_malloc(len + 1);
-                BUF_strlcpy(prompt, prompt1, len + 1);
-                BUF_strlcat(prompt, object_desc, len + 1);
-                if (object_name)
-                        {
-                        BUF_strlcat(prompt, prompt2, len + 1);
-                        BUF_strlcat(prompt, object_name, len + 1);
-                        }
-                BUF_strlcat(prompt, prompt3, len + 1);
-                }
-        return prompt;
-        }
-
-void *UI_add_user_data(UI *ui, void *user_data)
-        {
-        void *old_data = ui->user_data;
-        ui->user_data = user_data;
-        return old_data;
-        }
-
-void *UI_get0_user_data(UI *ui)
-        {
-        return ui->user_data;
-        }
-
-const char *UI_get0_result(UI *ui, int i)
-        {
-        if (i < 0)
-                {
-                UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
-                return NULL;
-                }
-        if (i >= sk_UI_STRING_num(ui->strings))
-                {
-                UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
-                return NULL;
-                }
-        return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
-        }
-
-static int print_error(const char *str, size_t len, UI *ui)
-        {
-        UI_STRING uis;
-
-        memset(&uis, 0, sizeof(uis));
-        uis.type = UIT_ERROR;
-        uis.out_string = str;
-
-        if (ui->meth->ui_write_string
-                && !ui->meth->ui_write_string(ui, &uis))
-                return -1;
-        return 0;
-        }
-
-int UI_process(UI *ui)
-        {
-        int i, ok=0;
-
-        if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
-                return -1;
-
-        if (ui->flags & UI_FLAG_PRINT_ERRORS)
-                ERR_print_errors_cb(
-                        (int (*)(const char *, size_t, void *))print_error,
-                        (void *)ui);
-
-        for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-                {
-                if (ui->meth->ui_write_string
-                        && !ui->meth->ui_write_string(ui,
-                                sk_UI_STRING_value(ui->strings, i)))
-                        {
-                        ok=-1;
-                        goto err;
-                        }
-                }
-
-        if (ui->meth->ui_flush)
-                switch(ui->meth->ui_flush(ui))
-                        {
-                case -1: /* Interrupt/Cancel/something... */
-                        ok = -2;
-                        goto err;
-                case 0: /* Errors */
-                        ok = -1;
-                        goto err;
-                default: /* Success */
-                        ok = 0;
-                        break;
-                        }
-
-        for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-                {
-                if (ui->meth->ui_read_string)
-                        {
-                        switch(ui->meth->ui_read_string(ui,
-                                sk_UI_STRING_value(ui->strings, i)))
-                                {
-                        case -1: /* Interrupt/Cancel/something... */
-                                ok = -2;
-                                goto err;
-                        case 0: /* Errors */
-                                ok = -1;
-                                goto err;
-                        default: /* Success */
-                                ok = 0;
-                                break;
-                                }
-                        }
-                }
- err:
-        if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
-                return -1;
-        return ok;
-        }
-
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
-        {
-        if (ui == NULL)
-                {
-                UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-                return -1;
-                }
-        switch(cmd)
-                {
-        case UI_CTRL_PRINT_ERRORS:
-                {
-                int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
-                if (i)
-                        ui->flags |= UI_FLAG_PRINT_ERRORS;
-                else
-                        ui->flags &= ~UI_FLAG_PRINT_ERRORS;
-                return save_flag;
-                }
-        case UI_CTRL_IS_REDOABLE:
-                return !!(ui->flags & UI_FLAG_REDOABLE);
-        default:
-                break;
-                }
-        UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
-        return -1;
-        }
-
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int UI_set_ex_data(UI *r, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-        }
-
-void *UI_get_ex_data(UI *r, int idx)
-        {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
-        }
-
-void UI_set_default_method(const UI_METHOD *meth)
-        {
-        default_UI_meth=meth;
-        }
-
-const UI_METHOD *UI_get_default_method(void)
-        {
-        if (default_UI_meth == NULL)
-                {
-                default_UI_meth=UI_OpenSSL();
-                }
-        return default_UI_meth;
-        }
-
-const UI_METHOD *UI_get_method(UI *ui)
-        {
-        return ui->meth;
-        }
-
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
-        {
-        ui->meth=meth;
-        return ui->meth;
-        }
-
-
-UI_METHOD *UI_create_method(char *name)
-        {
-        UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
-
-        if (ui_method)
-                memset(ui_method, 0, sizeof(*ui_method));
-        ui_method->name = BUF_strdup(name);
-        return ui_method;
-        }
-
-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
-   (that is, it hasn't been allocated using UI_create_method(), you deserve
-   anything Murphy can throw at you and more!  You have been warned. */
-void UI_destroy_method(UI_METHOD *ui_method)
-        {
-        OPENSSL_free(ui_method->name);
-        ui_method->name = NULL;
-        OPENSSL_free(ui_method);
-        }
-
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
-        {
-        if (method)
-                {
-                method->ui_open_session = opener;
-                return 0;
-                }
-        else
-                return -1;
-        }
-
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
-        {
-        if (method)
-                {
-                method->ui_write_string = writer;
-                return 0;
-                }
-        else
-                return -1;
-        }
-
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
-        {
-        if (method)
-                {
-                method->ui_flush = flusher;
-                return 0;
-                }
-        else
-                return -1;
-        }
-
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
-        {
-        if (method)
-                {
-                method->ui_read_string = reader;
-                return 0;
-                }
-        else
-                return -1;
-        }
-
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
-        {
-        if (method)
-                {
-                method->ui_close_session = closer;
-                return 0;
-                }
-        else
-                return -1;
-        }
-
-int (*UI_method_get_opener(UI_METHOD *method))(UI*)
-        {
-        if (method)
-                return method->ui_open_session;
-        else
-                return NULL;
-        }
-
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
-        {
-        if (method)
-                return method->ui_write_string;
-        else
-                return NULL;
-        }
-
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
-        {
-        if (method)
-                return method->ui_flush;
-        else
-                return NULL;
-        }
-
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
-        {
-        if (method)
-                return method->ui_read_string;
-        else
-                return NULL;
-        }
-
-int (*UI_method_get_closer(UI_METHOD *method))(UI*)
-        {
-        if (method)
-                return method->ui_close_session;
-        else
-                return NULL;
-        }
-
-enum UI_string_types UI_get_string_type(UI_STRING *uis)
-        {
-        if (!uis)
-                return UIT_NONE;
-        return uis->type;
-        }
-
-int UI_get_input_flags(UI_STRING *uis)
-        {
-        if (!uis)
-                return 0;
-        return uis->input_flags;
-        }
-
-const char *UI_get0_output_string(UI_STRING *uis)
-        {
-        if (!uis)
-                return NULL;
-        return uis->out_string;
-        }
-
-const char *UI_get0_action_string(UI_STRING *uis)
-        {
-        if (!uis)
-                return NULL;
-        switch(uis->type)
-                {
-        case UIT_PROMPT:
-        case UIT_BOOLEAN:
-                return uis->_.boolean_data.action_desc;
-        default:
-                return NULL;
-                }
-        }
-
-const char *UI_get0_result_string(UI_STRING *uis)
-        {
-        if (!uis)
-                return NULL;
-        switch(uis->type)
-                {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-                return uis->result_buf;
-        default:
-                return NULL;
-                }
-        }
-
-const char *UI_get0_test_string(UI_STRING *uis)
-        {
-        if (!uis)
-                return NULL;
-        switch(uis->type)
-                {
-        case UIT_VERIFY:
-                return uis->_.string_data.test_buf;
-        default:
-                return NULL;
-                }
-        }
-
-int UI_get_result_minsize(UI_STRING *uis)
-        {
-        if (!uis)
-                return -1;
-        switch(uis->type)
-                {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-                return uis->_.string_data.result_minsize;
-        default:
-                return -1;
-                }
-        }
-
-int UI_get_result_maxsize(UI_STRING *uis)
-        {
-        if (!uis)
-                return -1;
-        switch(uis->type)
-                {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-                return uis->_.string_data.result_maxsize;
-        default:
-                return -1;
-                }
-        }
-
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
-        {
-        int l = strlen(result);
-
-        ui->flags &= ~UI_FLAG_REDOABLE;
-
-        if (!uis)
-                return -1;
-        switch (uis->type)
-                {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-                {
-                char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
-                char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
-
-                BIO_snprintf(number1, sizeof(number1), "%d",
-                        uis->_.string_data.result_minsize);
-                BIO_snprintf(number2, sizeof(number2), "%d",
-                        uis->_.string_data.result_maxsize);
-
-                if (l < uis->_.string_data.result_minsize)
-                        {
-                        ui->flags |= UI_FLAG_REDOABLE;
-                        UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
-                        ERR_add_error_data(5,"You must type in ",
-                                number1," to ",number2," characters");
-                        return -1;
-                        }
-                if (l > uis->_.string_data.result_maxsize)
-                        {
-                        ui->flags |= UI_FLAG_REDOABLE;
-                        UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
-                        ERR_add_error_data(5,"You must type in ",
-                                number1," to ",number2," characters");
-                        return -1;
-                        }
-                }
-
-                if (!uis->result_buf)
-                        {
-                        UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-                        return -1;
-                        }
-
-                BUF_strlcpy(uis->result_buf, result,
-                            uis->_.string_data.result_maxsize + 1);
-                break;
-        case UIT_BOOLEAN:
-                {
-                const char *p;
-
-                if (!uis->result_buf)
-                        {
-                        UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-                        return -1;
-                        }
-
-                uis->result_buf[0] = '\0';
-                for(p = result; *p; p++)
-                        {
-                        if (strchr(uis->_.boolean_data.ok_chars, *p))
-                                {
-                                uis->result_buf[0] =
-                                        uis->_.boolean_data.ok_chars[0];
-                                break;
-                                }
-                        if (strchr(uis->_.boolean_data.cancel_chars, *p))
-                                {
-                                uis->result_buf[0] =
-                                        uis->_.boolean_data.cancel_chars[0];
-                                break;
-                                }
-                        }
-        default:
-                break;
-                }
-                }
-        return 0;
-        }
diff --git a/src/lib/libcrypto/ui/ui_locl.h b/src/lib/libcrypto/ui/ui_locl.h
deleted file mode 100644
index 7d3a75a619..0000000000
--- a/src/lib/libcrypto/ui/ui_locl.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_LOCL_H
-#define HEADER_UI_LOCL_H
-
-#include <openssl/ui.h>
-
-struct ui_method_st
-        {
-        char *name;
-
-        /* All the functions return 1 or non-NULL for success and 0 or NULL
-           for failure */
-
-        /* Open whatever channel for this, be it the console, an X window
-           or whatever.
-           This function should use the ex_data structure to save
-           intermediate data. */
-        int (*ui_open_session)(UI *ui);
-
-        int (*ui_write_string)(UI *ui, UI_STRING *uis);
-
-        /* Flush the output.  If a GUI dialog box is used, this function can
-           be used to actually display it. */
-        int (*ui_flush)(UI *ui);
-
-        int (*ui_read_string)(UI *ui, UI_STRING *uis);
-
-        int (*ui_close_session)(UI *ui);
-
-        /* Construct a prompt in a user-defined manner.  object_desc is a
-           textual short description of the object, for example "pass phrase",
-           and object_name is the name of the object (might be a card name or
-           a file name.
-           The returned string shall always be allocated on the heap with
-           OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
-        char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
-                const char *object_name);
-        };
-
-struct ui_string_st
-        {
-        enum UI_string_types type; /* Input */
-        const char *out_string; /* Input */
-        int input_flags;        /* Flags from the user */
-
-        /* The following parameters are completely irrelevant for UIT_INFO,
-           and can therefore be set to 0 or NULL */
-        char *result_buf;       /* Input and Output: If not NULL, user-defined
-                                   with size in result_maxsize.  Otherwise, it
-                                   may be allocated by the UI routine, meaning
-                                   result_minsize is going to be overwritten.*/
-        union
-                {
-                struct
-                        {
-                        int result_minsize;     /* Input: minimum required
-                                                   size of the result.
-                                                */
-                        int result_maxsize;     /* Input: maximum permitted
-                                                   size of the result */
-
-                        const char *test_buf;   /* Input: test string to verify
-                                                   against */
-                        } string_data;
-                struct
-                        {
-                        const char *action_desc; /* Input */
-                        const char *ok_chars; /* Input */
-                        const char *cancel_chars; /* Input */
-                        } boolean_data;
-                } _;
-
-#define OUT_STRING_FREEABLE 0x01
-        int flags;              /* flags for internal use */
-        };
-
-struct ui_st
-        {
-        const UI_METHOD *meth;
-        STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
-                                         than one thing at a time, and
-                                         with different echoing status.  */
-        void *user_data;
-        CRYPTO_EX_DATA ex_data;
-
-#define UI_FLAG_REDOABLE        0x0001
-#define UI_FLAG_PRINT_ERRORS    0x0100
-        int flags;
-        };
-
-#endif
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
deleted file mode 100644
index d03aeba91a..0000000000
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ /dev/null
@@ -1,674 +0,0 @@
-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) and others
- * for the OpenSSL project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
- * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include <openssl/e_os2.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
-# endif
-/* If unistd.h defines _POSIX_VERSION, we conclude that we
- * are on a POSIX system and have sigaction and termios. */
-# if defined(_POSIX_VERSION)
-
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
-
-# endif
-#endif
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "ui_locl.h"
-#include "cryptlib.h"
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-#ifndef OPENSSL_SYS_WINCE
-# include <wincon.h>
-#endif
-#endif
-
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-# define TERMIOS
-# undef  TERMIO
-# undef  SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#ifdef _LIBC
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
-# undef  TERMIOS
-# undef  TERMIO
-# define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT             struct termios
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      tcgetattr(tty,data)
-# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT             struct termio
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT             struct sgttyb
-# define TTY_FLAGS              sg_flags
-# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
-# include <sys/ioctl.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
-        short iosb$w_value;
-        short iosb$w_count;
-        long  iosb$l_info;
-        };
-#endif
-
-#ifdef OPENSSL_SYS_SUNOS
-        typedef int sig_atomic_t;
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *                                      <appro@fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-
-/* Define globals.  They are protected by a lock */
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG])(int );
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-static struct IOSB iosb;
-static $DESCRIPTOR(terminal,"TT");
-static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */
-static long status;
-static unsigned short channel = 0;
-#else
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-static TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
-static FILE *tty_in, *tty_out;
-static int is_a_tty;
-
-/* Declare static functions */
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static void read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
-
-static int read_string(UI *ui, UI_STRING *uis);
-static int write_string(UI *ui, UI_STRING *uis);
-
-static int open_console(UI *ui);
-static int echo_console(UI *ui);
-static int noecho_console(UI *ui);
-static int close_console(UI *ui);
-
-static UI_METHOD ui_openssl =
-        {
-        "OpenSSL default user interface",
-        open_console,
-        write_string,
-        NULL,                   /* No flusher is needed for command lines */
-        read_string,
-        close_console,
-        NULL
-        };
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
-        {
-        return &ui_openssl;
-        }
-
-/* The following function makes sure that info and error strings are printed
-   before any prompt. */
-static int write_string(UI *ui, UI_STRING *uis)
-        {
-        switch (UI_get_string_type(uis))
-                {
-        case UIT_ERROR:
-        case UIT_INFO:
-                fputs(UI_get0_output_string(uis), tty_out);
-                fflush(tty_out);
-                break;
-        default:
-                break;
-                }
-        return 1;
-        }
-
-static int read_string(UI *ui, UI_STRING *uis)
-        {
-        int ok = 0;
-
-        switch (UI_get_string_type(uis))
-                {
-        case UIT_BOOLEAN:
-                fputs(UI_get0_output_string(uis), tty_out);
-                fputs(UI_get0_action_string(uis), tty_out);
-                fflush(tty_out);
-                return read_string_inner(ui, uis,
-                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
-        case UIT_PROMPT:
-                fputs(UI_get0_output_string(uis), tty_out);
-                fflush(tty_out);
-                return read_string_inner(ui, uis,
-                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
-        case UIT_VERIFY:
-                fprintf(tty_out,"Verifying - %s",
-                        UI_get0_output_string(uis));
-                fflush(tty_out);
-                if ((ok = read_string_inner(ui, uis,
-                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
-                        return ok;
-                if (strcmp(UI_get0_result_string(uis),
-                        UI_get0_test_string(uis)) != 0)
-                        {
-                        fprintf(tty_out,"Verify failure\n");
-                        fflush(tty_out);
-                        return 0;
-                        }
-                break;
-        default:
-                break;
-                }
-        return 1;
-        }
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to read a string without echoing */
-static void read_till_nl(FILE *in)
-        {
-#define SIZE 4
-        char buf[SIZE+1];
-
-        do      {
-                if (fgets(buf,sizeof(buf),in) == NULL)
-                        break;
-                } while (strchr(buf,'\n') == NULL);
-        }
-
-static volatile sig_atomic_t intr_signal;
-#endif
-
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
-        {
-        static int ps;
-        int ok;
-        char result[BUFSIZ];
-        int maxsize = BUFSIZ-1;
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-        char *p;
-
-        intr_signal=0;
-        ok=0;
-        ps=0;
-
-        pushsig();
-        ps=1;
-
-        if (!echo && !noecho_console(ui))
-                goto error;
-        ps=2;
-
-        result[0]='\0';
-#ifdef OPENSSL_SYS_MSDOS
-        if (!echo)
-                {
-                noecho_fgets(result,maxsize,tty_in);
-                p=result; /* FIXME: noecho_fgets doesn't return errors */
-                }
-        else
-                p=fgets(result,maxsize,tty_in);
-#else
-        p=fgets(result,maxsize,tty_in);
-#endif
-        if(!p)
-                goto error;
-        if (feof(tty_in)) goto error;
-        if (ferror(tty_in)) goto error;
-        if ((p=(char *)strchr(result,'\n')) != NULL)
-                {
-                if (strip_nl)
-                        *p='\0';
-                }
-        else
-                read_till_nl(tty_in);
-        if (UI_set_result(ui, uis, result) >= 0)
-                ok=1;
-
-error:
-        if (intr_signal == SIGINT)
-                ok=-1;
-        if (!echo) fprintf(tty_out,"\n");
-        if (ps >= 2 && !echo && !echo_console(ui))
-                ok=0;
-
-        if (ps >= 1)
-                popsig();
-#else
-        ok=1;
-#endif
-
-        OPENSSL_cleanse(result,BUFSIZ);
-        return ok;
-        }
-
-
-/* Internal functions to open, handle and close a channel to the console.  */
-static int open_console(UI *ui)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_UI);
-        is_a_tty = 1;
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS)
-        tty_in=stdin;
-        tty_out=stderr;
-#else
-#  ifdef OPENSSL_SYS_MSDOS
-#    define DEV_TTY "con"
-#  else
-#    define DEV_TTY "/dev/tty"
-#  endif
-        if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
-                tty_in=stdin;
-        if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
-                tty_out=stderr;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
-        if (TTY_get(fileno(tty_in),&tty_orig) == -1)
-                {
-#ifdef ENOTTY
-                if (errno == ENOTTY)
-                        is_a_tty=0;
-                else
-#endif
-#ifdef EINVAL
-                /* Ariel Glenn ariel@columbia.edu reports that solaris
-                 * can return EINVAL instead.  This should be ok */
-                if (errno == EINVAL)
-                        is_a_tty=0;
-                else
-#endif
-                        return 0;
-                }
-#endif
-#ifdef OPENSSL_SYS_VMS
-        status = sys$assign(&terminal,&channel,0,0);
-        if (status != SS$_NORMAL)
-                return 0;
-        status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
-        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-                return 0;
-#endif
-        return 1;
-        }
-
-static int noecho_console(UI *ui)
-        {
-#ifdef TTY_FLAGS
-        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-        tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-        if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
-                return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-        tty_new[0] = tty_orig[0];
-        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-        tty_new[2] = tty_orig[2];
-        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-                return 0;
-#endif
-        return 1;
-        }
-
-static int echo_console(UI *ui)
-        {
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-        tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-        if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
-                return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-        tty_new[0] = tty_orig[0];
-        tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
-        tty_new[2] = tty_orig[2];
-        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-                return 0;
-#endif
-        return 1;
-        }
-
-static int close_console(UI *ui)
-        {
-        if (tty_in != stdin) fclose(tty_in);
-        if (tty_out != stderr) fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
-        status = sys$dassgn(channel);
-#endif
-        CRYPTO_w_unlock(CRYPTO_LOCK_UI);
-
-        return 1;
-        }
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to handle signals and act on them */
-static void pushsig(void)
-        {
-        int i;
-#ifdef SIGACTION
-        struct sigaction sa;
-
-        memset(&sa,0,sizeof sa);
-        sa.sa_handler=recsig;
-#endif
-
-        for (i=1; i<NX509_SIG; i++)
-                {
-#ifdef SIGUSR1
-                if (i == SIGUSR1)
-                        continue;
-#endif
-#ifdef SIGUSR2
-                if (i == SIGUSR2)
-                        continue;
-#endif
-#ifdef SIGKILL
-                if (i == SIGKILL) /* We can't make any action on that. */
-                        continue;
-#endif
-#ifdef SIGACTION
-                sigaction(i,&sa,&savsig[i]);
-#else
-                savsig[i]=signal(i,recsig);
-#endif
-                }
-
-#ifdef SIGWINCH
-        signal(SIGWINCH,SIG_DFL);
-#endif
-        }
-
-static void popsig(void)
-        {
-        int i;
-
-        for (i=1; i<NX509_SIG; i++)
-                {
-#ifdef SIGUSR1
-                if (i == SIGUSR1)
-                        continue;
-#endif
-#ifdef SIGUSR2
-                if (i == SIGUSR2)
-                        continue;
-#endif
-#ifdef SIGACTION
-                sigaction(i,&savsig[i],NULL);
-#else
-                signal(i,savsig[i]);
-#endif
-                }
-        }
-
-static void recsig(int i)
-        {
-        intr_signal=i;
-        }
-#endif
-
-/* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int noecho_fgets(char *buf, int size, FILE *tty)
-        {
-        int i;
-        char *p;
-
-        p=buf;
-        for (;;)
-                {
-                if (size == 0)
-                        {
-                        *p='\0';
-                        break;
-                        }
-                size--;
-#ifdef WIN16TTY
-                i=_inchar();
-#else
-                i=getch();
-#endif
-                if (i == '\r') i='\n';
-                *(p++)=i;
-                if (i == '\n')
-                        {
-                        *p='\0';
-                        break;
-                        }
-                }
-#ifdef WIN_CONSOLE_BUG
-/* Win95 has several evil console bugs: one of these is that the
- * last character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
-                {
-                        HANDLE inh;
-                        inh = GetStdHandle(STD_INPUT_HANDLE);
-                        FlushConsoleInputBuffer(inh);
-                }
-#endif
-        return(strlen(buf));
-        }
-#endif
diff --git a/src/lib/libcrypto/ui/ui_util.c b/src/lib/libcrypto/ui/ui_util.c
deleted file mode 100644
index 46bc8c1a9a..0000000000
--- a/src/lib/libcrypto/ui/ui_util.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/ui.h>
-
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
-        {
-        char buff[BUFSIZ];
-        int ret;
-
-        ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-        OPENSSL_cleanse(buff,BUFSIZ);
-        return(ret);
-        }
-
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
-        {
-        int ok = 0;
-        UI *ui;
-
-        if (size < 1)
-                return -1;
-
-        ui = UI_new();
-        if (ui)
-                {
-                ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
-                if (ok >= 0 && verify)
-                        ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
-                                buf);
-                if (ok >= 0)
-                        ok=UI_process(ui);
-                UI_free(ui);
-                }
-        if (ok > 0)
-                ok = 0;
-        return(ok);
-        }
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
deleted file mode 100644
index 9678514604..0000000000
--- a/src/lib/libcrypto/util/mkerr.pl
+++ /dev/null
@@ -1,653 +0,0 @@
-#!/usr/local/bin/perl -w
-
-my $config = "crypto/err/openssl.ec";
-my $debug = 0;
-my $rebuild = 0;
-my $static = 1;
-my $recurse = 0;
-my $reindex = 0;
-my $dowrite = 0;
-my $staticloader = "";
-
-my $pack_errcode;
-my $load_errcode;
-
-while (@ARGV) {
-        my $arg = $ARGV[0];
-        if($arg eq "-conf") {
-                shift @ARGV;
-                $config = shift @ARGV;
-        } elsif($arg eq "-debug") {
-                $debug = 1;
-                shift @ARGV;
-        } elsif($arg eq "-rebuild") {
-                $rebuild = 1;
-                shift @ARGV;
-        } elsif($arg eq "-recurse") {
-                $recurse = 1;
-                shift @ARGV;
-        } elsif($arg eq "-reindex") {
-                $reindex = 1;
-                shift @ARGV;
-        } elsif($arg eq "-nostatic") {
-                $static = 0;
-                shift @ARGV;
-        } elsif($arg eq "-staticloader") {
-                $staticloader = "static ";
-                shift @ARGV;
-        } elsif($arg eq "-write") {
-                $dowrite = 1;
-                shift @ARGV;
-        } else {
-                last;
-        }
-}
-
-if($recurse) {
-        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
-                   <fips-1.0/*/*.c>);
-} else {
-        @source = @ARGV;
-}
-
-# Read in the config file
-
-open(IN, "<$config") || die "Can't open config file $config";
-
-# Parse config file
-
-while(<IN>)
-{
-        if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
-                $hinc{$1} = $2;
-                $libinc{$2} = $1;
-                $cskip{$3} = $1;
-                if($3 ne "NONE") {
-                        $csrc{$1} = $3;
-                        $fmax{$1} = 99;
-                        $rmax{$1} = 99;
-                        $fnew{$1} = 0;
-                        $rnew{$1} = 0;
-                }
-        } elsif (/^F\s+(\S+)/) {
-        # Add extra function with $1
-        } elsif (/^R\s+(\S+)\s+(\S+)/) {
-                $rextra{$1} = $2;
-                $rcodes{$1} = $2;
-        }
-}
-
-close IN;
-
-# Scan each header file in turn and make a list of error codes
-# and function names
-
-while (($hdr, $lib) = each %libinc)
-{
-        next if($hdr eq "NONE");
-        print STDERR "Scanning header file $hdr\n" if $debug; 
-        my $line = "", $def= "", $linenr = 0, $gotfile = 0;
-        if (open(IN, "<$hdr")) {
-            $gotfile = 1;
-            while(<IN>) {
-                $linenr++;
-                print STDERR "line: $linenr\r" if $debug;
-
-                last if(/BEGIN\s+ERROR\s+CODES/);
-                if ($line ne '') {
-                    $_ = $line . $_;
-                    $line = '';
-                }
-
-                if (/\\$/) {
-                    $line = $_;
-                    next;
-                }
-
-                $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
-                if ($cpp) {
-                    $cpp = 0 if /^#.*endif/;
-                    next;
-                }
-
-                next if (/^\#/);                      # skip preprocessor directives
-
-                s/\/\*.*?\*\///gs;                   # ignore comments
-                s/{[^{}]*}//gs;                      # ignore {} blocks
-
-                if (/\{|\/\*/) { # Add a } so editor works...
-                    $line = $_;
-                } else {
-                    $def .= $_;
-                }
-            }
-        }
-
-        print STDERR "                                  \r" if $debug;
-        $defnr = 0;
-        foreach (split /;/, $def) {
-            $defnr++;
-            print STDERR "def: $defnr\r" if $debug;
-
-            s/^[\n\s]*//g;
-            s/[\n\s]*$//g;
-            next if(/typedef\W/);
-            if (/\(\*(\w*)\([^\)]+/) {
-                my $name = $1;
-                $name =~ tr/[a-z]/[A-Z]/;
-                $ftrans{$name} = $1;
-            } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){
-                # K&R C
-                next ;
-            } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) {
-                while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) {
-                    s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
-                    s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
-                }
-                s/\(void\)//;
-                /(\w+(\{[0-9]+\})?)\W*\(\)/s;
-                my $name = $1;
-                $name =~ tr/[a-z]/[A-Z]/;
-                $ftrans{$name} = $1;
-            } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
-                print STDERR "Header $hdr: cannot parse: $_;\n";
-            }
-        }
-
-        print STDERR "                                  \r" if $debug;
-
-        next if $reindex;
-
-        # Scan function and reason codes and store them: keep a note of the
-        # maximum code used.
-
-        if ($gotfile) {
-            while(<IN>) {
-                if(/^\#define\s+(\S+)\s+(\S+)/) {
-                        $name = $1;
-                        $code = $2;
-                        next if $name =~ /^${lib}err/;
-                        unless($name =~ /^${lib}_([RF])_(\w+)$/) {
-                                print STDERR "Invalid error code $name\n";
-                                next;
-                        }
-                        if($1 eq "R") {
-                                $rcodes{$name} = $code;
-                                if(!(exists $rextra{$name}) &&
-                                         ($code > $rmax{$lib}) ) {
-                                        $rmax{$lib} = $code;
-                                }
-                        } else {
-                                if($code > $fmax{$lib}) {
-                                        $fmax{$lib} = $code;
-                                }
-                                $fcodes{$name} = $code;
-                        }
-                }
-            }
-        }
-        close IN;
-}
-
-# Scan each C source file and look for function and reason codes
-# This is done by looking for strings that "look like" function or
-# reason codes: basically anything consisting of all upper case and
-# numerics which has _F_ or _R_ in it and which has the name of an
-# error library at the start. This seems to work fine except for the
-# oddly named structure BIO_F_CTX which needs to be ignored.
-# If a code doesn't exist in list compiled from headers then mark it
-# with the value "X" as a place holder to give it a value later.
-# Store all function and reason codes found in %ufcodes and %urcodes
-# so all those unreferenced can be printed out.
-
-
-print STDERR "Files loaded: " if $debug;
-foreach $file (@source) {
-        # Don't parse the error source file.
-        next if exists $cskip{$file};
-        print STDERR $file if $debug;
-        open(IN, "<$file") || die "Can't open source file $file\n";
-        while(<IN>) {
-                if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
-                        next unless exists $csrc{$2};
-                        next if($1 eq "BIO_F_BUFFER_CTX");
-                        $ufcodes{$1} = 1;
-                        if(!exists $fcodes{$1}) {
-                                $fcodes{$1} = "X";
-                                $fnew{$2}++;
-                        }
-                        $notrans{$1} = 1 unless exists $ftrans{$3};
-                }
-                if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
-                        next unless exists $csrc{$2};
-                        $urcodes{$1} = 1;
-                        if(!exists $rcodes{$1}) {
-                                $rcodes{$1} = "X";
-                                $rnew{$2}++;
-                        }
-                } 
-        }
-        close IN;
-}
-print STDERR "\n" if $debug;
-
-# Now process each library in turn.
-
-foreach $lib (keys %csrc)
-{
-        my $hfile = $hinc{$lib};
-        my $cfile = $csrc{$lib};
-        if(!$fnew{$lib} && !$rnew{$lib}) {
-                print STDERR "$lib:\t\tNo new error codes\n";
-                next unless $rebuild;
-        } else {
-                print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
-                print STDERR " $rnew{$lib} New Reasons.\n";
-                next unless $dowrite;
-        }
-
-        # If we get here then we have some new error codes so we
-        # need to rebuild the header file and C file.
-
-        # Make a sorted list of error and reason codes for later use.
-
-        my @function = sort grep(/^${lib}_/,keys %fcodes);
-        my @reasons = sort grep(/^${lib}_/,keys %rcodes);
-
-        # Rewrite the header file
-
-        if (open(IN, "<$hfile")) {
-            # Copy across the old file
-            while(<IN>) {
-                push @out, $_;
-                last if (/BEGIN ERROR CODES/);
-            }
-            close IN;
-        } else {
-            push @out,
-"/* ====================================================================\n",
-" * Copyright (c) 2001-2005 The OpenSSL Project.  All rights reserved.\n",
-" *\n",
-" * Redistribution and use in source and binary forms, with or without\n",
-" * modification, are permitted provided that the following conditions\n",
-" * are met:\n",
-" *\n",
-" * 1. Redistributions of source code must retain the above copyright\n",
-" *    notice, this list of conditions and the following disclaimer. \n",
-" *\n",
-" * 2. Redistributions in binary form must reproduce the above copyright\n",
-" *    notice, this list of conditions and the following disclaimer in\n",
-" *    the documentation and/or other materials provided with the\n",
-" *    distribution.\n",
-" *\n",
-" * 3. All advertising materials mentioning features or use of this\n",
-" *    software must display the following acknowledgment:\n",
-" *    \"This product includes software developed by the OpenSSL Project\n",
-" *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
-" *\n",
-" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
-" *    endorse or promote products derived from this software without\n",
-" *    prior written permission. For written permission, please contact\n",
-" *    openssl-core\@openssl.org.\n",
-" *\n",
-" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
-" *    nor may \"OpenSSL\" appear in their names without prior written\n",
-" *    permission of the OpenSSL Project.\n",
-" *\n",
-" * 6. Redistributions of any form whatsoever must retain the following\n",
-" *    acknowledgment:\n",
-" *    \"This product includes software developed by the OpenSSL Project\n",
-" *    for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
-" *\n",
-" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
-" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
-" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
-" * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
-" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
-" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
-" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
-" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
-" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
-" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
-" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
-" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
-" * ====================================================================\n",
-" *\n",
-" * This product includes cryptographic software written by Eric Young\n",
-" * (eay\@cryptsoft.com).  This product includes software written by Tim\n",
-" * Hudson (tjh\@cryptsoft.com).\n",
-" *\n",
-" */\n",
-"\n",
-"#ifndef HEADER_${lib}_ERR_H\n",
-"#define HEADER_${lib}_ERR_H\n",
-"\n",
-"/* BEGIN ERROR CODES */\n";
-        }
-        open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
-
-        print OUT @out;
-        undef @out;
-        print OUT <<"EOF";
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-EOF
-        if($static) {
-                print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-
-EOF
-        } else {
-                print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-${staticloader}void ERR_unload_${lib}_strings(void);
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
-#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
-
-EOF
-        }
-        print OUT <<"EOF";
-/* Error codes for the $lib functions. */
-
-/* Function codes. */
-EOF
-
-        foreach $i (@function) {
-                $z=6-int(length($i)/8);
-                if($fcodes{$i} eq "X") {
-                        $fcodes{$i} = ++$fmax{$lib};
-                        print STDERR "New Function code $i\n" if $debug;
-                }
-                printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
-        }
-
-        print OUT "\n/* Reason codes. */\n";
-
-        foreach $i (@reasons) {
-                $z=6-int(length($i)/8);
-                if($rcodes{$i} eq "X") {
-                        $rcodes{$i} = ++$rmax{$lib};
-                        print STDERR "New Reason code   $i\n" if $debug;
-                }
-                printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
-        }
-        print OUT <<"EOF";
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-EOF
-        close OUT;
-
-        # Rewrite the C source file containing the error details.
-
-        # First, read any existing reason string definitions:
-        my %err_reason_strings;
-        if (open(IN,"<$cfile")) {
-                while (<IN>) {
-                        if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
-                                $err_reason_strings{$1} = $2;
-                        }
-                }
-                close(IN);
-        }
-
-        my $hincf;
-        if($static) {
-                $hfile =~ /([^\/]+)$/;
-                $hincf = "<openssl/$1>";
-        } else {
-                $hincf = "\"$hfile\"";
-        }
-
-        # If static we know the error code at compile time so use it
-        # in error definitions.
-
-        if ($static)
-                {
-                $pack_errcode = "ERR_LIB_${lib}";
-                $load_errcode = "0";
-                }
-        else
-                {
-                $pack_errcode = "0";
-                $load_errcode = "ERR_LIB_${lib}";
-                }
-
-
-        open (OUT,">$cfile") || die "Can't open $cfile for writing";
-
-        print OUT <<"EOF";
-/* $cfile */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core\@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay\@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh\@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include $hincf
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
-#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
-
-static ERR_STRING_DATA ${lib}_str_functs[]=
-        {
-EOF
-        # Add each function code: if a function name is found then use it.
-        foreach $i (@function) {
-                my $fn;
-                $i =~ /^${lib}_F_(\S+)$/;
-                $fn = $1;
-                if(exists $ftrans{$fn}) {
-                        $fn = $ftrans{$fn};
-                }
-#               print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
-                print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
-        }
-        print OUT <<"EOF";
-{0,NULL}
-        };
-
-static ERR_STRING_DATA ${lib}_str_reasons[]=
-        {
-EOF
-        # Add each reason code.
-        foreach $i (@reasons) {
-                my $rn;
-                my $rstr = "ERR_REASON($i)";
-                my $nspc = 0;
-                if (exists $err_reason_strings{$i}) {
-                        $rn = $err_reason_strings{$i};
-                } else {
-                        $i =~ /^${lib}_R_(\S+)$/;
-                        $rn = $1;
-                        $rn =~ tr/_[A-Z]/ [a-z]/;
-                }
-                $nspc = 40 - length($rstr) unless length($rstr) > 40;
-                $nspc = " " x $nspc;
-                print OUT "{${rstr}${nspc},\"$rn\"},\n";
-        }
-if($static) {
-        print OUT <<"EOF";
-{0,NULL}
-        };
-
-#endif
-
-${staticloader}void ERR_load_${lib}_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings($load_errcode,${lib}_str_functs);
-                ERR_load_strings($load_errcode,${lib}_str_reasons);
-#endif
-
-                }
-        }
-EOF
-} else {
-        print OUT <<"EOF";
-{0,NULL}
-        };
-
-#endif
-
-#ifdef ${lib}_LIB_NAME
-static ERR_STRING_DATA ${lib}_lib_name[]=
-        {
-{0      ,${lib}_LIB_NAME},
-{0,NULL}
-        };
-#endif
-
-
-static int ${lib}_lib_error_code=0;
-static int ${lib}_error_init=1;
-
-${staticloader}void ERR_load_${lib}_strings(void)
-        {
-        if (${lib}_lib_error_code == 0)
-                ${lib}_lib_error_code=ERR_get_next_error_library();
-
-        if (${lib}_error_init)
-                {
-                ${lib}_error_init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
-                ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
-                ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
-                ERR_load_strings(0,${lib}_lib_name);
-#endif
-                }
-        }
-
-${staticloader}void ERR_unload_${lib}_strings(void)
-        {
-        if (${lib}_error_init == 0)
-                {
-#ifndef OPENSSL_NO_ERR
-                ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
-                ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
-                ERR_unload_strings(0,${lib}_lib_name);
-#endif
-                ${lib}_error_init=1;
-                }
-        }
-
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
-        {
-        if (${lib}_lib_error_code == 0)
-                ${lib}_lib_error_code=ERR_get_next_error_library();
-        ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
-        }
-EOF
-
-}
-
-        close OUT;
-        undef %err_reason_strings;
-}
-
-if($debug && defined(%notrans)) {
-        print STDERR "The following function codes were not translated:\n";
-        foreach(sort keys %notrans)
-        {
-                print STDERR "$_\n";
-        }
-}
-
-# Make a list of unreferenced function and reason codes
-
-foreach (keys %fcodes) {
-        push (@funref, $_) unless exists $ufcodes{$_};
-}
-
-foreach (keys %rcodes) {
-        push (@runref, $_) unless exists $urcodes{$_};
-}
-
-if($debug && defined(@funref) ) {
-        print STDERR "The following function codes were not referenced:\n";
-        foreach(sort @funref)
-        {
-                print STDERR "$_\n";
-        }
-}
-
-if($debug && defined(@runref) ) {
-        print STDERR "The following reason codes were not referenced:\n";
-        foreach(sort @runref)
-        {
-                print STDERR "$_\n";
-        }
-}
diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl
deleted file mode 100644
index 0ca9eb6a76..0000000000
--- a/src/lib/libcrypto/util/mkstack.pl
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/usr/local/bin/perl -w
-
-# This is a utility that searches out "DECLARE_STACK_OF()"
-# declarations in .h and .c files, and updates/creates/replaces
-# the corresponding macro declarations in crypto/stack/safestack.h.
-# As it's not generally possible to have macros that generate macros,
-# we need to control this from the "outside", here in this script.
-#
-# Geoff Thorpe, June, 2000 (with massive Perl-hacking
-#                           help from Steve Robb)
-
-my $safestack = "crypto/stack/safestack";
-
-my $do_write;
-while (@ARGV) {
-        my $arg = $ARGV[0];
-        if($arg eq "-write") {
-                $do_write = 1;
-        }
-        shift @ARGV;
-}
-
-
-@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
-foreach $file (@source) {
-        next if -l $file;
-
-        # Open the .c/.h file for reading
-        open(IN, "< $file") || die "Can't open $file for reading: $!";
-
-        while(<IN>) {
-                if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
-                        push @stacklst, $1;
-                } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
-                        push @asn1setlst, $1;
-                } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
-                        push @p12stklst, $1;
-                }
-        }
-        close(IN);
-}
-
-
-
-my $old_stackfile = "";
-my $new_stackfile = "";
-my $inside_block = 0;
-my $type_thing;
-
-open(IN, "< $safestack.h") || die "Can't open input file: $!";
-while(<IN>) {
-        $old_stackfile .= $_;
-
-        if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) {
-                $inside_block = 1;
-        }
-        if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) {
-                $inside_block = 0;
-        } elsif ($inside_block == 0) {
-                $new_stackfile .= $_;
-        }
-        next if($inside_block != 1);
-        $new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */";
-                
-        foreach $type_thing (sort @stacklst) {
-                $new_stackfile .= <<EOF;
-
-#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
-#define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
-#define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
-#define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
-#define sk_${type_thing}_value(st, i) SKM_sk_value($type_thing, (st), (i))
-#define sk_${type_thing}_set(st, i, val) SKM_sk_set($type_thing, (st), (i), (val))
-#define sk_${type_thing}_zero(st) SKM_sk_zero($type_thing, (st))
-#define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
-#define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
-#define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
-#define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
-#define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
-#define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
-#define sk_${type_thing}_set_cmp_func(st, cmp) SKM_sk_set_cmp_func($type_thing, (st), (cmp))
-#define sk_${type_thing}_dup(st) SKM_sk_dup($type_thing, st)
-#define sk_${type_thing}_pop_free(st, free_func) SKM_sk_pop_free($type_thing, (st), (free_func))
-#define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st))
-#define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st))
-#define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st))
-#define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st))
-EOF
-        }
-        foreach $type_thing (sort @asn1setlst) {
-                $new_stackfile .= <<EOF;
-
-#define d2i_ASN1_SET_OF_${type_thing}(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \\
-        SKM_ASN1_SET_OF_d2i($type_thing, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_${type_thing}(st, pp, i2d_func, ex_tag, ex_class, is_set) \\
-        SKM_ASN1_SET_OF_i2d($type_thing, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_${type_thing}(st, i2d_func, buf, len) \\
-        SKM_ASN1_seq_pack($type_thing, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_${type_thing}(buf, len, d2i_func, free_func) \\
-        SKM_ASN1_seq_unpack($type_thing, (buf), (len), (d2i_func), (free_func))
-EOF
-        }
-        foreach $type_thing (sort @p12stklst) {
-                $new_stackfile .= <<EOF;
-
-#define PKCS12_decrypt_d2i_${type_thing}(algor, d2i_func, free_func, pass, passlen, oct, seq) \\
-        SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-EOF
-        }
-        $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
-        $inside_block = 2;
-}
-
-
-if ($new_stackfile eq $old_stackfile) {
-        print "No changes to $safestack.h.\n";
-        exit 0; # avoid unnecessary rebuild
-}
-
-if ($do_write) {
-        print "Writing new $safestack.h.\n";
-        open OUT, ">$safestack.h" || die "Can't open output file";
-        print OUT $new_stackfile;
-        close OUT;
-}
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index ea689aed1a..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,380 +0,0 @@
-/* crypto/x509/by_dir.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef MAC_OS_pre_X
-# include <stat.h>
-#else
-# include <sys/stat.h>
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-
-typedef struct lookup_dir_st
-        {
-        BUF_MEM *buffer;
-        int num_dirs;
-        char **dirs;
-        int *dirs_type;
-        int num_dirs_alloced;
-        } BY_DIR;
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-        char **ret);
-static int new_dir(X509_LOOKUP *lu);
-static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
-        X509_OBJECT *ret);
-X509_LOOKUP_METHOD x509_dir_lookup=
-        {
-        "Load certs from files in a directory",
-        new_dir,                /* new */
-        free_dir,               /* free */
-        NULL,                   /* init */
-        NULL,                   /* shutdown */
-        dir_ctrl,               /* ctrl */
-        get_cert_by_subject,    /* get_by_subject */
-        NULL,                   /* get_by_issuer_serial */
-        NULL,                   /* get_by_fingerprint */
-        NULL,                   /* get_by_alias */
-        };
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
-        {
-        return(&x509_dir_lookup);
-        }
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-             char **retp)
-        {
-        int ret=0;
-        BY_DIR *ld;
-        char *dir = NULL;
-
-        ld=(BY_DIR *)ctx->method_data;
-
-        switch (cmd)
-                {
-        case X509_L_ADD_DIR:
-                if (argl == X509_FILETYPE_DEFAULT)
-                        {
-                        dir=(char *)Getenv(X509_get_default_cert_dir_env());
-                        if (dir)
-                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
-                        else
-                                ret=add_cert_dir(ld,X509_get_default_cert_dir(),
-                                        X509_FILETYPE_PEM);
-                        if (!ret)
-                                {
-                                X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
-                                }
-                        }
-                else
-                        ret=add_cert_dir(ld,argp,(int)argl);
-                break;
-                }
-        return(ret);
-        }
-
-static int new_dir(X509_LOOKUP *lu)
-        {
-        BY_DIR *a;
-
-        if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
-                return(0);
-        if ((a->buffer=BUF_MEM_new()) == NULL)
-                {
-                OPENSSL_free(a);
-                return(0);
-                }
-        a->num_dirs=0;
-        a->dirs=NULL;
-        a->dirs_type=NULL;
-        a->num_dirs_alloced=0;
-        lu->method_data=(char *)a;
-        return(1);
-        }
-
-static void free_dir(X509_LOOKUP *lu)
-        {
-        BY_DIR *a;
-        int i;
-
-        a=(BY_DIR *)lu->method_data;
-        for (i=0; i<a->num_dirs; i++)
-                if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
-        if (a->dirs != NULL) OPENSSL_free(a->dirs);
-        if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
-        if (a->buffer != NULL) BUF_MEM_free(a->buffer);
-        OPENSSL_free(a);
-        }
-
-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
-        {
-        int j,len;
-        int *ip;
-        const char *s,*ss,*p;
-        char **pp;
-
-        if (dir == NULL || !*dir)
-            {
-            X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
-            return 0;
-            }
-
-        s=dir;
-        p=s;
-        for (;;)
-                {
-                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
-                        {
-                        ss=s;
-                        s=p+1;
-                        len=(int)(p-ss);
-                        if (len == 0) continue;
-                        for (j=0; j<ctx->num_dirs; j++)
-                                if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
-                                        continue;
-                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
-                                {
-                                ctx->num_dirs_alloced+=10;
-                                pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
-                                        sizeof(char *));
-                                ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
-                                        sizeof(int));
-                                if ((pp == NULL) || (ip == NULL))
-                                        {
-                                        X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
-                                        return(0);
-                                        }
-                                memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
-                                        sizeof(char *));
-                                memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
-                                        sizeof(int));
-                                if (ctx->dirs != NULL)
-                                        OPENSSL_free(ctx->dirs);
-                                if (ctx->dirs_type != NULL)
-                                        OPENSSL_free(ctx->dirs_type);
-                                ctx->dirs=pp;
-                                ctx->dirs_type=ip;
-                                }
-                        ctx->dirs_type[ctx->num_dirs]=type;
-                        ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
-                        if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
-                        strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
-                        ctx->dirs[ctx->num_dirs][len]='\0';
-                        ctx->num_dirs++;
-                        }
-                if (*p == '\0') break;
-                p++;
-                }
-        return(1);
-        }
-
-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-             X509_OBJECT *ret)
-        {
-        BY_DIR *ctx;
-        union   {
-                struct  {
-                        X509 st_x509;
-                        X509_CINF st_x509_cinf;
-                        } x509;
-                struct  {
-                        X509_CRL st_crl;
-                        X509_CRL_INFO st_crl_info;
-                        } crl;
-                } data;
-        int ok=0;
-        int i,j,k;
-        unsigned long h;
-        BUF_MEM *b=NULL;
-        struct stat st;
-        X509_OBJECT stmp,*tmp;
-        const char *postfix="";
-
-        if (name == NULL) return(0);
-
-        stmp.type=type;
-        if (type == X509_LU_X509)
-                {
-                data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
-                data.x509.st_x509_cinf.subject=name;
-                stmp.data.x509= &data.x509.st_x509;
-                postfix="";
-                }
-        else if (type == X509_LU_CRL)
-                {
-                data.crl.st_crl.crl= &data.crl.st_crl_info;
-                data.crl.st_crl_info.issuer=name;
-                stmp.data.crl= &data.crl.st_crl;
-                postfix="r";
-                }
-        else
-                {
-                X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
-                goto finish;
-                }
-
-        if ((b=BUF_MEM_new()) == NULL)
-                {
-                X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
-                goto finish;
-                }
-        
-        ctx=(BY_DIR *)xl->method_data;
-
-        h=X509_NAME_hash(name);
-        for (i=0; i<ctx->num_dirs; i++)
-                {
-                j=strlen(ctx->dirs[i])+1+8+6+1+1;
-                if (!BUF_MEM_grow(b,j))
-                        {
-                        X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
-                        goto finish;
-                        }
-                k=0;
-                for (;;)
-                        {
-                        char c = '/';
-#ifdef OPENSSL_SYS_VMS
-                        c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
-                        if (c != ':' && c != '>' && c != ']')
-                                {
-                                /* If no separator is present, we assume the
-                                   directory specifier is a logical name, and
-                                   add a colon.  We really should use better
-                                   VMS routines for merging things like this,
-                                   but this will do for now...
-                                   -- Richard Levitte */
-                                c = ':';
-                                }
-                        else
-                                {
-                                c = '\0';
-                                }
-#endif
-                        if (c == '\0')
-                                {
-                                /* This is special.  When c == '\0', no
-                                   directory separator should be added. */
-                                BIO_snprintf(b->data,b->max,
-                                        "%s%08lx.%s%d",ctx->dirs[i],h,
-                                        postfix,k);
-                                }
-                        else
-                                {
-                                BIO_snprintf(b->data,b->max,
-                                        "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
-                                        postfix,k);
-                                }
-                        k++;
-                        if (stat(b->data,&st) < 0)
-                                break;
-                        /* found one. */
-                        if (type == X509_LU_X509)
-                                {
-                                if ((X509_load_cert_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
-                                        break;
-                                }
-                        else if (type == X509_LU_CRL)
-                                {
-                                if ((X509_load_crl_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
-                                        break;
-                                }
-                        /* else case will caught higher up */
-                        }
-
-                /* we have added it to the cache so now pull
-                 * it out again */
-                CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-                j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
-                if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
-                else tmp = NULL;
-                CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
-
-                if (tmp != NULL)
-                        {
-                        ok=1;
-                        ret->type=tmp->type;
-                        memcpy(&ret->data,&tmp->data,sizeof(ret->data));
-                        /* If we were going to up the reference count,
-                         * we would need to do it on a perl 'type'
-                         * basis */
-        /*              CRYPTO_add(&tmp->data.x509->references,1,
-                                CRYPTO_LOCK_X509);*/
-                        goto finish;
-                        }
-                }
-finish:
-        if (b != NULL) BUF_MEM_free(b);
-        return(ok);
-        }
-
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index a5e0d4aefa..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/* crypto/x509/by_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_STDIO
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-        long argl, char **ret);
-X509_LOOKUP_METHOD x509_file_lookup=
-        {
-        "Load file into cache",
-        NULL,           /* new */
-        NULL,           /* free */
-        NULL,           /* init */
-        NULL,           /* shutdown */
-        by_file_ctrl,   /* ctrl */
-        NULL,           /* get_by_subject */
-        NULL,           /* get_by_issuer_serial */
-        NULL,           /* get_by_fingerprint */
-        NULL,           /* get_by_alias */
-        };
-
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
-        {
-        return(&x509_file_lookup);
-        }
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-             char **ret)
-        {
-        int ok=0;
-        char *file;
-
-        switch (cmd)
-                {
-        case X509_L_FILE_LOAD:
-                if (argl == X509_FILETYPE_DEFAULT)
-                        {
-                        file = (char *)Getenv(X509_get_default_cert_file_env());
-                        if (file)
-                                ok = (X509_load_cert_crl_file(ctx,file,
-                                              X509_FILETYPE_PEM) != 0);
-
-                        else
-                                ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-                                              X509_FILETYPE_PEM) != 0);
-
-                        if (!ok)
-                                {
-                                X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
-                                }
-                        }
-                else
-                        {
-                        if(argl == X509_FILETYPE_PEM)
-                                ok = (X509_load_cert_crl_file(ctx,argp,
-                                        X509_FILETYPE_PEM) != 0);
-                        else
-                                ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
-                        }
-                break;
-                }
-        return(ok);
-        }
-
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
-        {
-        int ret=0;
-        BIO *in=NULL;
-        int i,count=0;
-        X509 *x=NULL;
-
-        if (file == NULL) return(1);
-        in=BIO_new(BIO_s_file_internal());
-
-        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-                {
-                X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
-                goto err;
-                }
-
-        if (type == X509_FILETYPE_PEM)
-                {
-                for (;;)
-                        {
-                        x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
-                        if (x == NULL)
-                                {
-                                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-                                        PEM_R_NO_START_LINE) && (count > 0))
-                                        {
-                                        ERR_clear_error();
-                                        break;
-                                        }
-                                else
-                                        {
-                                        X509err(X509_F_X509_LOAD_CERT_FILE,
-                                                ERR_R_PEM_LIB);
-                                        goto err;
-                                        }
-                                }
-                        i=X509_STORE_add_cert(ctx->store_ctx,x);
-                        if (!i) goto err;
-                        count++;
-                        X509_free(x);
-                        x=NULL;
-                        }
-                ret=count;
-                }
-        else if (type == X509_FILETYPE_ASN1)
-                {
-                x=d2i_X509_bio(in,NULL);
-                if (x == NULL)
-                        {
-                        X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                i=X509_STORE_add_cert(ctx->store_ctx,x);
-                if (!i) goto err;
-                ret=i;
-                }
-        else
-                {
-                X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
-                goto err;
-                }
-err:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-        {
-        int ret=0;
-        BIO *in=NULL;
-        int i,count=0;
-        X509_CRL *x=NULL;
-
-        if (file == NULL) return(1);
-        in=BIO_new(BIO_s_file_internal());
-
-        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-                {
-                X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
-                goto err;
-                }
-
-        if (type == X509_FILETYPE_PEM)
-                {
-                for (;;)
-                        {
-                        x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-                        if (x == NULL)
-                                {
-                                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-                                        PEM_R_NO_START_LINE) && (count > 0))
-                                        {
-                                        ERR_clear_error();
-                                        break;
-                                        }
-                                else
-                                        {
-                                        X509err(X509_F_X509_LOAD_CRL_FILE,
-                                                ERR_R_PEM_LIB);
-                                        goto err;
-                                        }
-                                }
-                        i=X509_STORE_add_crl(ctx->store_ctx,x);
-                        if (!i) goto err;
-                        count++;
-                        X509_CRL_free(x);
-                        x=NULL;
-                        }
-                ret=count;
-                }
-        else if (type == X509_FILETYPE_ASN1)
-                {
-                x=d2i_X509_CRL_bio(in,NULL);
-                if (x == NULL)
-                        {
-                        X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                i=X509_STORE_add_crl(ctx->store_ctx,x);
-                if (!i) goto err;
-                ret=i;
-                }
-        else
-                {
-                X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
-                goto err;
-                }
-err:
-        if (x != NULL) X509_CRL_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-{
-        STACK_OF(X509_INFO) *inf;
-        X509_INFO *itmp;
-        BIO *in;
-        int i, count = 0;
-        if(type != X509_FILETYPE_PEM)
-                return X509_load_cert_file(ctx, file, type);
-        in = BIO_new_file(file, "r");
-        if(!in) {
-                X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
-                return 0;
-        }
-        inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-        BIO_free(in);
-        if(!inf) {
-                X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
-                return 0;
-        }
-        for(i = 0; i < sk_X509_INFO_num(inf); i++) {
-                itmp = sk_X509_INFO_value(inf, i);
-                if(itmp->x509) {
-                        X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
-                        count++;
-                }
-                if(itmp->crl) {
-                        X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
-                        count++;
-                }
-        }
-        sk_X509_INFO_pop_free(inf, X509_INFO_free);
-        return count;
-}
-
-
-#endif /* OPENSSL_NO_STDIO */
-
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index e8c1a59cf2..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1259 +0,0 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-#define HEADER_X509_H
-
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_BUFFER
-#include <openssl/buffer.h>
-#endif
-#ifndef OPENSSL_NO_EVP
-#include <openssl/evp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/asn1.h>
-#include <openssl/safestack.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#include <openssl/e_os2.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#undef X509_NAME
-#endif
-
-#define X509_FILETYPE_PEM       1
-#define X509_FILETYPE_ASN1      2
-#define X509_FILETYPE_DEFAULT   3
-
-#define X509v3_KU_DIGITAL_SIGNATURE     0x0080
-#define X509v3_KU_NON_REPUDIATION       0x0040
-#define X509v3_KU_KEY_ENCIPHERMENT      0x0020
-#define X509v3_KU_DATA_ENCIPHERMENT     0x0010
-#define X509v3_KU_KEY_AGREEMENT         0x0008
-#define X509v3_KU_KEY_CERT_SIGN         0x0004
-#define X509v3_KU_CRL_SIGN              0x0002
-#define X509v3_KU_ENCIPHER_ONLY         0x0001
-#define X509v3_KU_DECIPHER_ONLY         0x8000
-#define X509v3_KU_UNDEF                 0xffff
-
-typedef struct X509_objects_st
-        {
-        int nid;
-        int (*a2i)();
-        int (*i2a)();
-        } X509_OBJECTS;
-
-struct X509_algor_st
-        {
-        ASN1_OBJECT *algorithm;
-        ASN1_TYPE *parameter;
-        } /* X509_ALGOR */;
-
-DECLARE_STACK_OF(X509_ALGOR)
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
-typedef struct X509_val_st
-        {
-        ASN1_TIME *notBefore;
-        ASN1_TIME *notAfter;
-        } X509_VAL;
-
-typedef struct X509_pubkey_st
-        {
-        X509_ALGOR *algor;
-        ASN1_BIT_STRING *public_key;
-        EVP_PKEY *pkey;
-        } X509_PUBKEY;
-
-typedef struct X509_sig_st
-        {
-        X509_ALGOR *algor;
-        ASN1_OCTET_STRING *digest;
-        } X509_SIG;
-
-typedef struct X509_name_entry_st
-        {
-        ASN1_OBJECT *object;
-        ASN1_STRING *value;
-        int set;
-        int size;       /* temp variable */
-        } X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st
-        {
-        STACK_OF(X509_NAME_ENTRY) *entries;
-        int modified;   /* true if 'bytes' needs to be built */
-#ifndef OPENSSL_NO_BUFFER
-        BUF_MEM *bytes;
-#else
-        char *bytes;
-#endif
-        unsigned long hash; /* Keep the hash around for lookups */
-        } /* X509_NAME */;
-
-DECLARE_STACK_OF(X509_NAME)
-
-#define X509_EX_V_NETSCAPE_HACK         0x8000
-#define X509_EX_V_INIT                  0x0001
-typedef struct X509_extension_st
-        {
-        ASN1_OBJECT *object;
-        ASN1_BOOLEAN critical;
-        ASN1_OCTET_STRING *value;
-        } X509_EXTENSION;
-
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st
-        {
-        ASN1_OBJECT *object;
-        int single; /* 0 for a set, 1 for a single item (which is wrong) */
-        union   {
-                char            *ptr;
-/* 0 */         STACK_OF(ASN1_TYPE) *set;
-/* 1 */         ASN1_TYPE       *single;
-                } value;
-        } X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-
-typedef struct X509_req_info_st
-        {
-        ASN1_ENCODING enc;
-        ASN1_INTEGER *version;
-        X509_NAME *subject;
-        X509_PUBKEY *pubkey;
-        /*  d=2 hl=2 l=  0 cons: cont: 00 */
-        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-        } X509_REQ_INFO;
-
-typedef struct X509_req_st
-        {
-        X509_REQ_INFO *req_info;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int references;
-        } X509_REQ;
-
-typedef struct x509_cinf_st
-        {
-        ASN1_INTEGER *version;          /* [ 0 ] default of v1 */
-        ASN1_INTEGER *serialNumber;
-        X509_ALGOR *signature;
-        X509_NAME *issuer;
-        X509_VAL *validity;
-        X509_NAME *subject;
-        X509_PUBKEY *key;
-        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
-        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
-        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
-        } X509_CINF;
-
-/* This stuff is certificate "auxiliary info"
- * it contains details which are useful in certificate
- * stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st
-        {
-        STACK_OF(ASN1_OBJECT) *trust;           /* trusted uses */
-        STACK_OF(ASN1_OBJECT) *reject;          /* rejected uses */
-        ASN1_UTF8STRING *alias;                 /* "friendly name" */
-        ASN1_OCTET_STRING *keyid;               /* key id of private key */
-        STACK_OF(X509_ALGOR) *other;            /* other unspecified info */
-        } X509_CERT_AUX;
-
-struct x509_st
-        {
-        X509_CINF *cert_info;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int valid;
-        int references;
-        char *name;
-        CRYPTO_EX_DATA ex_data;
-        /* These contain copies of various extension values */
-        long ex_pathlen;
-        unsigned long ex_flags;
-        unsigned long ex_kusage;
-        unsigned long ex_xkusage;
-        unsigned long ex_nscert;
-        ASN1_OCTET_STRING *skid;
-        struct AUTHORITY_KEYID_st *akid;
-#ifndef OPENSSL_NO_SHA
-        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
-        X509_CERT_AUX *aux;
-        } /* X509 */;
-
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
-
-/* This is used for a table of trust checking functions */
-
-typedef struct x509_trust_st {
-        int trust;
-        int flags;
-        int (*check_trust)(struct x509_trust_st *, X509 *, int);
-        char *name;
-        int arg1;
-        void *arg2;
-} X509_TRUST;
-
-DECLARE_STACK_OF(X509_TRUST)
-
-/* standard trust ids */
-
-#define X509_TRUST_DEFAULT      -1      /* Only valid in purpose settings */
-
-#define X509_TRUST_COMPAT       1
-#define X509_TRUST_SSL_CLIENT   2
-#define X509_TRUST_SSL_SERVER   3
-#define X509_TRUST_EMAIL        4
-#define X509_TRUST_OBJECT_SIGN  5
-#define X509_TRUST_OCSP_SIGN    6
-#define X509_TRUST_OCSP_REQUEST 7
-
-/* Keep these up to date! */
-#define X509_TRUST_MIN          1
-#define X509_TRUST_MAX          7
-
-
-/* trust_flags values */
-#define X509_TRUST_DYNAMIC      1
-#define X509_TRUST_DYNAMIC_NAME 2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED      1
-#define X509_TRUST_REJECTED     2
-#define X509_TRUST_UNTRUSTED    3
-
-/* Flags for X509_print_ex() */
-
-#define X509_FLAG_COMPAT                0
-#define X509_FLAG_NO_HEADER             1L
-#define X509_FLAG_NO_VERSION            (1L << 1)
-#define X509_FLAG_NO_SERIAL             (1L << 2)
-#define X509_FLAG_NO_SIGNAME            (1L << 3)
-#define X509_FLAG_NO_ISSUER             (1L << 4)
-#define X509_FLAG_NO_VALIDITY           (1L << 5)
-#define X509_FLAG_NO_SUBJECT            (1L << 6)
-#define X509_FLAG_NO_PUBKEY             (1L << 7)
-#define X509_FLAG_NO_EXTENSIONS         (1L << 8)
-#define X509_FLAG_NO_SIGDUMP            (1L << 9)
-#define X509_FLAG_NO_AUX                (1L << 10)
-#define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
-
-/* Flags specific to X509_NAME_print_ex() */    
-
-/* The field separator information */
-
-#define XN_FLAG_SEP_MASK        (0xf << 16)
-
-#define XN_FLAG_COMPAT          0               /* Traditional SSLeay: use old X509_NAME_print */
-#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)       /* RFC2253 ,+ */
-#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)       /* ,+ spaced: more readable */
-#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)       /* ;+ spaced */
-#define XN_FLAG_SEP_MULTILINE   (4 << 16)       /* One line per field */
-
-#define XN_FLAG_DN_REV          (1 << 20)       /* Reverse DN order */
-
-/* How the field name is shown */
-
-#define XN_FLAG_FN_MASK         (0x3 << 21)
-
-#define XN_FLAG_FN_SN           0               /* Object short name */
-#define XN_FLAG_FN_LN           (1 << 21)       /* Object long name */
-#define XN_FLAG_FN_OID          (2 << 21)       /* Always use OIDs */
-#define XN_FLAG_FN_NONE         (3 << 21)       /* No field names */
-
-#define XN_FLAG_SPC_EQ          (1 << 23)       /* Put spaces round '=' */
-
-/* This determines if we dump fields we don't recognise:
- * RFC2253 requires this.
- */
-
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-
-#define XN_FLAG_FN_ALIGN        (1 << 25)       /* Align field names to 20 characters */
-
-/* Complete set of RFC2253 flags */
-
-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
-                        XN_FLAG_SEP_COMMA_PLUS | \
-                        XN_FLAG_DN_REV | \
-                        XN_FLAG_FN_SN | \
-                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
-                        ASN1_STRFLGS_ESC_QUOTE | \
-                        XN_FLAG_SEP_CPLUS_SPC | \
-                        XN_FLAG_SPC_EQ | \
-                        XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
-                        ASN1_STRFLGS_ESC_MSB | \
-                        XN_FLAG_SEP_MULTILINE | \
-                        XN_FLAG_SPC_EQ | \
-                        XN_FLAG_FN_LN | \
-                        XN_FLAG_FN_ALIGN)
-
-typedef struct X509_revoked_st
-        {
-        ASN1_INTEGER *serialNumber;
-        ASN1_TIME *revocationDate;
-        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-        int sequence; /* load sequence */
-        } X509_REVOKED;
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st
-        {
-        ASN1_INTEGER *version;
-        X509_ALGOR *sig_alg;
-        X509_NAME *issuer;
-        ASN1_TIME *lastUpdate;
-        ASN1_TIME *nextUpdate;
-        STACK_OF(X509_REVOKED) *revoked;
-        STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-        ASN1_ENCODING enc;
-        } X509_CRL_INFO;
-
-struct X509_crl_st
-        {
-        /* actual signature */
-        X509_CRL_INFO *crl;
-        X509_ALGOR *sig_alg;
-        ASN1_BIT_STRING *signature;
-        int references;
-        } /* X509_CRL */;
-
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
-
-typedef struct private_key_st
-        {
-        int version;
-        /* The PKCS#8 data types */
-        X509_ALGOR *enc_algor;
-        ASN1_OCTET_STRING *enc_pkey;    /* encrypted pub key */
-
-        /* When decrypted, the following will not be NULL */
-        EVP_PKEY *dec_pkey;
-
-        /* used to encrypt and decrypt */
-        int key_length;
-        char *key_data;
-        int key_free;   /* true if we should auto free key_data */
-
-        /* expanded version of 'enc_algor' */
-        EVP_CIPHER_INFO cipher;
-
-        int references;
-        } X509_PKEY;
-
-#ifndef OPENSSL_NO_EVP
-typedef struct X509_info_st
-        {
-        X509 *x509;
-        X509_CRL *crl;
-        X509_PKEY *x_pkey;
-
-        EVP_CIPHER_INFO enc_cipher;
-        int enc_len;
-        char *enc_data;
-
-        int references;
-        } X509_INFO;
-
-DECLARE_STACK_OF(X509_INFO)
-#endif
-
-/* The next 2 structures and their 8 routines were sent to me by
- * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki structures - useful if you are writing a CA web page
- */
-typedef struct Netscape_spkac_st
-        {
-        X509_PUBKEY *pubkey;
-        ASN1_IA5STRING *challenge;      /* challenge sent in atlas >= PR2 */
-        } NETSCAPE_SPKAC;
-
-typedef struct Netscape_spki_st
-        {
-        NETSCAPE_SPKAC *spkac;  /* signed public key and challenge */
-        X509_ALGOR *sig_algor;
-        ASN1_BIT_STRING *signature;
-        } NETSCAPE_SPKI;
-
-/* Netscape certificate sequence structure */
-typedef struct Netscape_certificate_sequence
-        {
-        ASN1_OBJECT *type;
-        STACK_OF(X509) *certs;
-        } NETSCAPE_CERT_SEQUENCE;
-
-/* Unused (and iv length is wrong)
-typedef struct CBCParameter_st
-        {
-        unsigned char iv[8];
-        } CBC_PARAM;
-*/
-
-/* Password based encryption structure */
-
-typedef struct PBEPARAM_st {
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;
-} PBEPARAM;
-
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-X509_ALGOR *keyfunc;
-X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt;        /* Usually OCTET STRING but could be anything */
-ASN1_INTEGER *iter;
-ASN1_INTEGER *keylength;
-X509_ALGOR *prf;
-} PBKDF2PARAM;
-
-
-/* PKCS#8 private key info structure */
-
-typedef struct pkcs8_priv_key_info_st
-        {
-        int broken;     /* Flag for various broken formats */
-#define PKCS8_OK                0
-#define PKCS8_NO_OCTET          1
-#define PKCS8_EMBEDDED_PARAM    2
-#define PKCS8_NS_DB             3
-        ASN1_INTEGER *version;
-        X509_ALGOR *pkeyalg;
-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
-        STACK_OF(X509_ATTRIBUTE) *attributes;
-        } PKCS8_PRIV_KEY_INFO;
-
-#ifdef  __cplusplus
-}
-#endif
-
-#include <openssl/x509_vfy.h>
-#include <openssl/pkcs7.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef SSLEAY_MACROS
-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
-        a->signature,(char *)a->cert_info,r)
-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
-        a->sig_alg,a->signature,(char *)a->req_info,r)
-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
-        a->sig_alg, a->signature,(char *)a->crl,r)
-
-#define X509_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
-                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
-#define X509_REQ_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
-                x->signature, (char *)x->req_info,pkey,md)
-#define X509_CRL_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
-                x->signature, (char *)x->crl,pkey,md)
-#define NETSCAPE_SPKI_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
-                x->signature, (char *)x->spkac,pkey,md)
-
-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
-                (char *(*)())d2i_X509,(char *)x509)
-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
-                (int (*)())i2d_X509_ATTRIBUTE, \
-                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
-                (int (*)())i2d_X509_EXTENSION, \
-                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
-
-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
-                (char *(*)())d2i_X509_CRL,(char *)crl)
-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
-                (unsigned char *)crl)
-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
-                (unsigned char *)crl)
-
-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
-                (char *(*)())d2i_PKCS7,(char *)p7)
-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
-                (unsigned char *)p7)
-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
-                (unsigned char *)p7)
-
-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
-                (char *(*)())d2i_X509_REQ,(char *)req)
-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
-                (unsigned char *)req)
-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
-                (unsigned char *)req)
-
-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
-                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
-                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
-
-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
-                (unsigned char *)rsa)
-
-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
-                (unsigned char *)rsa)
-
-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
-                (unsigned char *)dsa)
-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
-                (unsigned char *)dsa)
-
-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
-                (char *(*)())d2i_X509_ALGOR,(char *)xn)
-
-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
-                (char *(*)())d2i_X509_NAME,(char *)xn)
-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
-                (int (*)())i2d_X509_NAME_ENTRY, \
-                (char *(*)())d2i_X509_NAME_ENTRY,\
-                (char *)ne)
-
-#define X509_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
-#define X509_NAME_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                (char *)data,md,len)
-#endif
-#endif
-
-#define X509_EXT_PACK_UNKNOWN   1
-#define X509_EXT_PACK_STRING    2
-
-#define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-#define         X509_extract_key(x)     X509_get_pubkey(x) /*****/
-#define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-#define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
-#define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
-#define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-#define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-#define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-/* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
-#define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
-
-const char *X509_verify_cert_error_string(long n);
-
-#ifndef SSLEAY_MACROS
-#ifndef OPENSSL_NO_EVP
-int X509_verify(X509 *a, EVP_PKEY *r);
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-
-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-int X509_digest(const X509 *data,const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-#endif
-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-                                                PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-X509 *d2i_X509_bio(BIO *bp,X509 **x509);
-int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-#endif
-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-                                                PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-#endif
-
-X509 *X509_dup(X509 *x509);
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
-X509_CRL *X509_CRL_dup(X509_CRL *crl);
-X509_REQ *X509_REQ_dup(X509_REQ *req);
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-X509_NAME *X509_NAME_dup(X509_NAME *xn);
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-
-#endif /* !SSLEAY_MACROS */
-
-int             X509_cmp_time(ASN1_TIME *s, time_t *t);
-int             X509_cmp_current_time(ASN1_TIME *s);
-ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
-
-const char *    X509_get_default_cert_area(void );
-const char *    X509_get_default_cert_dir(void );
-const char *    X509_get_default_cert_file(void );
-const char *    X509_get_default_cert_dir_env(void );
-const char *    X509_get_default_cert_file_env(void );
-const char *    X509_get_default_private_dir(void );
-
-X509_REQ *      X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-X509 *          X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_FUNCTIONS(X509_VAL)
-
-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int             X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY *      X509_PUBKEY_get(X509_PUBKEY *key);
-int             X509_get_pubkey_parameters(EVP_PKEY *pkey,
-                                           STACK_OF(X509) *chain);
-int             i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
-EVP_PKEY *      d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
-                        long length);
-#ifndef OPENSSL_NO_RSA
-int             i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
-RSA *           d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
-                        long length);
-#endif
-#ifndef OPENSSL_NO_DSA
-int             i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
-DSA *           d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
-                        long length);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(X509_SIG)
-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_REQ)
-
-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
-
-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME)
-
-int             X509_NAME_set(X509_NAME **xn, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(X509_CINF)
-
-DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_set_ex_data(X509 *r, int idx, void *arg);
-void *X509_get_ex_data(X509 *r, int idx);
-int             i2d_X509_AUX(X509 *a,unsigned char **pp);
-X509 *          d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char * X509_alias_get0(X509 *x, int *len);
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
-int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-void X509_trust_clear(X509 *x);
-void X509_reject_clear(X509 *x);
-
-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_CRL)
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-
-X509_PKEY *     X509_PKEY_new(void );
-void            X509_PKEY_free(X509_PKEY *a);
-int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
-X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-
-#ifndef OPENSSL_NO_EVP
-X509_INFO *     X509_INFO_new(void);
-void            X509_INFO_free(X509_INFO *a);
-char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-
-int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
-        ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
-
-int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
-        unsigned char *md,unsigned int *len);
-
-int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-        ASN1_BIT_STRING *signature,
-        char *data,EVP_PKEY *pkey, const EVP_MD *type);
-
-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
-        unsigned char *md,unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
-        ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-        ASN1_BIT_STRING *signature,
-        void *data, EVP_PKEY *pkey, const EVP_MD *type);
-#endif
-
-int             X509_set_version(X509 *x,long version);
-int             X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER *  X509_get_serialNumber(X509 *x);
-int             X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *     X509_get_issuer_name(X509 *a);
-int             X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
-int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-EVP_PKEY *      X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
-
-int             X509_REQ_set_version(X509_REQ *x,long version);
-int             X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
-int             X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-EVP_PKEY *      X509_REQ_get_pubkey(X509_REQ *req);
-int             X509_REQ_extension_nid(int nid);
-int *           X509_REQ_get_extension_nids(void);
-void            X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-                                int nid);
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
-int X509_REQ_get_attr_count(const X509_REQ *req);
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-                          int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-                          int lastpos);
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-                        int nid, int type,
-                        const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len);
-
-int X509_CRL_set_version(X509_CRL *x, long version);
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
-int X509_CRL_sort(X509_CRL *crl);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-
-int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-
-int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-unsigned long   X509_issuer_and_serial_hash(X509 *a);
-
-int             X509_issuer_name_cmp(const X509 *a, const X509 *b);
-unsigned long   X509_issuer_name_hash(X509 *a);
-
-int             X509_subject_name_cmp(const X509 *a, const X509 *b);
-unsigned long   X509_subject_name_hash(X509 *x);
-
-int             X509_cmp(const X509 *a, const X509 *b);
-int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-unsigned long   X509_NAME_hash(X509_NAME *x);
-
-int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-#ifndef OPENSSL_NO_FP_API
-int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int             X509_print_fp(FILE *bp,X509 *x);
-int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
-int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
-int             X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int             X509_print(BIO *bp,X509 *x);
-int             X509_ocspid_print(BIO *bp,X509 *x);
-int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-int             X509_CRL_print(BIO *bp,X509_CRL *x);
-int             X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
-int             X509_REQ_print(BIO *bp,X509_REQ *req);
-#endif
-
-int             X509_NAME_entry_count(X509_NAME *name);
-int             X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
-                        char *buf,int len);
-int             X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-                        char *buf,int len);
-
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, search after that position on. */
-int             X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int             X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
-                        int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int             X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
-                        int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-                        unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-                const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-                        int type,unsigned char *bytes, int len);
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-                        const unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-                        ASN1_OBJECT *obj, int type,const unsigned char *bytes,
-                        int len);
-int             X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
-                        ASN1_OBJECT *obj);
-int             X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-                        const unsigned char *bytes, int len);
-ASN1_OBJECT *   X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING *   X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int             X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-int             X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
-                                      int nid, int lastpos);
-int             X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-                                      ASN1_OBJECT *obj,int lastpos);
-int             X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
-                                           int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-                                         X509_EXTENSION *ex, int loc);
-
-int             X509_get_ext_count(X509 *x);
-int             X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int             X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int             X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-int             X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-
-int             X509_CRL_get_ext_count(X509_CRL *x);
-int             X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int             X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-int             X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int             X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int             X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-
-int             X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int             X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int             X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-int             X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int             X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int             X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-                                                        unsigned long flags);
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-                        int nid, int crit, ASN1_OCTET_STRING *data);
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-                        ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int             X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
-int             X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int             X509_EXTENSION_set_data(X509_EXTENSION *ex,
-                        ASN1_OCTET_STRING *data);
-ASN1_OBJECT *   X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int             X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-                          int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-                          int lastpos);
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-                                         X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-                        int nid, int type,
-                        const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-             int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-             const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-                const char *atrname, int type, const unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-                                        int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-int             X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
-                                     ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                                         unsigned char *salt, int saltlen);
-
-/* PKCS#8 utilities */
-
-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-
-int X509_check_trust(X509 *x, int id, int flags);
-int X509_TRUST_get_count(void);
-X509_TRUST * X509_TRUST_get0(int idx);
-int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-                                        char *name, int arg1, void *arg2);
-void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR                              100
-#define X509_F_BY_FILE_CTRL                              101
-#define X509_F_DIR_CTRL                                  102
-#define X509_F_GET_CERT_BY_SUBJECT                       103
-#define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
-#define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
-#define X509_F_X509V3_ADD_EXT                            104
-#define X509_F_X509_ADD_ATTR                             135
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
-#define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
-#define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
-#define X509_F_X509_CHECK_PRIVATE_KEY                    128
-#define X509_F_X509_EXTENSION_CREATE_BY_NID              108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS                110
-#define X509_F_X509_LOAD_CERT_CRL_FILE                   132
-#define X509_F_X509_LOAD_CERT_FILE                       111
-#define X509_F_X509_LOAD_CRL_FILE                        112
-#define X509_F_X509_NAME_ADD_ENTRY                       113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
-#define X509_F_X509_NAME_ONELINE                         116
-#define X509_F_X509_NAME_PRINT                           117
-#define X509_F_X509_PRINT_FP                             118
-#define X509_F_X509_PUBKEY_GET                           119
-#define X509_F_X509_PUBKEY_SET                           120
-#define X509_F_X509_REQ_PRINT                            121
-#define X509_F_X509_REQ_PRINT_FP                         122
-#define X509_F_X509_REQ_TO_X509                          123
-#define X509_F_X509_STORE_ADD_CERT                       124
-#define X509_F_X509_STORE_ADD_CRL                        125
-#define X509_F_X509_STORE_CTX_INIT                       143
-#define X509_F_X509_STORE_CTX_NEW                        142
-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
-#define X509_F_X509_TO_X509_REQ                          126
-#define X509_F_X509_TRUST_ADD                            133
-#define X509_F_X509_TRUST_SET                            141
-#define X509_F_X509_VERIFY_CERT                          127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE                         100
-#define X509_R_BASE64_DECODE_ERROR                       118
-#define X509_R_CANT_CHECK_DH_KEY                         114
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
-#define X509_R_ERR_ASN1_LIB                              102
-#define X509_R_INVALID_DIRECTORY                         113
-#define X509_R_INVALID_FIELD_NAME                        119
-#define X509_R_INVALID_TRUST                             123
-#define X509_R_KEY_TYPE_MISMATCH                         115
-#define X509_R_KEY_VALUES_MISMATCH                       116
-#define X509_R_LOADING_CERT_DIR                          103
-#define X509_R_LOADING_DEFAULTS                          104
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
-#define X509_R_SHOULD_RETRY                              106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
-#define X509_R_UNKNOWN_KEY_TYPE                          117
-#define X509_R_UNKNOWN_NID                               109
-#define X509_R_UNKNOWN_PURPOSE_ID                        121
-#define X509_R_UNKNOWN_TRUST_ID                          120
-#define X509_R_UNSUPPORTED_ALGORITHM                     111
-#define X509_R_WRONG_LOOKUP_TYPE                         112
-#define X509_R_WRONG_TYPE                                122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index 0bae3d32a1..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/* crypto/x509/x509_att.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
-{
-        if (!x) return 0;
-        return(sk_X509_ATTRIBUTE_num(x));
-}
-
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-                          int lastpos)
-{
-        ASN1_OBJECT *obj;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL) return(-2);
-        return(X509at_get_attr_by_OBJ(x,obj,lastpos));
-}
-
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-                          int lastpos)
-{
-        int n;
-        X509_ATTRIBUTE *ex;
-
-        if (sk == NULL) return(-1);
-        lastpos++;
-        if (lastpos < 0)
-                lastpos=0;
-        n=sk_X509_ATTRIBUTE_num(sk);
-        for ( ; lastpos < n; lastpos++)
-                {
-                ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
-                if (OBJ_cmp(ex->object,obj) == 0)
-                        return(lastpos);
-                }
-        return(-1);
-}
-
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
-        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-                return NULL;
-        else
-                return sk_X509_ATTRIBUTE_value(x,loc);
-}
-
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
-        X509_ATTRIBUTE *ret;
-
-        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-                return(NULL);
-        ret=sk_X509_ATTRIBUTE_delete(x,loc);
-        return(ret);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-                                         X509_ATTRIBUTE *attr)
-{
-        X509_ATTRIBUTE *new_attr=NULL;
-        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
-
-        if ((x != NULL) && (*x == NULL))
-                {
-                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
-                        goto err;
-                }
-        else
-                sk= *x;
-
-        if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
-                goto err2;
-        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
-                goto err;
-        if ((x != NULL) && (*x == NULL))
-                *x=sk;
-        return(sk);
-err:
-        X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
-err2:
-        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
-        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
-        return(NULL);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len)
-{
-        X509_ATTRIBUTE *attr;
-        STACK_OF(X509_ATTRIBUTE) *ret;
-        attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-        if(!attr) return 0;
-        ret = X509at_add1_attr(x, attr);
-        X509_ATTRIBUTE_free(attr);
-        return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-                        int nid, int type,
-                        const unsigned char *bytes, int len)
-{
-        X509_ATTRIBUTE *attr;
-        STACK_OF(X509_ATTRIBUTE) *ret;
-        attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-        if(!attr) return 0;
-        ret = X509at_add1_attr(x, attr);
-        X509_ATTRIBUTE_free(attr);
-        return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len)
-{
-        X509_ATTRIBUTE *attr;
-        STACK_OF(X509_ATTRIBUTE) *ret;
-        attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-        if(!attr) return 0;
-        ret = X509at_add1_attr(x, attr);
-        X509_ATTRIBUTE_free(attr);
-        return ret;
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-             int atrtype, const void *data, int len)
-{
-        ASN1_OBJECT *obj;
-        X509_ATTRIBUTE *ret;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-                return(NULL);
-                }
-        ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
-        if (ret == NULL) ASN1_OBJECT_free(obj);
-        return(ret);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-             const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
-{
-        X509_ATTRIBUTE *ret;
-
-        if ((attr == NULL) || (*attr == NULL))
-                {
-                if ((ret=X509_ATTRIBUTE_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                }
-        else
-                ret= *attr;
-
-        if (!X509_ATTRIBUTE_set1_object(ret,obj))
-                goto err;
-        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
-                goto err;
-        
-        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
-        return(ret);
-err:
-        if ((attr == NULL) || (ret != *attr))
-                X509_ATTRIBUTE_free(ret);
-        return(NULL);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-                const char *atrname, int type, const unsigned char *bytes, int len)
-        {
-        ASN1_OBJECT *obj;
-        X509_ATTRIBUTE *nattr;
-
-        obj=OBJ_txt2obj(atrname, 0);
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-                                                X509_R_INVALID_FIELD_NAME);
-                ERR_add_error_data(2, "name=", atrname);
-                return(NULL);
-                }
-        nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
-        ASN1_OBJECT_free(obj);
-        return nattr;
-        }
-
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
-{
-        if ((attr == NULL) || (obj == NULL))
-                return(0);
-        ASN1_OBJECT_free(attr->object);
-        attr->object=OBJ_dup(obj);
-        return(1);
-}
-
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
-{
-        ASN1_TYPE *ttmp;
-        ASN1_STRING *stmp;
-        int atype;
-        if (!attr) return 0;
-        if(attrtype & MBSTRING_FLAG) {
-                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
-                                                OBJ_obj2nid(attr->object));
-                if(!stmp) {
-                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
-                        return 0;
-                }
-                atype = stmp->type;
-        } else {
-                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
-                if(!ASN1_STRING_set(stmp, data, len)) goto err;
-                atype = attrtype;
-        }
-        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-        if(!(ttmp = ASN1_TYPE_new())) goto err;
-        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-        attr->single = 0;
-        ASN1_TYPE_set(ttmp, atype, stmp);
-        return 1;
-        err:
-        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
-        return 0;
-}
-
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
-{
-        if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
-        if(attr->value.single) return 1;
-        return 0;
-}
-
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
-{
-        if (attr == NULL) return(NULL);
-        return(attr->object);
-}
-
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-                                        int atrtype, void *data)
-{
-        ASN1_TYPE *ttmp;
-        ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
-        if(!ttmp) return NULL;
-        if(atrtype != ASN1_TYPE_get(ttmp)){
-                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
-                return NULL;
-        }
-        return ttmp->value.ptr;
-}
-
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
-{
-        if (attr == NULL) return(NULL);
-        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
-        if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
-        else return attr->value.single;
-}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 030d0966fc..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
-        {
-        int i;
-        X509_CINF *ai,*bi;
-
-        ai=a->cert_info;
-        bi=b->cert_info;
-        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
-        if (i) return(i);
-        return(X509_NAME_cmp(ai->issuer,bi->issuer));
-        }
-
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
-        {
-        unsigned long ret=0;
-        EVP_MD_CTX ctx;
-        unsigned char md[16];
-        char *f;
-
-        EVP_MD_CTX_init(&ctx);
-        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(f);
-        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
-        OPENSSL_free(f);
-        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-                (unsigned long)a->cert_info->serialNumber->length);
-        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
-        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
-        }
-#endif
-        
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
-        {
-        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
-        }
-
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
-        {
-        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
-        }
-
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
-        {
-        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
-        }
-
-X509_NAME *X509_get_issuer_name(X509 *a)
-        {
-        return(a->cert_info->issuer);
-        }
-
-unsigned long X509_issuer_name_hash(X509 *x)
-        {
-        return(X509_NAME_hash(x->cert_info->issuer));
-        }
-
-X509_NAME *X509_get_subject_name(X509 *a)
-        {
-        return(a->cert_info->subject);
-        }
-
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
-        {
-        return(a->cert_info->serialNumber);
-        }
-
-unsigned long X509_subject_name_hash(X509 *x)
-        {
-        return(X509_NAME_hash(x->cert_info->subject));
-        }
-
-#ifndef OPENSSL_NO_SHA
-/* Compare two certificates: they must be identical for
- * this to work. NB: Although "cmp" operations are generally
- * prototyped to take "const" arguments (eg. for use in
- * STACKs), the way X509 handling is - these operations may
- * involve ensuring the hashes are up-to-date and ensuring
- * certain cert information is cached. So this is the point
- * where the "depth-first" constification tree has to halt
- * with an evil cast.
- */
-int X509_cmp(const X509 *a, const X509 *b)
-{
-        /* ensure hash is valid */
-        X509_check_purpose((X509 *)a, -1, 0);
-        X509_check_purpose((X509 *)b, -1, 0);
-
-        return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
-}
-#endif
-
-
-/* Case insensitive string comparision */
-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        int i;
-
-        if (a->length != b->length)
-                return (a->length - b->length);
-
-        for (i=0; i<a->length; i++)
-        {
-                int ca, cb;
-
-                ca = tolower(a->data[i]);
-                cb = tolower(b->data[i]);
-
-                if (ca != cb)
-                        return(ca-cb);
-        }
-        return 0;
-}
-
-/* Case insensitive string comparision with space normalization 
- * Space normalization - ignore leading, trailing spaces, 
- *       multiple spaces between characters are replaced by single space  
- */
-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        unsigned char *pa = NULL, *pb = NULL;
-        int la, lb;
-        
-        la = a->length;
-        lb = b->length;
-        pa = a->data;
-        pb = b->data;
-
-        /* skip leading spaces */
-        while (la > 0 && isspace(*pa))
-        {
-                la--;
-                pa++;
-        }
-        while (lb > 0 && isspace(*pb))
-        {
-                lb--;
-                pb++;
-        }
-
-        /* skip trailing spaces */
-        while (la > 0 && isspace(pa[la-1]))
-                la--;
-        while (lb > 0 && isspace(pb[lb-1]))
-                lb--;
-
-        /* compare strings with space normalization */
-        while (la > 0 && lb > 0)
-        {
-                int ca, cb;
-
-                /* compare character */
-                ca = tolower(*pa);
-                cb = tolower(*pb);
-                if (ca != cb)
-                        return (ca - cb);
-
-                pa++; pb++;
-                la--; lb--;
-
-                if (la <= 0 || lb <= 0)
-                        break;
-
-                /* is white space next character ? */
-                if (isspace(*pa) && isspace(*pb))
-                {
-                        /* skip remaining white spaces */
-                        while (la > 0 && isspace(*pa))
-                        {
-                                la--;
-                                pa++;
-                        }
-                        while (lb > 0 && isspace(*pb))
-                        {
-                                lb--;
-                                pb++;
-                        }
-                }
-        }
-        if (la > 0 || lb > 0)
-                return la - lb;
-
-        return 0;
-}
-
-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
-        {
-        int j;
-        j = a->length - b->length;
-        if (j)
-                return j;
-        return memcmp(a->data, b->data, a->length);
-        }
-
-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
-
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-        {
-        int i,j;
-        X509_NAME_ENTRY *na,*nb;
-
-        unsigned long nabit, nbbit;
-
-        j = sk_X509_NAME_ENTRY_num(a->entries)
-                  - sk_X509_NAME_ENTRY_num(b->entries);
-        if (j)
-                return j;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=na->value->type-nb->value->type;
-                if (j)
-                        {
-                        nabit = ASN1_tag2bit(na->value->type);
-                        nbbit = ASN1_tag2bit(nb->value->type);
-                        if (!(nabit & STR_TYPE_CMP) ||
-                                !(nbbit & STR_TYPE_CMP))
-                                return j;
-                        j = asn1_string_memcmp(na->value, nb->value);
-                        }
-                else if (na->value->type == V_ASN1_PRINTABLESTRING)
-                        j=nocase_spacenorm_cmp(na->value, nb->value);
-                else if (na->value->type == V_ASN1_IA5STRING
-                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
-                        j=nocase_cmp(na->value, nb->value);
-                else
-                        j = asn1_string_memcmp(na->value, nb->value);
-                if (j) return(j);
-                j=na->set-nb->set;
-                if (j) return(j);
-                }
-
-        /* We will check the object types after checking the values
-         * since the values will more often be different than the object
-         * types. */
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=OBJ_cmp(na->object,nb->object);
-                if (j) return(j);
-                }
-        return(0);
-        }
-
-#ifndef OPENSSL_NO_MD5
-/* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
-        {
-        unsigned long ret=0;
-        unsigned char md[16];
-        EVP_MD_CTX md_ctx;
-
-        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
-        EVP_MD_CTX_init(&md_ctx);
-        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
-        EVP_MD_CTX_cleanup(&md_ctx);
-
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
-        return(ret);
-        }
-#endif
-
-/* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
-                ASN1_INTEGER *serial)
-        {
-        int i;
-        X509_CINF cinf;
-        X509 x,*x509=NULL;
-
-        if(!sk) return NULL;
-
-        x.cert_info= &cinf;
-        cinf.serialNumber=serial;
-        cinf.issuer=name;
-
-        for (i=0; i<sk_X509_num(sk); i++)
-                {
-                x509=sk_X509_value(sk,i);
-                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
-                        return(x509);
-                }
-        return(NULL);
-        }
-
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
-        {
-        X509 *x509;
-        int i;
-
-        for (i=0; i<sk_X509_num(sk); i++)
-                {
-                x509=sk_X509_value(sk,i);
-                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
-                        return(x509);
-                }
-        return(NULL);
-        }
-
-EVP_PKEY *X509_get_pubkey(X509 *x)
-        {
-        if ((x == NULL) || (x->cert_info == NULL))
-                return(NULL);
-        return(X509_PUBKEY_get(x->cert_info->key));
-        }
-
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-        {
-        if(!x) return NULL;
-        return x->cert_info->key->public_key;
-        }
-
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
-        {
-        EVP_PKEY *xk=NULL;
-        int ok=0;
-
-        xk=X509_get_pubkey(x);
-        if (xk->type != k->type)
-            {
-            X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-            goto err;
-            }
-        switch (k->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
-                    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
-                    {
-                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-                    goto err;
-                    }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-                    {
-                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-                    goto err;
-                    }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                /* No idea */
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                goto err;
-#endif
-        default:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-                goto err;
-                }
-
-        ok=1;
-err:
-        EVP_PKEY_free(xk);
-        return(ok);
-        }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 51410cfd1a..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/x509/x509_d2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_STDIO
-int X509_STORE_set_default_paths(X509_STORE *ctx)
-        {
-        X509_LOOKUP *lookup;
-
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-        if (lookup == NULL) return(0);
-        X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-        if (lookup == NULL) return(0);
-        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-        
-        /* clear any errors */
-        ERR_clear_error();
-
-        return(1);
-        }
-
-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
-                const char *path)
-        {
-        X509_LOOKUP *lookup;
-
-        if (file != NULL)
-                {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-                if (lookup == NULL) return(0);
-                if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
-                    return(0);
-                }
-        if (path != NULL)
-                {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-                if (lookup == NULL) return(0);
-                if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
-                    return(0);
-                }
-        if ((path == NULL) && (file == NULL))
-                return(0);
-        return(1);
-        }
-
-#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/x509/x509_def.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-const char *X509_get_default_private_dir(void)
-        { return(X509_PRIVATE_DIR); }
-        
-const char *X509_get_default_cert_area(void)
-        { return(X509_CERT_AREA); }
-
-const char *X509_get_default_cert_dir(void)
-        { return(X509_CERT_DIR); }
-
-const char *X509_get_default_cert_file(void)
-        { return(X509_CERT_FILE); }
-
-const char *X509_get_default_cert_dir_env(void)
-        { return(X509_CERT_DIR_EVP); }
-
-const char *X509_get_default_cert_file_env(void)
-        { return(X509_CERT_FILE_EVP); }
-
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index d44d046027..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* crypto/x509/x509_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[]=
-        {
-{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_DIR_CTRL),     "DIR_CTRL"},
-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),  "GET_CERT_BY_SUBJECT"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),     "NETSCAPE_SPKI_b64_decode"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),     "NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509V3_ADD_EXT),       "X509v3_add_ext"},
-{ERR_FUNC(X509_F_X509_ADD_ATTR),        "X509_ADD_ATTR"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),     "X509_ATTRIBUTE_get0_data"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),     "X509_ATTRIBUTE_set1_data"},
-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),       "X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),   "X509_get_pubkey_parameters"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),      "X509_load_cert_crl_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),  "X509_load_cert_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),   "X509_load_crl_file"},
-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),  "X509_NAME_add_entry"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),        "X509_NAME_ENTRY_create_by_NID"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),        "X509_NAME_ENTRY_create_by_txt"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),   "X509_NAME_ENTRY_set_object"},
-{ERR_FUNC(X509_F_X509_NAME_ONELINE),    "X509_NAME_oneline"},
-{ERR_FUNC(X509_F_X509_NAME_PRINT),      "X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_FP),        "X509_print_fp"},
-{ERR_FUNC(X509_F_X509_PUBKEY_GET),      "X509_PUBKEY_get"},
-{ERR_FUNC(X509_F_X509_PUBKEY_SET),      "X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT),       "X509_REQ_print"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP),    "X509_REQ_print_fp"},
-{ERR_FUNC(X509_F_X509_REQ_TO_X509),     "X509_REQ_to_X509"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT),  "X509_STORE_add_cert"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL),   "X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT),  "X509_STORE_CTX_init"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW),   "X509_STORE_CTX_new"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),       "X509_STORE_CTX_purpose_inherit"},
-{ERR_FUNC(X509_F_X509_TO_X509_REQ),     "X509_to_X509_REQ"},
-{ERR_FUNC(X509_F_X509_TRUST_ADD),       "X509_TRUST_add"},
-{ERR_FUNC(X509_F_X509_TRUST_SET),       "X509_TRUST_set"},
-{ERR_FUNC(X509_F_X509_VERIFY_CERT),     "X509_verify_cert"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA X509_str_reasons[]=
-        {
-{ERR_REASON(X509_R_BAD_X509_FILETYPE)    ,"bad x509 filetype"},
-{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  ,"base64 decode error"},
-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    ,"cant check dh key"},
-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
-{ERR_REASON(X509_R_ERR_ASN1_LIB)         ,"err asn1 lib"},
-{ERR_REASON(X509_R_INVALID_DIRECTORY)    ,"invalid directory"},
-{ERR_REASON(X509_R_INVALID_FIELD_NAME)   ,"invalid field name"},
-{ERR_REASON(X509_R_INVALID_TRUST)        ,"invalid trust"},
-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH)    ,"key type mismatch"},
-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},
-{ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},
-{ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},
-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
-{ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},
-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE)     ,"unknown key type"},
-{ERR_REASON(X509_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID)   ,"unknown purpose id"},
-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID)     ,"unknown trust id"},
-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE)    ,"wrong lookup type"},
-{ERR_REASON(X509_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_X509_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,X509_str_functs);
-                ERR_load_strings(0,X509_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index e7fdacb5e4..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/* crypto/x509/x509_ext.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-
-int X509_CRL_get_ext_count(X509_CRL *x)
-        {
-        return(X509v3_get_ext_count(x->crl->extensions));
-        }
-
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
-        }
-
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
-        }
-
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
-        }
-
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
-        {
-        return(X509v3_get_ext(x->crl->extensions,loc));
-        }
-
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
-        {
-        return(X509v3_delete_ext(x->crl->extensions,loc));
-        }
-
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
-{
-        return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
-}
-
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-{
-        return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
-}
-
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
-        }
-
-int X509_get_ext_count(X509 *x)
-        {
-        return(X509v3_get_ext_count(x->cert_info->extensions));
-        }
-
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
-        }
-
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
-        }
-
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
-        }
-
-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
-        {
-        return(X509v3_get_ext(x->cert_info->extensions,loc));
-        }
-
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
-        {
-        return(X509v3_delete_ext(x->cert_info->extensions,loc));
-        }
-
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
-        }
-
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
-{
-        return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
-}
-
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-{
-        return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
-                                                        flags);
-}
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
-        {
-        return(X509v3_get_ext_count(x->extensions));
-        }
-
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
-        {
-        return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
-        }
-
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-             int lastpos)
-        {
-        return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
-        }
-
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
-        {
-        return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
-        }
-
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
-        {
-        return(X509v3_get_ext(x->extensions,loc));
-        }
-
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
-        {
-        return(X509v3_delete_ext(x->extensions,loc));
-        }
-
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
-        {
-        return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
-        }
-
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
-{
-        return X509V3_get_d2i(x->extensions, nid, crit, idx);
-}
-
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-                                                        unsigned long flags)
-{
-        return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
-}
-
-IMPLEMENT_STACK_OF(X509_EXTENSION)
-IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index b780dae5e2..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/* crypto/x509/x509_lu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
-        {
-        X509_LOOKUP *ret;
-
-        ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
-        if (ret == NULL) return NULL;
-
-        ret->init=0;
-        ret->skip=0;
-        ret->method=method;
-        ret->method_data=NULL;
-        ret->store_ctx=NULL;
-        if ((method->new_item != NULL) && !method->new_item(ret))
-                {
-                OPENSSL_free(ret);
-                return NULL;
-                }
-        return ret;
-        }
-
-void X509_LOOKUP_free(X509_LOOKUP *ctx)
-        {
-        if (ctx == NULL) return;
-        if (    (ctx->method != NULL) &&
-                (ctx->method->free != NULL))
-                ctx->method->free(ctx);
-        OPENSSL_free(ctx);
-        }
-
-int X509_LOOKUP_init(X509_LOOKUP *ctx)
-        {
-        if (ctx->method == NULL) return 0;
-        if (ctx->method->init != NULL)
-                return ctx->method->init(ctx);
-        else
-                return 1;
-        }
-
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
-        {
-        if (ctx->method == NULL) return 0;
-        if (ctx->method->shutdown != NULL)
-                return ctx->method->shutdown(ctx);
-        else
-                return 1;
-        }
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-             char **ret)
-        {
-        if (ctx->method == NULL) return -1;
-        if (ctx->method->ctrl != NULL)
-                return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
-        else
-                return 1;
-        }
-
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-             X509_OBJECT *ret)
-        {
-        if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-                return X509_LU_FAIL;
-        if (ctx->skip) return 0;
-        return ctx->method->get_by_subject(ctx,type,name,ret);
-        }
-
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-             ASN1_INTEGER *serial, X509_OBJECT *ret)
-        {
-        if ((ctx->method == NULL) ||
-                (ctx->method->get_by_issuer_serial == NULL))
-                return X509_LU_FAIL;
-        return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
-        }
-
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-             unsigned char *bytes, int len, X509_OBJECT *ret)
-        {
-        if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-                return X509_LU_FAIL;
-        return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
-        }
-
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-             X509_OBJECT *ret)
-        {
-        if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-                return X509_LU_FAIL;
-        return ctx->method->get_by_alias(ctx,type,str,len,ret);
-        }
-
-  
-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
-        {
-        int ret;
-
-        ret=((*a)->type - (*b)->type);
-        if (ret) return ret;
-        switch ((*a)->type)
-                {
-        case X509_LU_X509:
-                ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
-                break;
-        case X509_LU_CRL:
-                ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
-                break;
-        default:
-                /* abort(); */
-                return 0;
-                }
-        return ret;
-        }
-
-X509_STORE *X509_STORE_new(void)
-        {
-        X509_STORE *ret;
-
-        if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
-                return NULL;
-        ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
-        ret->cache=1;
-        ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-        ret->verify=0;
-        ret->verify_cb=0;
-
-        ret->purpose = 0;
-        ret->trust = 0;
-
-        ret->flags = 0;
-
-        ret->get_issuer = 0;
-        ret->check_issued = 0;
-        ret->check_revocation = 0;
-        ret->get_crl = 0;
-        ret->check_crl = 0;
-        ret->cert_crl = 0;
-        ret->cleanup = 0;
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
-        ret->references=1;
-        ret->depth=0;
-        return ret;
-        }
-
-static void cleanup(X509_OBJECT *a)
-        {
-        if (a->type == X509_LU_X509)
-                {
-                X509_free(a->data.x509);
-                }
-        else if (a->type == X509_LU_CRL)
-                {
-                X509_CRL_free(a->data.crl);
-                }
-        else
-                {
-                /* abort(); */
-                }
-
-        OPENSSL_free(a);
-        }
-
-void X509_STORE_free(X509_STORE *vfy)
-        {
-        int i;
-        STACK_OF(X509_LOOKUP) *sk;
-        X509_LOOKUP *lu;
-
-        if (vfy == NULL)
-            return;
-
-        sk=vfy->get_cert_methods;
-        for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-                {
-                lu=sk_X509_LOOKUP_value(sk,i);
-                X509_LOOKUP_shutdown(lu);
-                X509_LOOKUP_free(lu);
-                }
-        sk_X509_LOOKUP_free(sk);
-        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-        OPENSSL_free(vfy);
-        }
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
-        {
-        int i;
-        STACK_OF(X509_LOOKUP) *sk;
-        X509_LOOKUP *lu;
-
-        sk=v->get_cert_methods;
-        for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-                {
-                lu=sk_X509_LOOKUP_value(sk,i);
-                if (m == lu->method)
-                        {
-                        return lu;
-                        }
-                }
-        /* a new one */
-        lu=X509_LOOKUP_new(m);
-        if (lu == NULL)
-                return NULL;
-        else
-                {
-                lu->store_ctx=v;
-                if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
-                        return lu;
-                else
-                        {
-                        X509_LOOKUP_free(lu);
-                        return NULL;
-                        }
-                }
-        }
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-             X509_OBJECT *ret)
-        {
-        X509_STORE *ctx=vs->ctx;
-        X509_LOOKUP *lu;
-        X509_OBJECT stmp,*tmp;
-        int i,j;
-
-        tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
-
-        if (tmp == NULL)
-                {
-                for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
-                        {
-                        lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
-                        j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
-                        if (j < 0)
-                                {
-                                vs->current_method=j;
-                                return j;
-                                }
-                        else if (j)
-                                {
-                                tmp= &stmp;
-                                break;
-                                }
-                        }
-                vs->current_method=0;
-                if (tmp == NULL)
-                        return 0;
-                }
-
-/*      if (ret->data.ptr != NULL)
-                X509_OBJECT_free_contents(ret); */
-
-        ret->type=tmp->type;
-        ret->data.ptr=tmp->data.ptr;
-
-        X509_OBJECT_up_ref_count(ret);
-
-        return 1;
-        }
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-        {
-        X509_OBJECT *obj;
-        int ret=1;
-
-        if (x == NULL) return 0;
-        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        obj->type=X509_LU_X509;
-        obj->data.x509=x;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-        X509_OBJECT_up_ref_count(obj);
-
-
-        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-                {
-                X509_OBJECT_free_contents(obj);
-                OPENSSL_free(obj);
-                X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-                ret=0;
-                } 
-        else sk_X509_OBJECT_push(ctx->objs, obj);
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-        return ret;
-        }
-
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
-        {
-        X509_OBJECT *obj;
-        int ret=1;
-
-        if (x == NULL) return 0;
-        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        obj->type=X509_LU_CRL;
-        obj->data.crl=x;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-        X509_OBJECT_up_ref_count(obj);
-
-        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-                {
-                X509_OBJECT_free_contents(obj);
-                OPENSSL_free(obj);
-                X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-                ret=0;
-                }
-        else sk_X509_OBJECT_push(ctx->objs, obj);
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-        return ret;
-        }
-
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
-        {
-        switch (a->type)
-                {
-        case X509_LU_X509:
-                CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
-                break;
-        case X509_LU_CRL:
-                CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-                break;
-                }
-        }
-
-void X509_OBJECT_free_contents(X509_OBJECT *a)
-        {
-        switch (a->type)
-                {
-        case X509_LU_X509:
-                X509_free(a->data.x509);
-                break;
-        case X509_LU_CRL:
-                X509_CRL_free(a->data.crl);
-                break;
-                }
-        }
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-             X509_NAME *name)
-        {
-        X509_OBJECT stmp;
-        X509 x509_s;
-        X509_CINF cinf_s;
-        X509_CRL crl_s;
-        X509_CRL_INFO crl_info_s;
-
-        stmp.type=type;
-        switch (type)
-                {
-        case X509_LU_X509:
-                stmp.data.x509= &x509_s;
-                x509_s.cert_info= &cinf_s;
-                cinf_s.subject=name;
-                break;
-        case X509_LU_CRL:
-                stmp.data.crl= &crl_s;
-                crl_s.crl= &crl_info_s;
-                crl_info_s.issuer=name;
-                break;
-        default:
-                /* abort(); */
-                return -1;
-                }
-
-        return sk_X509_OBJECT_find(h,&stmp);
-        }
-
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-             X509_NAME *name)
-{
-        int idx;
-        idx = X509_OBJECT_idx_by_subject(h, type, name);
-        if (idx==-1) return NULL;
-        return sk_X509_OBJECT_value(h, idx);
-}
-
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
-{
-        int idx, i;
-        X509_OBJECT *obj;
-        idx = sk_X509_OBJECT_find(h, x);
-        if (idx == -1) return NULL;
-        if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
-        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
-                {
-                obj = sk_X509_OBJECT_value(h, i);
-                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
-                        return NULL;
-                if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
-                        return obj;
-                }
-        return NULL;
-}
-
-
-/* Try to get issuer certificate from store. Due to limitations
- * of the API this can only retrieve a single certificate matching
- * a given subject name. However it will fill the cache with all
- * matching certificates, so we can examine the cache for all 
- * matches.
- *
- * Return values are:
- *  1 lookup successful.
- *  0 certificate not found.
- * -1 some other error.
- */
-
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
-        X509_NAME *xn;
-        X509_OBJECT obj, *pobj;
-        int i, ok, idx;
-        xn=X509_get_issuer_name(x);
-        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-        if (ok != X509_LU_X509)
-                {
-                if (ok == X509_LU_RETRY)
-                        {
-                        X509_OBJECT_free_contents(&obj);
-                        X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
-                        return -1;
-                        }
-                else if (ok != X509_LU_FAIL)
-                        {
-                        X509_OBJECT_free_contents(&obj);
-                        /* not good :-(, break anyway */
-                        return -1;
-                        }
-                return 0;
-                }
-        /* If certificate matches all OK */
-        if (ctx->check_issued(ctx, x, obj.data.x509))
-                {
-                *issuer = obj.data.x509;
-                return 1;
-                }
-        X509_OBJECT_free_contents(&obj);
-        /* Else find index of first matching cert */
-        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
-        /* This shouldn't normally happen since we already have one match */
-        if (idx == -1) return 0;
-
-        /* Look through all matching certificates for a suitable issuer */
-        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
-                {
-                pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
-                /* See if we've ran out of matches */
-                if (pobj->type != X509_LU_X509) return 0;
-                if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
-                if (ctx->check_issued(ctx, x, pobj->data.x509))
-                        {
-                        *issuer = pobj->data.x509;
-                        X509_OBJECT_up_ref_count(pobj);
-                        return 1;
-                        }
-                }
-        return 0;
-}
-
-void X509_STORE_set_flags(X509_STORE *ctx, long flags)
-        {
-        ctx->flags |= flags;
-        }
-
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
-        {
-        return X509_PURPOSE_set(&ctx->purpose, purpose);
-        }
-
-int X509_STORE_set_trust(X509_STORE *ctx, int trust)
-        {
-        return X509_TRUST_set(&ctx->trust, trust);
-        }
-
-IMPLEMENT_STACK_OF(X509_LOOKUP)
-IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 1e718f76eb..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/buffer.h>
-
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
-        {
-        X509_NAME_ENTRY *ne;
-int i;
-        int n,lold,l,l1,l2,num,j,type;
-        const char *s;
-        char *p;
-        unsigned char *q;
-        BUF_MEM *b=NULL;
-        static char hex[17]="0123456789ABCDEF";
-        int gs_doit[4];
-        char tmp_buf[80];
-#ifdef CHARSET_EBCDIC
-        char ebcdic_buf[1024];
-#endif
-
-        if (buf == NULL)
-                {
-                if ((b=BUF_MEM_new()) == NULL) goto err;
-                if (!BUF_MEM_grow(b,200)) goto err;
-                b->data[0]='\0';
-                len=200;
-                }
-        if (a == NULL)
-            {
-            if(b)
-                {
-                buf=b->data;
-                OPENSSL_free(b);
-                }
-            strncpy(buf,"NO X509_NAME",len);
-            buf[len-1]='\0';
-            return buf;
-            }
-
-        len--; /* space for '\0' */
-        l=0;
-        for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
-                {
-                ne=sk_X509_NAME_ENTRY_value(a->entries,i);
-                n=OBJ_obj2nid(ne->object);
-                if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
-                        {
-                        i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
-                        s=tmp_buf;
-                        }
-                l1=strlen(s);
-
-                type=ne->value->type;
-                num=ne->value->length;
-                q=ne->value->data;
-#ifdef CHARSET_EBCDIC
-                if (type == V_ASN1_GENERALSTRING ||
-                    type == V_ASN1_VISIBLESTRING ||
-                    type == V_ASN1_PRINTABLESTRING ||
-                    type == V_ASN1_TELETEXSTRING ||
-                    type == V_ASN1_VISIBLESTRING ||
-                    type == V_ASN1_IA5STRING) {
-                        ascii2ebcdic(ebcdic_buf, q,
-                                     (num > sizeof ebcdic_buf)
-                                     ? sizeof ebcdic_buf : num);
-                        q=ebcdic_buf;
-                }
-#endif
-
-                if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
-                        {
-                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
-                        for (j=0; j<num; j++)
-                                if (q[j] != 0) gs_doit[j&3]=1;
-
-                        if (gs_doit[0]|gs_doit[1]|gs_doit[2])
-                                gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-                        else
-                                {
-                                gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
-                                gs_doit[3]=1;
-                                }
-                        }
-                else
-                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-
-                for (l2=j=0; j<num; j++)
-                        {
-                        if (!gs_doit[j&3]) continue;
-                        l2++;
-#ifndef CHARSET_EBCDIC
-                        if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
-#else
-                        if ((os_toascii[q[j]] < os_toascii[' ']) ||
-                            (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
-#endif
-                        }
-
-                lold=l;
-                l+=1+l1+1+l2;
-                if (b != NULL)
-                        {
-                        if (!BUF_MEM_grow(b,l+1)) goto err;
-                        p= &(b->data[lold]);
-                        }
-                else if (l > len)
-                        {
-                        break;
-                        }
-                else
-                        p= &(buf[lold]);
-                *(p++)='/';
-                memcpy(p,s,(unsigned int)l1); p+=l1;
-                *(p++)='=';
-
-#ifndef CHARSET_EBCDIC /* q was assigned above already. */
-                q=ne->value->data;
-#endif
-
-                for (j=0; j<num; j++)
-                        {
-                        if (!gs_doit[j&3]) continue;
-#ifndef CHARSET_EBCDIC
-                        n=q[j];
-                        if ((n < ' ') || (n > '~'))
-                                {
-                                *(p++)='\\';
-                                *(p++)='x';
-                                *(p++)=hex[(n>>4)&0x0f];
-                                *(p++)=hex[n&0x0f];
-                                }
-                        else
-                                *(p++)=n;
-#else
-                        n=os_toascii[q[j]];
-                        if ((n < os_toascii[' ']) ||
-                            (n > os_toascii['~']))
-                                {
-                                *(p++)='\\';
-                                *(p++)='x';
-                                *(p++)=hex[(n>>4)&0x0f];
-                                *(p++)=hex[n&0x0f];
-                                }
-                        else
-                                *(p++)=q[j];
-#endif
-                        }
-                *p='\0';
-                }
-        if (b != NULL)
-                {
-                p=b->data;
-                OPENSSL_free(b);
-                }
-        else
-                p=buf;
-        if (i == 0)
-                *p = '\0';
-        return(p);
-err:
-        X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
-        if (b != NULL) BUF_MEM_free(b);
-        return(NULL);
-        }
-
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index fb8a78dabe..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/x509/x509_r2x.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
-        {
-        X509 *ret=NULL;
-        X509_CINF *xi=NULL;
-        X509_NAME *xn;
-
-        if ((ret=X509_new()) == NULL)
-                {
-                X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        /* duplicate the request */
-        xi=ret->cert_info;
-
-        if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
-                {
-                if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
-                if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/*              xi->extensions=ri->attributes; <- bad, should not ever be done
-                ri->attributes=NULL; */
-                }
-
-        xn=X509_REQ_get_subject_name(r);
-        X509_set_subject_name(ret,X509_NAME_dup(xn));
-        X509_set_issuer_name(ret,X509_NAME_dup(xn));
-
-        if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
-                goto err;
-        if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
-                goto err;
-
-        X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
-
-        if (!X509_sign(ret,pkey,EVP_md5()))
-                goto err;
-        if (0)
-                {
-err:
-                X509_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 59fc6ca548..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,279 +0,0 @@
-/* crypto/x509/x509_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-        {
-        X509_REQ *ret;
-        X509_REQ_INFO *ri;
-        int i;
-        EVP_PKEY *pktmp;
-
-        ret=X509_REQ_new();
-        if (ret == NULL)
-                {
-                X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        ri=ret->req_info;
-
-        ri->version->length=1;
-        ri->version->data=(unsigned char *)OPENSSL_malloc(1);
-        if (ri->version->data == NULL) goto err;
-        ri->version->data[0]=0; /* version == 0 */
-
-        if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
-                goto err;
-
-        pktmp = X509_get_pubkey(x);
-        i=X509_REQ_set_pubkey(ret,pktmp);
-        EVP_PKEY_free(pktmp);
-        if (!i) goto err;
-
-        if (pkey != NULL)
-                {
-                if (!X509_REQ_sign(ret,pkey,md))
-                        goto err;
-                }
-        return(ret);
-err:
-        X509_REQ_free(ret);
-        return(NULL);
-        }
-
-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
-        {
-        if ((req == NULL) || (req->req_info == NULL))
-                return(NULL);
-        return(X509_PUBKEY_get(req->req_info->pubkey));
-        }
-
-/* It seems several organisations had the same idea of including a list of
- * extensions in a certificate request. There are at least two OIDs that are
- * used and there may be more: so the list is configurable.
- */
-
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
-
-static int *ext_nids = ext_nid_list;
-
-int X509_REQ_extension_nid(int req_nid)
-{
-        int i, nid;
-        for(i = 0; ; i++) {
-                nid = ext_nids[i];
-                if(nid == NID_undef) return 0;
-                else if (req_nid == nid) return 1;
-        }
-}
-
-int *X509_REQ_get_extension_nids(void)
-{
-        return ext_nids;
-}
-        
-void X509_REQ_set_extension_nids(int *nids)
-{
-        ext_nids = nids;
-}
-
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
-        {
-        X509_ATTRIBUTE *attr;
-        ASN1_TYPE *ext = NULL;
-        int idx, *pnid;
-        unsigned char *p;
-
-        if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
-                return(NULL);
-        for (pnid = ext_nids; *pnid != NID_undef; pnid++)
-                {
-                idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-                if (idx == -1)
-                        continue;
-                attr = X509_REQ_get_attr(req, idx);
-                if(attr->single) ext = attr->value.single;
-                else if(sk_ASN1_TYPE_num(attr->value.set))
-                        ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-                break;
-                }
-        if(!ext || (ext->type != V_ASN1_SEQUENCE))
-                return NULL;
-        p = ext->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
-                        ext->value.sequence->length,
-                        d2i_X509_EXTENSION, X509_EXTENSION_free,
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-        }
-
-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
- * in case we want to create a non standard one.
- */
-
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-                                int nid)
-{
-        unsigned char *p = NULL, *q;
-        long len;
-        ASN1_TYPE *at = NULL;
-        X509_ATTRIBUTE *attr = NULL;
-        if(!(at = ASN1_TYPE_new()) ||
-                !(at->value.sequence = ASN1_STRING_new())) goto err;
-
-        at->type = V_ASN1_SEQUENCE;
-        /* Generate encoding of extensions */
-        len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        if(!(p = OPENSSL_malloc(len))) goto err;
-        q = p;
-        i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        at->value.sequence->data = p;
-        p = NULL;
-        at->value.sequence->length = len;
-        if(!(attr = X509_ATTRIBUTE_new())) goto err;
-        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
-        at = NULL;
-        attr->single = 0;
-        attr->object = OBJ_nid2obj(nid);
-        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
-        return 1;
-        err:
-        if(p) OPENSSL_free(p);
-        X509_ATTRIBUTE_free(attr);
-        ASN1_TYPE_free(at);
-        return 0;
-}
-/* This is the normal usage: use the "official" OID */
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
-{
-        return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
-}
-
-/* Request attribute functions */
-
-int X509_REQ_get_attr_count(const X509_REQ *req)
-{
-        return X509at_get_attr_count(req->req_info->attributes);
-}
-
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-                          int lastpos)
-{
-        return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
-}
-
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-                          int lastpos)
-{
-        return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
-}
-
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
-{
-        return X509at_get_attr(req->req_info->attributes, loc);
-}
-
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
-{
-        return X509at_delete_attr(req->req_info->attributes, loc);
-}
-
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
-{
-        if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
-        return 0;
-}
-
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
-                                type, bytes, len)) return 1;
-        return 0;
-}
-
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-                        int nid, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
-                                type, bytes, len)) return 1;
-        return 0;
-}
-
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
-                                type, bytes, len)) return 1;
-        return 0;
-}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index aaf61ca062..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/x509/x509_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_set_version(X509 *x, long version)
-        {
-        if (x == NULL) return(0);
-        if (x->cert_info->version == NULL)
-                {
-                if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
-                        return(0);
-                }
-        return(ASN1_INTEGER_set(x->cert_info->version,version));
-        }
-
-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
-        {
-        ASN1_INTEGER *in;
-
-        if (x == NULL) return(0);
-        in=x->cert_info->serialNumber;
-        if (in != serial)
-                {
-                in=M_ASN1_INTEGER_dup(serial);
-                if (in != NULL)
-                        {
-                        M_ASN1_INTEGER_free(x->cert_info->serialNumber);
-                        x->cert_info->serialNumber=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_set_issuer_name(X509 *x, X509_NAME *name)
-        {
-        if ((x == NULL) || (x->cert_info == NULL)) return(0);
-        return(X509_NAME_set(&x->cert_info->issuer,name));
-        }
-
-int X509_set_subject_name(X509 *x, X509_NAME *name)
-        {
-        if ((x == NULL) || (x->cert_info == NULL)) return(0);
-        return(X509_NAME_set(&x->cert_info->subject,name));
-        }
-
-int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
-        {
-        ASN1_TIME *in;
-
-        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-        in=x->cert_info->validity->notBefore;
-        if (in != tm)
-                {
-                in=M_ASN1_TIME_dup(tm);
-                if (in != NULL)
-                        {
-                        M_ASN1_TIME_free(x->cert_info->validity->notBefore);
-                        x->cert_info->validity->notBefore=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
-        {
-        ASN1_TIME *in;
-
-        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-        in=x->cert_info->validity->notAfter;
-        if (in != tm)
-                {
-                in=M_ASN1_TIME_dup(tm);
-                if (in != NULL)
-                        {
-                        M_ASN1_TIME_free(x->cert_info->validity->notAfter);
-                        x->cert_info->validity->notAfter=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
-        {
-        if ((x == NULL) || (x->cert_info == NULL)) return(0);
-        return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
-        }
-
-
-
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index 881252608d..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/* x509_trs.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-
-static int tr_cmp(const X509_TRUST * const *a,
-                const X509_TRUST * const *b);
-static void trtable_free(X509_TRUST *p);
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
-
-static int obj_trust(int id, X509 *x, int flags);
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-
-/* WARNING: the following table should be kept in order of trust
- * and without any gaps so we can just subtract the minimum trust
- * value to get an index into the table
- */
-
-static X509_TRUST trstandard[] = {
-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
-};
-
-#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
-
-IMPLEMENT_STACK_OF(X509_TRUST)
-
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-static int tr_cmp(const X509_TRUST * const *a,
-                const X509_TRUST * const *b)
-{
-        return (*a)->trust - (*b)->trust;
-}
-
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
-{
-        int (*oldtrust)(int , X509 *, int);
-        oldtrust = default_trust;
-        default_trust = trust;
-        return oldtrust;
-}
-
-
-int X509_check_trust(X509 *x, int id, int flags)
-{
-        X509_TRUST *pt;
-        int idx;
-        if(id == -1) return 1;
-        idx = X509_TRUST_get_by_id(id);
-        if(idx == -1) return default_trust(id, x, flags);
-        pt = X509_TRUST_get0(idx);
-        return pt->check_trust(pt, x, flags);
-}
-
-int X509_TRUST_get_count(void)
-{
-        if(!trtable) return X509_TRUST_COUNT;
-        return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
-}
-
-X509_TRUST * X509_TRUST_get0(int idx)
-{
-        if(idx < 0) return NULL;
-        if(idx < X509_TRUST_COUNT) return trstandard + idx;
-        return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
-}
-
-int X509_TRUST_get_by_id(int id)
-{
-        X509_TRUST tmp;
-        int idx;
-        if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
-                                 return id - X509_TRUST_MIN;
-        tmp.trust = id;
-        if(!trtable) return -1;
-        idx = sk_X509_TRUST_find(trtable, &tmp);
-        if(idx == -1) return -1;
-        return idx + X509_TRUST_COUNT;
-}
-
-int X509_TRUST_set(int *t, int trust)
-{
-        if(X509_TRUST_get_by_id(trust) == -1) {
-                X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
-                return 0;
-        }
-        *t = trust;
-        return 1;
-}
-
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-                                        char *name, int arg1, void *arg2)
-{
-        int idx;
-        X509_TRUST *trtmp;
-        /* This is set according to what we change: application can't set it */
-        flags &= ~X509_TRUST_DYNAMIC;
-        /* This will always be set for application modified trust entries */
-        flags |= X509_TRUST_DYNAMIC_NAME;
-        /* Get existing entry if any */
-        idx = X509_TRUST_get_by_id(id);
-        /* Need a new entry */
-        if(idx == -1) {
-                if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
-                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                trtmp->flags = X509_TRUST_DYNAMIC;
-        } else trtmp = X509_TRUST_get0(idx);
-
-        /* OPENSSL_free existing name if dynamic */
-        if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
-        /* dup supplied name */
-        if(!(trtmp->name = BUF_strdup(name))) {
-                X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        /* Keep the dynamic flag of existing entry */
-        trtmp->flags &= X509_TRUST_DYNAMIC;
-        /* Set all other flags */
-        trtmp->flags |= flags;
-
-        trtmp->trust = id;
-        trtmp->check_trust = ck;
-        trtmp->arg1 = arg1;
-        trtmp->arg2 = arg2;
-
-        /* If its a new entry manage the dynamic table */
-        if(idx == -1) {
-                if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
-                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if (!sk_X509_TRUST_push(trtable, trtmp)) {
-                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-        return 1;
-}
-
-static void trtable_free(X509_TRUST *p)
-        {
-        if(!p) return;
-        if (p->flags & X509_TRUST_DYNAMIC) 
-                {
-                if (p->flags & X509_TRUST_DYNAMIC_NAME)
-                        OPENSSL_free(p->name);
-                OPENSSL_free(p);
-                }
-        }
-
-void X509_TRUST_cleanup(void)
-{
-        int i;
-        for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
-        sk_X509_TRUST_pop_free(trtable, trtable_free);
-        trtable = NULL;
-}
-
-int X509_TRUST_get_flags(X509_TRUST *xp)
-{
-        return xp->flags;
-}
-
-char *X509_TRUST_get0_name(X509_TRUST *xp)
-{
-        return xp->name;
-}
-
-int X509_TRUST_get_trust(X509_TRUST *xp)
-{
-        return xp->trust;
-}
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
-{
-        if(x->aux && (x->aux->trust || x->aux->reject))
-                return obj_trust(trust->arg1, x, flags);
-        /* we don't have any trust settings: for compatibility
-         * we return trusted if it is self signed
-         */
-        return trust_compat(trust, x, flags);
-}
-
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
-{
-        if(x->aux) return obj_trust(trust->arg1, x, flags);
-        return X509_TRUST_UNTRUSTED;
-}
-
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
-{
-        X509_check_purpose(x, -1, 0);
-        if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
-        else return X509_TRUST_UNTRUSTED;
-}
-
-static int obj_trust(int id, X509 *x, int flags)
-{
-        ASN1_OBJECT *obj;
-        int i;
-        X509_CERT_AUX *ax;
-        ax = x->aux;
-        if(!ax) return X509_TRUST_UNTRUSTED;
-        if(ax->reject) {
-                for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
-                        obj = sk_ASN1_OBJECT_value(ax->reject, i);
-                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
-                }
-        }       
-        if(ax->trust) {
-                for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
-                        obj = sk_ASN1_OBJECT_value(ax->trust, i);
-                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
-                }
-        }
-        return X509_TRUST_UNTRUSTED;
-}
-
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index f19e66a238..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-const char *X509_verify_cert_error_string(long n)
-        {
-        static char buf[100];
-
-        switch ((int)n)
-                {
-        case X509_V_OK:
-                return("ok");
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-                return("unable to get issuer certificate");
-        case X509_V_ERR_UNABLE_TO_GET_CRL:
-                return("unable to get certificate CRL");
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-                return("unable to decrypt certificate's signature");
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-                return("unable to decrypt CRL's signature");
-        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-                return("unable to decode issuer public key");
-        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-                return("certificate signature failure");
-        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-                return("CRL signature failure");
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-                return("certificate is not yet valid");
-        case X509_V_ERR_CRL_NOT_YET_VALID:
-                return("CRL is not yet valid");
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-                return("certificate has expired");
-        case X509_V_ERR_CRL_HAS_EXPIRED:
-                return("CRL has expired");
-        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-                return("format error in certificate's notBefore field");
-        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-                return("format error in certificate's notAfter field");
-        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-                return("format error in CRL's lastUpdate field");
-        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-                return("format error in CRL's nextUpdate field");
-        case X509_V_ERR_OUT_OF_MEM:
-                return("out of memory");
-        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-                return("self signed certificate");
-        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-                return("self signed certificate in certificate chain");
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-                return("unable to get local issuer certificate");
-        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-                return("unable to verify the first certificate");
-        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-                return("certificate chain too long");
-        case X509_V_ERR_CERT_REVOKED:
-                return("certificate revoked");
-        case X509_V_ERR_INVALID_CA:
-                return ("invalid CA certificate");
-        case X509_V_ERR_INVALID_NON_CA:
-                return ("invalid non-CA certificate (has CA markings)");
-        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-                return ("path length constraint exceeded");
-        case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-                return("proxy path length constraint exceeded");
-        case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-                return("proxy cerificates not allowed, please set the appropriate flag");
-        case X509_V_ERR_INVALID_PURPOSE:
-                return ("unsupported certificate purpose");
-        case X509_V_ERR_CERT_UNTRUSTED:
-                return ("certificate not trusted");
-        case X509_V_ERR_CERT_REJECTED:
-                return ("certificate rejected");
-        case X509_V_ERR_APPLICATION_VERIFICATION:
-                return("application verification failure");
-        case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-                return("subject issuer mismatch");
-        case X509_V_ERR_AKID_SKID_MISMATCH:
-                return("authority and subject key identifier mismatch");
-        case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-                return("authority and issuer serial number mismatch");
-        case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-                return("key usage does not include certificate signing");
-        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-                return("unable to get CRL issuer certificate");
-        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-                return("unhandled critical extension");
-        case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-                return("key usage does not include CRL signing");
-        case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-                return("key usage does not include digital signature");
-        case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-                return("unhandled critical CRL extension");
-        default:
-                BIO_snprintf(buf,sizeof buf,"error number %ld",n);
-                return(buf);
-                }
-        }
-
-
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 67b1796a92..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* crypto/x509/x509_v3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
-        {
-        if (x == NULL) return(0);
-        return(sk_X509_EXTENSION_num(x));
-        }
-
-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
-                          int lastpos)
-        {
-        ASN1_OBJECT *obj;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL) return(-2);
-        return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
-        }
-
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
-                          int lastpos)
-        {
-        int n;
-        X509_EXTENSION *ex;
-
-        if (sk == NULL) return(-1);
-        lastpos++;
-        if (lastpos < 0)
-                lastpos=0;
-        n=sk_X509_EXTENSION_num(sk);
-        for ( ; lastpos < n; lastpos++)
-                {
-                ex=sk_X509_EXTENSION_value(sk,lastpos);
-                if (OBJ_cmp(ex->object,obj) == 0)
-                        return(lastpos);
-                }
-        return(-1);
-        }
-
-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
-                               int lastpos)
-        {
-        int n;
-        X509_EXTENSION *ex;
-
-        if (sk == NULL) return(-1);
-        lastpos++;
-        if (lastpos < 0)
-                lastpos=0;
-        n=sk_X509_EXTENSION_num(sk);
-        for ( ; lastpos < n; lastpos++)
-                {
-                ex=sk_X509_EXTENSION_value(sk,lastpos);
-                if (    ((ex->critical > 0) && crit) ||
-                        ((ex->critical <= 0) && !crit))
-                        return(lastpos);
-                }
-        return(-1);
-        }
-
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
-        {
-        if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-                return NULL;
-        else
-                return sk_X509_EXTENSION_value(x,loc);
-        }
-
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
-        {
-        X509_EXTENSION *ret;
-
-        if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-                return(NULL);
-        ret=sk_X509_EXTENSION_delete(x,loc);
-        return(ret);
-        }
-
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-                                         X509_EXTENSION *ex, int loc)
-        {
-        X509_EXTENSION *new_ex=NULL;
-        int n;
-        STACK_OF(X509_EXTENSION) *sk=NULL;
-
-        if ((x != NULL) && (*x == NULL))
-                {
-                if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
-                        goto err;
-                }
-        else
-                sk= *x;
-
-        n=sk_X509_EXTENSION_num(sk);
-        if (loc > n) loc=n;
-        else if (loc < 0) loc=n;
-
-        if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
-                goto err2;
-        if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
-                goto err;
-        if ((x != NULL) && (*x == NULL))
-                *x=sk;
-        return(sk);
-err:
-        X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
-err2:
-        if (new_ex != NULL) X509_EXTENSION_free(new_ex);
-        if (sk != NULL) sk_X509_EXTENSION_free(sk);
-        return(NULL);
-        }
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
-             int crit, ASN1_OCTET_STRING *data)
-        {
-        ASN1_OBJECT *obj;
-        X509_EXTENSION *ret;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-                return(NULL);
-                }
-        ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
-        if (ret == NULL) ASN1_OBJECT_free(obj);
-        return(ret);
-        }
-
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-             ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
-        {
-        X509_EXTENSION *ret;
-
-        if ((ex == NULL) || (*ex == NULL))
-                {
-                if ((ret=X509_EXTENSION_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                }
-        else
-                ret= *ex;
-
-        if (!X509_EXTENSION_set_object(ret,obj))
-                goto err;
-        if (!X509_EXTENSION_set_critical(ret,crit))
-                goto err;
-        if (!X509_EXTENSION_set_data(ret,data))
-                goto err;
-        
-        if ((ex != NULL) && (*ex == NULL)) *ex=ret;
-        return(ret);
-err:
-        if ((ex == NULL) || (ret != *ex))
-                X509_EXTENSION_free(ret);
-        return(NULL);
-        }
-
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
-        {
-        if ((ex == NULL) || (obj == NULL))
-                return(0);
-        ASN1_OBJECT_free(ex->object);
-        ex->object=OBJ_dup(obj);
-        return(1);
-        }
-
-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
-        {
-        if (ex == NULL) return(0);
-        ex->critical=(crit)?0xFF:-1;
-        return(1);
-        }
-
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
-        {
-        int i;
-
-        if (ex == NULL) return(0);
-        i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
-        if (!i) return(0);
-        return(1);
-        }
-
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
-        {
-        if (ex == NULL) return(NULL);
-        return(ex->object);
-        }
-
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
-        {
-        if (ex == NULL) return(NULL);
-        return(ex->value);
-        }
-
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
-        {
-        if (ex == NULL) return(0);
-        if(ex->critical > 0) return 1;
-        return 0;
-        }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 383e082aba..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,1333 +0,0 @@
-/* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-
-static int null_callback(int ok,X509_STORE_CTX *e);
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
-static int check_chain_extensions(X509_STORE_CTX *ctx);
-static int check_trust(X509_STORE_CTX *ctx);
-static int check_revocation(X509_STORE_CTX *ctx);
-static int check_cert(X509_STORE_CTX *ctx);
-static int internal_verify(X509_STORE_CTX *ctx);
-const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
-
-
-static int null_callback(int ok, X509_STORE_CTX *e)
-        {
-        return ok;
-        }
-
-#if 0
-static int x509_subject_cmp(X509 **a, X509 **b)
-        {
-        return X509_subject_name_cmp(*a,*b);
-        }
-#endif
-
-int X509_verify_cert(X509_STORE_CTX *ctx)
-        {
-        X509 *x,*xtmp,*chain_ss=NULL;
-        X509_NAME *xn;
-        int depth,i,ok=0;
-        int num;
-        int (*cb)();
-        STACK_OF(X509) *sktmp=NULL;
-
-        if (ctx->cert == NULL)
-                {
-                X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-                return -1;
-                }
-
-        cb=ctx->verify_cb;
-
-        /* first we make sure the chain we are going to build is
-         * present and that the first entry is in place */
-        if (ctx->chain == NULL)
-                {
-                if (    ((ctx->chain=sk_X509_new_null()) == NULL) ||
-                        (!sk_X509_push(ctx->chain,ctx->cert)))
-                        {
-                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                        goto end;
-                        }
-                CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
-                ctx->last_untrusted=1;
-                }
-
-        /* We use a temporary STACK so we can chop and hack at it */
-        if (ctx->untrusted != NULL
-            && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
-                {
-                X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                goto end;
-                }
-
-        num=sk_X509_num(ctx->chain);
-        x=sk_X509_value(ctx->chain,num-1);
-        depth=ctx->depth;
-
-
-        for (;;)
-                {
-                /* If we have enough, we break */
-                if (depth < num) break; /* FIXME: If this happens, we should take
-                                         * note of it and, if appropriate, use the
-                                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
-                                         * code later.
-                                         */
-
-                /* If we are self signed, we break */
-                xn=X509_get_issuer_name(x);
-                if (ctx->check_issued(ctx, x,x)) break;
-
-                /* If we were passed a cert chain, use it first */
-                if (ctx->untrusted != NULL)
-                        {
-                        xtmp=find_issuer(ctx, sktmp,x);
-                        if (xtmp != NULL)
-                                {
-                                if (!sk_X509_push(ctx->chain,xtmp))
-                                        {
-                                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                                        goto end;
-                                        }
-                                CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-                                sk_X509_delete_ptr(sktmp,xtmp);
-                                ctx->last_untrusted++;
-                                x=xtmp;
-                                num++;
-                                /* reparse the full chain for
-                                 * the next one */
-                                continue;
-                                }
-                        }
-                break;
-                }
-
-        /* at this point, chain should contain a list of untrusted
-         * certificates.  We now need to add at least one trusted one,
-         * if possible, otherwise we complain. */
-
-        /* Examine last certificate in chain and see if it
-         * is self signed.
-         */
-
-        i=sk_X509_num(ctx->chain);
-        x=sk_X509_value(ctx->chain,i-1);
-        xn = X509_get_subject_name(x);
-        if (ctx->check_issued(ctx, x, x))
-                {
-                /* we have a self signed certificate */
-                if (sk_X509_num(ctx->chain) == 1)
-                        {
-                        /* We have a single self signed certificate: see if
-                         * we can find it in the store. We must have an exact
-                         * match to avoid possible impersonation.
-                         */
-                        ok = ctx->get_issuer(&xtmp, ctx, x);
-                        if ((ok <= 0) || X509_cmp(x, xtmp)) 
-                                {
-                                ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-                                ctx->current_cert=x;
-                                ctx->error_depth=i-1;
-                                if (ok == 1) X509_free(xtmp);
-                                ok=cb(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        else 
-                                {
-                                /* We have a match: replace certificate with store version
-                                 * so we get any trust settings.
-                                 */
-                                X509_free(x);
-                                x = xtmp;
-                                sk_X509_set(ctx->chain, i - 1, x);
-                                ctx->last_untrusted=0;
-                                }
-                        }
-                else
-                        {
-                        /* extract and save self signed certificate for later use */
-                        chain_ss=sk_X509_pop(ctx->chain);
-                        ctx->last_untrusted--;
-                        num--;
-                        x=sk_X509_value(ctx->chain,num-1);
-                        }
-                }
-
-        /* We now lookup certs from the certificate store */
-        for (;;)
-                {
-                /* If we have enough, we break */
-                if (depth < num) break;
-
-                /* If we are self signed, we break */
-                xn=X509_get_issuer_name(x);
-                if (ctx->check_issued(ctx,x,x)) break;
-
-                ok = ctx->get_issuer(&xtmp, ctx, x);
-
-                if (ok < 0) return ok;
-                if (ok == 0) break;
-
-                x = xtmp;
-                if (!sk_X509_push(ctx->chain,x))
-                        {
-                        X509_free(xtmp);
-                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                num++;
-                }
-
-        /* we now have our chain, lets check it... */
-        xn=X509_get_issuer_name(x);
-
-        /* Is last certificate looked up self signed? */
-        if (!ctx->check_issued(ctx,x,x))
-                {
-                if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
-                        {
-                        if (ctx->last_untrusted >= num)
-                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-                        else
-                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-                        ctx->current_cert=x;
-                        }
-                else
-                        {
-
-                        sk_X509_push(ctx->chain,chain_ss);
-                        num++;
-                        ctx->last_untrusted=num;
-                        ctx->current_cert=chain_ss;
-                        ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-                        chain_ss=NULL;
-                        }
-
-                ctx->error_depth=num-1;
-                ok=cb(0,ctx);
-                if (!ok) goto end;
-                }
-
-        /* We have the chain complete: now we need to check its purpose */
-        ok = check_chain_extensions(ctx);
-
-        if (!ok) goto end;
-
-        /* The chain extensions are OK: check trust */
-
-        if (ctx->trust > 0) ok = check_trust(ctx);
-
-        if (!ok) goto end;
-
-        /* We may as well copy down any DSA parameters that are required */
-        X509_get_pubkey_parameters(NULL,ctx->chain);
-
-        /* Check revocation status: we do this after copying parameters
-         * because they may be needed for CRL signature verification.
-         */
-
-        ok = ctx->check_revocation(ctx);
-        if(!ok) goto end;
-
-        /* At this point, we have a chain and just need to verify it */
-        if (ctx->verify != NULL)
-                ok=ctx->verify(ctx);
-        else
-                ok=internal_verify(ctx);
-        if (0)
-                {
-end:
-                X509_get_pubkey_parameters(NULL,ctx->chain);
-                }
-        if (sktmp != NULL) sk_X509_free(sktmp);
-        if (chain_ss != NULL) X509_free(chain_ss);
-        return ok;
-        }
-
-
-/* Given a STACK_OF(X509) find the issuer of cert (if any)
- */
-
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
-{
-        int i;
-        X509 *issuer;
-        for (i = 0; i < sk_X509_num(sk); i++)
-                {
-                issuer = sk_X509_value(sk, i);
-                if (ctx->check_issued(ctx, x, issuer))
-                        return issuer;
-                }
-        return NULL;
-}
-
-/* Given a possible certificate and issuer check them */
-
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
-{
-        int ret;
-        ret = X509_check_issued(issuer, x);
-        if (ret == X509_V_OK)
-                return 1;
-        /* If we haven't asked for issuer errors don't set ctx */
-        if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
-                return 0;
-
-        ctx->error = ret;
-        ctx->current_cert = x;
-        ctx->current_issuer = issuer;
-        return ctx->verify_cb(0, ctx);
-        return 0;
-}
-
-/* Alternative lookup method: look from a STACK stored in other_ctx */
-
-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
-        *issuer = find_issuer(ctx, ctx->other_ctx, x);
-        if (*issuer)
-                {
-                CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
-                return 1;
-                }
-        else
-                return 0;
-}
-
-
-/* Check a certificate chains extensions for consistency
- * with the supplied purpose
- */
-
-static int check_chain_extensions(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-        return 1;
-#else
-        int i, ok=0, must_be_ca;
-        X509 *x;
-        int (*cb)();
-        int proxy_path_length = 0;
-        int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        cb=ctx->verify_cb;
-
-        /* must_be_ca can have 1 of 3 values:
-           -1: we accept both CA and non-CA certificates, to allow direct
-               use of self-signed certificates (which are marked as CA).
-           0:  we only accept non-CA certificates.  This is currently not
-               used, but the possibility is present for future extensions.
-           1:  we only accept CA certificates.  This is currently used for
-               all certificates in the chain except the leaf certificate.
-        */
-        must_be_ca = -1;
-
-        /* A hack to keep people who don't want to modify their software
-           happy */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-                allow_proxy_certs = 1;
-
-        /* Check all untrusted certificates */
-        for (i = 0; i < ctx->last_untrusted; i++)
-                {
-                int ret;
-                x = sk_X509_value(ctx->chain, i);
-                if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                        && (x->ex_flags & EXFLAG_CRITICAL))
-                        {
-                        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-                        ctx->error_depth = i;
-                        ctx->current_cert = x;
-                        ok=cb(0,ctx);
-                        if (!ok) goto end;
-                        }
-                if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
-                        {
-                        ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-                        ctx->error_depth = i;
-                        ctx->current_cert = x;
-                        ok=cb(0,ctx);
-                        if (!ok) goto end;
-                        }
-                ret = X509_check_ca(x);
-                switch(must_be_ca)
-                        {
-                case -1:
-                        if ((ctx->flags & X509_V_FLAG_X509_STRICT)
-                                && (ret != 1) && (ret != 0))
-                                {
-                                ret = 0;
-                                ctx->error = X509_V_ERR_INVALID_CA;
-                                }
-                        else
-                                ret = 1;
-                        break;
-                case 0:
-                        if (ret != 0)
-                                {
-                                ret = 0;
-                                ctx->error = X509_V_ERR_INVALID_NON_CA;
-                                }
-                        else
-                                ret = 1;
-                        break;
-                default:
-                        if ((ret == 0)
-                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
-                                        && (ret != 1)))
-                                {
-                                ret = 0;
-                                ctx->error = X509_V_ERR_INVALID_CA;
-                                }
-                        else
-                                ret = 1;
-                        break;
-                        }
-                if (ret == 0)
-                        {
-                        ctx->error_depth = i;
-                        ctx->current_cert = x;
-                        ok=cb(0,ctx);
-                        if (!ok) goto end;
-                        }
-                if (ctx->purpose > 0)
-                        {
-                        ret = X509_check_purpose(x, ctx->purpose,
-                                must_be_ca > 0);
-                        if ((ret == 0)
-                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
-                                        && (ret != 1)))
-                                {
-                                ctx->error = X509_V_ERR_INVALID_PURPOSE;
-                                ctx->error_depth = i;
-                                ctx->current_cert = x;
-                                ok=cb(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        }
-                /* Check pathlen */
-                if ((i > 1) && (x->ex_pathlen != -1)
-                           && (i > (x->ex_pathlen + proxy_path_length + 1)))
-                        {
-                        ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
-                        ctx->error_depth = i;
-                        ctx->current_cert = x;
-                        ok=cb(0,ctx);
-                        if (!ok) goto end;
-                        }
-                /* If this certificate is a proxy certificate, the next
-                   certificate must be another proxy certificate or a EE
-                   certificate.  If not, the next certificate must be a
-                   CA certificate.  */
-                if (x->ex_flags & EXFLAG_PROXY)
-                        {
-                        PROXY_CERT_INFO_EXTENSION *pci =
-                                X509_get_ext_d2i(x, NID_proxyCertInfo,
-                                        NULL, NULL);
-                        if (pci->pcPathLengthConstraint &&
-                                ASN1_INTEGER_get(pci->pcPathLengthConstraint)
-                                < i)
-                                {
-                                PROXY_CERT_INFO_EXTENSION_free(pci);
-                                ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-                                ctx->error_depth = i;
-                                ctx->current_cert = x;
-                                ok=cb(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        PROXY_CERT_INFO_EXTENSION_free(pci);
-                        proxy_path_length++;
-                        must_be_ca = 0;
-                        }
-                else
-                        must_be_ca = 1;
-                }
-        ok = 1;
- end:
-        return ok;
-#endif
-}
-
-static int check_trust(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-        return 1;
-#else
-        int i, ok;
-        X509 *x;
-        int (*cb)();
-        cb=ctx->verify_cb;
-/* For now just check the last certificate in the chain */
-        i = sk_X509_num(ctx->chain) - 1;
-        x = sk_X509_value(ctx->chain, i);
-        ok = X509_check_trust(x, ctx->trust, 0);
-        if (ok == X509_TRUST_TRUSTED)
-                return 1;
-        ctx->error_depth = i;
-        ctx->current_cert = x;
-        if (ok == X509_TRUST_REJECTED)
-                ctx->error = X509_V_ERR_CERT_REJECTED;
-        else
-                ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-        ok = cb(0, ctx);
-        return ok;
-#endif
-}
-
-static int check_revocation(X509_STORE_CTX *ctx)
-        {
-        int i, last, ok;
-        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
-                return 1;
-        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-                last = sk_X509_num(ctx->chain) - 1;
-        else
-                last = 0;
-        for(i = 0; i <= last; i++)
-                {
-                ctx->error_depth = i;
-                ok = check_cert(ctx);
-                if (!ok) return ok;
-                }
-        return 1;
-        }
-
-static int check_cert(X509_STORE_CTX *ctx)
-        {
-        X509_CRL *crl = NULL;
-        X509 *x;
-        int ok, cnum;
-        cnum = ctx->error_depth;
-        x = sk_X509_value(ctx->chain, cnum);
-        ctx->current_cert = x;
-        /* Try to retrieve relevant CRL */
-        ok = ctx->get_crl(ctx, &crl, x);
-        /* If error looking up CRL, nothing we can do except
-         * notify callback
-         */
-        if(!ok)
-                {
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-                ok = ctx->verify_cb(0, ctx);
-                goto err;
-                }
-        ctx->current_crl = crl;
-        ok = ctx->check_crl(ctx, crl);
-        if (!ok) goto err;
-        ok = ctx->cert_crl(ctx, crl, x);
-        err:
-        ctx->current_crl = NULL;
-        X509_CRL_free(crl);
-        return ok;
-
-        }
-
-/* Retrieve CRL corresponding to certificate: currently just a
- * subject lookup: maybe use AKID later...
- * Also might look up any included CRLs too (e.g PKCS#7 signedData).
- */
-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
-        {
-        int ok;
-        X509_OBJECT xobj;
-        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
-        if (!ok) return 0;
-        *crl = xobj.data.crl;
-        return 1;
-        }
-
-/* Check CRL validity */
-static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
-        {
-        X509 *issuer = NULL;
-        EVP_PKEY *ikey = NULL;
-        int ok = 0, chnum, cnum, i;
-        time_t *ptime;
-        cnum = ctx->error_depth;
-        chnum = sk_X509_num(ctx->chain) - 1;
-        /* Find CRL issuer: if not last certificate then issuer
-         * is next certificate in chain.
-         */
-        if(cnum < chnum)
-                issuer = sk_X509_value(ctx->chain, cnum + 1);
-        else
-                {
-                issuer = sk_X509_value(ctx->chain, chnum);
-                /* If not self signed, can't check signature */
-                if(!ctx->check_issued(ctx, issuer, issuer))
-                        {
-                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-                        ok = ctx->verify_cb(0, ctx);
-                        if(!ok) goto err;
-                        }
-                }
-
-        if(issuer)
-                {
-                /* Check for cRLSign bit if keyUsage present */
-                if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-                        !(issuer->ex_kusage & KU_CRL_SIGN))
-                        {
-                        ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-                        ok = ctx->verify_cb(0, ctx);
-                        if(!ok) goto err;
-                        }
-
-                /* Attempt to get issuer certificate public key */
-                ikey = X509_get_pubkey(issuer);
-
-                if(!ikey)
-                        {
-                        ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-                        ok = ctx->verify_cb(0, ctx);
-                        if (!ok) goto err;
-                        }
-                else
-                        {
-                        /* Verify CRL signature */
-                        if(X509_CRL_verify(crl, ikey) <= 0)
-                                {
-                                ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
-                                ok = ctx->verify_cb(0, ctx);
-                                if (!ok) goto err;
-                                }
-                        }
-                }
-
-        /* OK, CRL signature valid check times */
-        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
-                ptime = &ctx->check_time;
-        else
-                ptime = NULL;
-
-        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
-        if (i == 0)
-                {
-                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok) goto err;
-                }
-
-        if (i > 0)
-                {
-                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok) goto err;
-                }
-
-        if(X509_CRL_get_nextUpdate(crl))
-                {
-                i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-
-                if (i == 0)
-                        {
-                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-                        ok = ctx->verify_cb(0, ctx);
-                        if (!ok) goto err;
-                        }
-
-                if (i < 0)
-                        {
-                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-                        ok = ctx->verify_cb(0, ctx);
-                        if (!ok) goto err;
-                        }
-                }
-
-        ok = 1;
-
-        err:
-        EVP_PKEY_free(ikey);
-        return ok;
-        }
-
-/* Check certificate against CRL */
-static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
-        {
-        int idx, ok;
-        X509_REVOKED rtmp;
-        STACK_OF(X509_EXTENSION) *exts;
-        X509_EXTENSION *ext;
-        /* Look for serial number of certificate in CRL */
-        rtmp.serialNumber = X509_get_serialNumber(x);
-        /* Sort revoked into serial number order if not already sorted.
-         * Do this under a lock to avoid race condition.
-         */
-        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
-                sk_X509_REVOKED_sort(crl->crl->revoked);
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
-                }
-        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-        /* If found assume revoked: want something cleverer than
-         * this to handle entry extensions in V2 CRLs.
-         */
-        if(idx >= 0)
-                {
-                ctx->error = X509_V_ERR_CERT_REVOKED;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok) return 0;
-                }
-
-        if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                return 1;
-
-        /* See if we have any critical CRL extensions: since we
-         * currently don't handle any CRL extensions the CRL must be
-         * rejected. 
-         * This code accesses the X509_CRL structure directly: applications
-         * shouldn't do this.
-         */
-
-        exts = crl->crl->extensions;
-
-        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
-                {
-                ext = sk_X509_EXTENSION_value(exts, idx);
-                if (ext->critical > 0)
-                        {
-                        ctx->error =
-                                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-                        ok = ctx->verify_cb(0, ctx);
-                        if(!ok) return 0;
-                        break;
-                        }
-                }
-        return 1;
-        }
-
-static int internal_verify(X509_STORE_CTX *ctx)
-        {
-        int i,ok=0,n;
-        X509 *xs,*xi;
-        EVP_PKEY *pkey=NULL;
-        time_t *ptime;
-        int (*cb)();
-
-        cb=ctx->verify_cb;
-
-        n=sk_X509_num(ctx->chain);
-        ctx->error_depth=n-1;
-        n--;
-        xi=sk_X509_value(ctx->chain,n);
-        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
-                ptime = &ctx->check_time;
-        else
-                ptime = NULL;
-        if (ctx->check_issued(ctx, xi, xi))
-                xs=xi;
-        else
-                {
-                if (n <= 0)
-                        {
-                        ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-                        ctx->current_cert=xi;
-                        ok=cb(0,ctx);
-                        goto end;
-                        }
-                else
-                        {
-                        n--;
-                        ctx->error_depth=n;
-                        xs=sk_X509_value(ctx->chain,n);
-                        }
-                }
-
-/*      ctx->error=0;  not needed */
-        while (n >= 0)
-                {
-                ctx->error_depth=n;
-                if (!xs->valid)
-                        {
-                        if ((pkey=X509_get_pubkey(xi)) == NULL)
-                                {
-                                ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-                                ctx->current_cert=xi;
-                                ok=(*cb)(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        else if (X509_verify(xs,pkey) <= 0)
-                                /* XXX  For the final trusted self-signed cert,
-                                 * this is a waste of time.  That check should
-                                 * optional so that e.g. 'openssl x509' can be
-                                 * used to detect invalid self-signatures, but
-                                 * we don't verify again and again in SSL
-                                 * handshakes and the like once the cert has
-                                 * been declared trusted. */
-                                {
-                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
-                                ctx->current_cert=xs;
-                                ok=(*cb)(0,ctx);
-                                if (!ok)
-                                        {
-                                        EVP_PKEY_free(pkey);
-                                        goto end;
-                                        }
-                                }
-                        EVP_PKEY_free(pkey);
-                        pkey=NULL;
-
-                        i=X509_cmp_time(X509_get_notBefore(xs), ptime);
-                        if (i == 0)
-                                {
-                                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-                                ctx->current_cert=xs;
-                                ok=(*cb)(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        if (i > 0)
-                                {
-                                ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
-                                ctx->current_cert=xs;
-                                ok=(*cb)(0,ctx);
-                                if (!ok) goto end;
-                                }
-                        xs->valid=1;
-                        }
-
-                i=X509_cmp_time(X509_get_notAfter(xs), ptime);
-                if (i == 0)
-                        {
-                        ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-                        ctx->current_cert=xs;
-                        ok=(*cb)(0,ctx);
-                        if (!ok) goto end;
-                        }
-
-                if (i < 0)
-                        {
-                        ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
-                        ctx->current_cert=xs;
-                        ok=(*cb)(0,ctx);
-                        if (!ok) goto end;
-                        }
-
-                /* The last error (if any) is still in the error value */
-                ctx->current_issuer=xi;
-                ctx->current_cert=xs;
-                ok=(*cb)(1,ctx);
-                if (!ok) goto end;
-
-                n--;
-                if (n >= 0)
-                        {
-                        xi=xs;
-                        xs=sk_X509_value(ctx->chain,n);
-                        }
-                }
-        ok=1;
-end:
-        return ok;
-        }
-
-int X509_cmp_current_time(ASN1_TIME *ctm)
-{
-        return X509_cmp_time(ctm, NULL);
-}
-
-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
-        {
-        char *str;
-        ASN1_TIME atm;
-        long offset;
-        char buff1[24],buff2[24],*p;
-        int i,j;
-
-        p=buff1;
-        i=ctm->length;
-        str=(char *)ctm->data;
-        if (ctm->type == V_ASN1_UTCTIME)
-                {
-                if ((i < 11) || (i > 17)) return 0;
-                memcpy(p,str,10);
-                p+=10;
-                str+=10;
-                }
-        else
-                {
-                if (i < 13) return 0;
-                memcpy(p,str,12);
-                p+=12;
-                str+=12;
-                }
-
-        if ((*str == 'Z') || (*str == '-') || (*str == '+'))
-                { *(p++)='0'; *(p++)='0'; }
-        else
-                { 
-                *(p++)= *(str++);
-                *(p++)= *(str++);
-                /* Skip any fractional seconds... */
-                if (*str == '.')
-                        {
-                        str++;
-                        while ((*str >= '0') && (*str <= '9')) str++;
-                        }
-                
-                }
-        *(p++)='Z';
-        *(p++)='\0';
-
-        if (*str == 'Z')
-                offset=0;
-        else
-                {
-                if ((*str != '+') && (*str != '-'))
-                        return 0;
-                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
-                offset+=(str[3]-'0')*10+(str[4]-'0');
-                if (*str == '-')
-                        offset= -offset;
-                }
-        atm.type=ctm->type;
-        atm.length=sizeof(buff2);
-        atm.data=(unsigned char *)buff2;
-
-        if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
-                return 0;
-
-        if (ctm->type == V_ASN1_UTCTIME)
-                {
-                i=(buff1[0]-'0')*10+(buff1[1]-'0');
-                if (i < 50) i+=100; /* cf. RFC 2459 */
-                j=(buff2[0]-'0')*10+(buff2[1]-'0');
-                if (j < 50) j+=100;
-
-                if (i < j) return -1;
-                if (i > j) return 1;
-                }
-        i=strcmp(buff1,buff2);
-        if (i == 0) /* wait a second then return younger :-) */
-                return -1;
-        else
-                return i;
-        }
-
-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
-{
-        return X509_time_adj(s, adj, NULL);
-}
-
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
-        {
-        time_t t;
-        int type = -1;
-
-        if (in_tm) t = *in_tm;
-        else time(&t);
-
-        t+=adj;
-        if (s) type = s->type;
-        if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-        if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
-        return ASN1_TIME_set(s, t);
-        }
-
-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
-        {
-        EVP_PKEY *ktmp=NULL,*ktmp2;
-        int i,j;
-
-        if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
-
-        for (i=0; i<sk_X509_num(chain); i++)
-                {
-                ktmp=X509_get_pubkey(sk_X509_value(chain,i));
-                if (ktmp == NULL)
-                        {
-                        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-                        return 0;
-                        }
-                if (!EVP_PKEY_missing_parameters(ktmp))
-                        break;
-                else
-                        {
-                        EVP_PKEY_free(ktmp);
-                        ktmp=NULL;
-                        }
-                }
-        if (ktmp == NULL)
-                {
-                X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-                return 0;
-                }
-
-        /* first, populate the other certs */
-        for (j=i-1; j >= 0; j--)
-                {
-                ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
-                EVP_PKEY_copy_parameters(ktmp2,ktmp);
-                EVP_PKEY_free(ktmp2);
-                }
-        
-        if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
-        EVP_PKEY_free(ktmp);
-        return 1;
-        }
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        /* This function is (usually) called only once, by
-         * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-                        new_func, dup_func, free_func);
-        }
-
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
-        {
-        return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
-        }
-
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
-        {
-        return CRYPTO_get_ex_data(&ctx->ex_data,idx);
-        }
-
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
-        {
-        return ctx->error;
-        }
-
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
-        {
-        ctx->error=err;
-        }
-
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
-        {
-        return ctx->error_depth;
-        }
-
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
-        {
-        return ctx->current_cert;
-        }
-
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
-        {
-        return ctx->chain;
-        }
-
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
-        {
-        int i;
-        X509 *x;
-        STACK_OF(X509) *chain;
-        if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-        for (i = 0; i < sk_X509_num(chain); i++)
-                {
-                x = sk_X509_value(chain, i);
-                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-                }
-        return chain;
-        }
-
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
-        {
-        ctx->cert=x;
-        }
-
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-        {
-        ctx->untrusted=sk;
-        }
-
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
-        {
-        return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
-        }
-
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
-        {
-        return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
-        }
-
-/* This function is used to set the X509_STORE_CTX purpose and trust
- * values. This is intended to be used when another structure has its
- * own trust and purpose values which (if set) will be inherited by
- * the ctx. If they aren't set then we will usually have a default
- * purpose in mind which should then be used to set the trust value.
- * An example of this is SSL use: an SSL structure will have its own
- * purpose and trust settings which the application can set: if they
- * aren't set then we use the default of SSL client/server.
- */
-
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-                                int purpose, int trust)
-{
-        int idx;
-        /* If purpose not set use default */
-        if (!purpose) purpose = def_purpose;
-        /* If we have a purpose then check it is valid */
-        if (purpose)
-                {
-                X509_PURPOSE *ptmp;
-                idx = X509_PURPOSE_get_by_id(purpose);
-                if (idx == -1)
-                        {
-                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                                                X509_R_UNKNOWN_PURPOSE_ID);
-                        return 0;
-                        }
-                ptmp = X509_PURPOSE_get0(idx);
-                if (ptmp->trust == X509_TRUST_DEFAULT)
-                        {
-                        idx = X509_PURPOSE_get_by_id(def_purpose);
-                        if (idx == -1)
-                                {
-                                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                                                X509_R_UNKNOWN_PURPOSE_ID);
-                                return 0;
-                                }
-                        ptmp = X509_PURPOSE_get0(idx);
-                        }
-                /* If trust not set then get from purpose default */
-                if (!trust) trust = ptmp->trust;
-                }
-        if (trust)
-                {
-                idx = X509_TRUST_get_by_id(trust);
-                if (idx == -1)
-                        {
-                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                                                X509_R_UNKNOWN_TRUST_ID);
-                        return 0;
-                        }
-                }
-
-        if (purpose && !ctx->purpose) ctx->purpose = purpose;
-        if (trust && !ctx->trust) ctx->trust = trust;
-        return 1;
-}
-
-X509_STORE_CTX *X509_STORE_CTX_new(void)
-{
-        X509_STORE_CTX *ctx;
-        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-        if (!ctx)
-                {
-                X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-        memset(ctx, 0, sizeof(X509_STORE_CTX));
-        return ctx;
-}
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
-{
-        X509_STORE_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-}
-
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
-             STACK_OF(X509) *chain)
-        {
-        ctx->ctx=store;
-        ctx->current_method=0;
-        ctx->cert=x509;
-        ctx->untrusted=chain;
-        ctx->last_untrusted=0;
-        ctx->check_time=0;
-        ctx->other_ctx=NULL;
-        ctx->valid=0;
-        ctx->chain=NULL;
-        ctx->depth=9;
-        ctx->error=0;
-        ctx->error_depth=0;
-        ctx->current_cert=NULL;
-        ctx->current_issuer=NULL;
-
-        /* Inherit callbacks and flags from X509_STORE if not set
-         * use defaults.
-         */
-
-
-        if (store)
-                {
-                ctx->purpose=store->purpose;
-                ctx->trust=store->trust;
-                ctx->flags = store->flags;
-                ctx->cleanup = store->cleanup;
-                }
-        else
-                {
-                ctx->purpose = 0;
-                ctx->trust = 0;
-                ctx->flags = 0;
-                ctx->cleanup = 0;
-                }
-
-        if (store && store->check_issued)
-                ctx->check_issued = store->check_issued;
-        else
-                ctx->check_issued = check_issued;
-
-        if (store && store->get_issuer)
-                ctx->get_issuer = store->get_issuer;
-        else
-                ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
-        if (store && store->verify_cb)
-                ctx->verify_cb = store->verify_cb;
-        else
-                ctx->verify_cb = null_callback;
-
-        if (store && store->verify)
-                ctx->verify = store->verify;
-        else
-                ctx->verify = internal_verify;
-
-        if (store && store->check_revocation)
-                ctx->check_revocation = store->check_revocation;
-        else
-                ctx->check_revocation = check_revocation;
-
-        if (store && store->get_crl)
-                ctx->get_crl = store->get_crl;
-        else
-                ctx->get_crl = get_crl;
-
-        if (store && store->check_crl)
-                ctx->check_crl = store->check_crl;
-        else
-                ctx->check_crl = check_crl;
-
-        if (store && store->cert_crl)
-                ctx->cert_crl = store->cert_crl;
-        else
-                ctx->cert_crl = cert_crl;
-
-
-        /* This memset() can't make any sense anyway, so it's removed. As
-         * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
-         * corresponding "new" here and remove this bogus initialisation. */
-        /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
-        if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
-                                &(ctx->ex_data)))
-                {
-                OPENSSL_free(ctx);
-                X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        return 1;
-        }
-
-/* Set alternative lookup method: just a STACK of trusted certificates.
- * This avoids X509_STORE nastiness where it isn't needed.
- */
-
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
-        ctx->other_ctx = sk;
-        ctx->get_issuer = get_issuer_sk;
-}
-
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
-        {
-        if (ctx->cleanup) ctx->cleanup(ctx);
-        if (ctx->chain != NULL)
-                {
-                sk_X509_pop_free(ctx->chain,X509_free);
-                ctx->chain=NULL;
-                }
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
-        }
-
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
-        {
-        ctx->flags |= flags;
-        }
-
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
-        {
-        ctx->check_time = t;
-        ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
-        }
-
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb)(int, X509_STORE_CTX *))
-        {
-        ctx->verify_cb=verify_cb;
-        }
-
-IMPLEMENT_STACK_OF(X509)
-IMPLEMENT_ASN1_SET_OF(X509)
-
-IMPLEMENT_STACK_OF(X509_NAME)
-
-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index 7fd1f0bc4d..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,422 +0,0 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-#include <openssl/x509.h>
-/* openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment. */
-#endif
-
-#ifndef HEADER_X509_VFY_H
-#define HEADER_X509_VFY_H
-
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Outer object */
-typedef struct x509_hash_dir_st
-        {
-        int num_dirs;
-        char **dirs;
-        int *dirs_type;
-        int num_dirs_alloced;
-        } X509_HASH_DIR_CTX;
-
-typedef struct x509_file_st
-        {
-        int num_paths;  /* number of paths to files or directories */
-        int num_alloced;
-        char **paths;   /* the list of paths or directories */
-        int *path_type;
-        } X509_CERT_FILE_CTX;
-
-/*******************************/
-/*
-SSL_CTX -> X509_STORE    
-                -> X509_LOOKUP
-                        ->X509_LOOKUP_METHOD
-                -> X509_LOOKUP
-                        ->X509_LOOKUP_METHOD
- 
-SSL     -> X509_STORE_CTX
-                ->X509_STORE    
-
-The X509_STORE holds the tables etc for verification stuff.
-A X509_STORE_CTX is used while validating a single certificate.
-The X509_STORE has X509_LOOKUPs for looking up certs.
-The X509_STORE then calls a function to actually verify the
-certificate chain.
-*/
-
-#define X509_LU_RETRY           -1
-#define X509_LU_FAIL            0
-#define X509_LU_X509            1
-#define X509_LU_CRL             2
-#define X509_LU_PKEY            3
-
-typedef struct x509_object_st
-        {
-        /* one of the above types */
-        int type;
-        union   {
-                char *ptr;
-                X509 *x509;
-                X509_CRL *crl;
-                EVP_PKEY *pkey;
-                } data;
-        } X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st
-        {
-        const char *name;
-        int (*new_item)(X509_LOOKUP *ctx);
-        void (*free)(X509_LOOKUP *ctx);
-        int (*init)(X509_LOOKUP *ctx);
-        int (*shutdown)(X509_LOOKUP *ctx);
-        int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
-                        char **ret);
-        int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-                              X509_OBJECT *ret);
-        int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-                                    ASN1_INTEGER *serial,X509_OBJECT *ret);
-        int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
-                                  unsigned char *bytes,int len,
-                                  X509_OBJECT *ret);
-        int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
-                            X509_OBJECT *ret);
-        } X509_LOOKUP_METHOD;
-
-/* This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain. */
-struct x509_store_st
-        {
-        /* The following is a cache of trusted certs */
-        int cache;      /* if true, stash any hits */
-        STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects */
-
-        /* These are external lookup methods */
-        STACK_OF(X509_LOOKUP) *get_cert_methods;
-
-        /* The following fields are not used by X509_STORE but are
-         * inherited by X509_STORE_CTX when it is initialised.
-         */
-
-        unsigned long flags;    /* Various verify flags */
-        int purpose;
-        int trust;
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
-        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-        int (*cleanup)(X509_STORE_CTX *ctx);
-
-        CRYPTO_EX_DATA ex_data;
-        int references;
-        int depth;              /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
-        } /* X509_STORE */;
-
-#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
-
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st
-        {
-        int init;                       /* have we been started */
-        int skip;                       /* don't use us. */
-        X509_LOOKUP_METHOD *method;     /* the functions */
-        char *method_data;              /* method data */
-
-        X509_STORE *store_ctx;  /* who owns us */
-        } /* X509_LOOKUP */;
-
-/* This is a used when verifying cert chains.  Since the
- * gathering of the cert chain can take some time (and have to be
- * 'retried', this needs to be kept and passed around. */
-struct x509_store_ctx_st      /* X509_STORE_CTX */
-        {
-        X509_STORE *ctx;
-        int current_method;     /* used when looking up certs */
-
-        /* The following are set by the caller */
-        X509 *cert;             /* The cert to check */
-        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
-        int purpose;            /* purpose to check untrusted certificates */
-        int trust;              /* trust setting to check */
-        time_t  check_time;     /* time to make verify at */
-        unsigned long flags;    /* Various verify flags */
-        void *other_ctx;        /* Other info for use with get_issuer() */
-
-        /* Callbacks for various operations */
-        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
-        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
-        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
-        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-        int (*cleanup)(X509_STORE_CTX *ctx);
-
-        /* The following is built up */
-        int depth;              /* how far to go looking up certs */
-        int valid;              /* if 0, rebuild chain */
-        int last_untrusted;     /* index of last untrusted cert */
-        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
-
-        /* When something goes wrong, this is why */
-        int error_depth;
-        int error;
-        X509 *current_cert;
-        X509 *current_issuer;   /* cert currently being tested as valid issuer */
-        X509_CRL *current_crl;  /* current CRL */
-
-        CRYPTO_EX_DATA ex_data;
-        } /* X509_STORE_CTX */;
-
-#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
-
-#define X509_STORE_CTX_set_app_data(ctx,data) \
-        X509_STORE_CTX_set_ex_data(ctx,0,data)
-#define X509_STORE_CTX_get_app_data(ctx) \
-        X509_STORE_CTX_get_ex_data(ctx,0)
-
-#define X509_L_FILE_LOAD        1
-#define X509_L_ADD_DIR          2
-
-#define X509_LOOKUP_load_file(x,name,type) \
-                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
-
-#define X509_LOOKUP_add_dir(x,name,type) \
-                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
-
-#define         X509_V_OK                                       0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
-#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
-#define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-#define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-#define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-#define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-#define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define         X509_V_ERR_CERT_NOT_YET_VALID                   9
-#define         X509_V_ERR_CERT_HAS_EXPIRED                     10
-#define         X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define         X509_V_ERR_CRL_HAS_EXPIRED                      12
-#define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-#define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-#define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-#define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-#define         X509_V_ERR_OUT_OF_MEM                           17
-#define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-#define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-#define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-#define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-#define         X509_V_ERR_CERT_REVOKED                         23
-#define         X509_V_ERR_INVALID_CA                           24
-#define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-#define         X509_V_ERR_INVALID_PURPOSE                      26
-#define         X509_V_ERR_CERT_UNTRUSTED                       27
-#define         X509_V_ERR_CERT_REJECTED                        28
-/* These are 'informational' when looking for issuer cert */
-#define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-#define         X509_V_ERR_AKID_SKID_MISMATCH                   30
-#define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-#define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-
-#define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-#define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-#define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-#define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-#define         X509_V_ERR_INVALID_NON_CA                       37
-#define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-#define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-#define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-
-/* The application is not happy */
-#define         X509_V_ERR_APPLICATION_VERIFICATION             50
-
-/* Certificate verify flags */
-
-/* Send issuer+subject checks to verify_cb */
-#define X509_V_FLAG_CB_ISSUER_CHECK             0x1
-/* Use check time instead of current time */
-#define X509_V_FLAG_USE_CHECK_TIME              0x2
-/* Lookup CRLs */
-#define X509_V_FLAG_CRL_CHECK                   0x4
-/* Lookup CRLs for whole chain */
-#define X509_V_FLAG_CRL_CHECK_ALL               0x8
-/* Ignore unhandled critical extensions */
-#define X509_V_FLAG_IGNORE_CRITICAL             0x10
-/* Disable workarounds for broken certificates */
-#define X509_V_FLAG_X509_STRICT                 0x20
-/* Enable proxy certificate validation */
-#define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-             X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void );
-void X509_STORE_free(X509_STORE *v);
-
-void X509_STORE_set_flags(X509_STORE *ctx, long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-
-X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-                         X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
-        X509_OBJECT *ret);
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-        long argl, char **ret);
-
-#ifndef OPENSSL_NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-#endif
-
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
-void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-        X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-        ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-        unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
-        int len, X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
-#ifndef OPENSSL_NO_STDIO
-int     X509_STORE_load_locations (X509_STORE *ctx,
-                const char *file, const char *dir);
-int     X509_STORE_set_default_paths(X509_STORE *ctx);
-#endif
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int     X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
-void *  X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
-int     X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-void    X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
-int     X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-X509 *  X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void    X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-                                int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb)(int, X509_STORE_CTX *));
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
deleted file mode 100644
index 9d1646d5c8..0000000000
--- a/src/lib/libcrypto/x509/x509cset.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* crypto/x509/x509cset.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_CRL_set_version(X509_CRL *x, long version)
-        {
-        if (x == NULL) return(0);
-        if (x->crl->version == NULL)
-                {
-                if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
-                        return(0);
-                }
-        return(ASN1_INTEGER_set(x->crl->version,version));
-        }
-
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-        {
-        if ((x == NULL) || (x->crl == NULL)) return(0);
-        return(X509_NAME_set(&x->crl->issuer,name));
-        }
-
-
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
-        {
-        ASN1_TIME *in;
-
-        if (x == NULL) return(0);
-        in=x->crl->lastUpdate;
-        if (in != tm)
-                {
-                in=M_ASN1_TIME_dup(tm);
-                if (in != NULL)
-                        {
-                        M_ASN1_TIME_free(x->crl->lastUpdate);
-                        x->crl->lastUpdate=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
-        {
-        ASN1_TIME *in;
-
-        if (x == NULL) return(0);
-        in=x->crl->nextUpdate;
-        if (in != tm)
-                {
-                in=M_ASN1_TIME_dup(tm);
-                if (in != NULL)
-                        {
-                        M_ASN1_TIME_free(x->crl->nextUpdate);
-                        x->crl->nextUpdate=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_CRL_sort(X509_CRL *c)
-        {
-        int i;
-        X509_REVOKED *r;
-        /* sort the data so it will be written in serial
-         * number order */
-        sk_X509_REVOKED_sort(c->crl->revoked);
-        for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
-                {
-                r=sk_X509_REVOKED_value(c->crl->revoked,i);
-                r->sequence=i;
-                }
-        c->crl->enc.modified = 1;
-        return 1;
-        }
-
-int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
-        {
-        ASN1_TIME *in;
-
-        if (x == NULL) return(0);
-        in=x->revocationDate;
-        if (in != tm)
-                {
-                in=M_ASN1_TIME_dup(tm);
-                if (in != NULL)
-                        {
-                        M_ASN1_TIME_free(x->revocationDate);
-                        x->revocationDate=in;
-                        }
-                }
-        return(in != NULL);
-        }
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
-        {
-        ASN1_INTEGER *in;
-
-        if (x == NULL) return(0);
-        in=x->serialNumber;
-        if (in != serial)
-                {
-                in=M_ASN1_INTEGER_dup(serial);
-                if (in != NULL)
-                        {
-                        M_ASN1_INTEGER_free(x->serialNumber);
-                        x->serialNumber=in;
-                        }
-                }
-        return(in != NULL);
-        }
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 068abfe5f0..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/* crypto/x509/x509name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
-        {
-        ASN1_OBJECT *obj;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL) return(-1);
-        return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
-        }
-
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
-             int len)
-        {
-        int i;
-        ASN1_STRING *data;
-
-        i=X509_NAME_get_index_by_OBJ(name,obj,-1);
-        if (i < 0) return(-1);
-        data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-        i=(data->length > (len-1))?(len-1):data->length;
-        if (buf == NULL) return(data->length);
-        memcpy(buf,data->data,i);
-        buf[i]='\0';
-        return(i);
-        }
-
-int X509_NAME_entry_count(X509_NAME *name)
-        {
-        if (name == NULL) return(0);
-        return(sk_X509_NAME_ENTRY_num(name->entries));
-        }
-
-int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
-        {
-        ASN1_OBJECT *obj;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL) return(-2);
-        return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
-        }
-
-/* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-             int lastpos)
-        {
-        int n;
-        X509_NAME_ENTRY *ne;
-        STACK_OF(X509_NAME_ENTRY) *sk;
-
-        if (name == NULL) return(-1);
-        if (lastpos < 0)
-                lastpos= -1;
-        sk=name->entries;
-        n=sk_X509_NAME_ENTRY_num(sk);
-        for (lastpos++; lastpos < n; lastpos++)
-                {
-                ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
-                if (OBJ_cmp(ne->object,obj) == 0)
-                        return(lastpos);
-                }
-        return(-1);
-        }
-
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
-        {
-        if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-           || loc < 0)
-                return(NULL);
-        else
-                return(sk_X509_NAME_ENTRY_value(name->entries,loc));
-        }
-
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
-        {
-        X509_NAME_ENTRY *ret;
-        int i,n,set_prev,set_next;
-        STACK_OF(X509_NAME_ENTRY) *sk;
-
-        if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-            || loc < 0)
-                return(NULL);
-        sk=name->entries;
-        ret=sk_X509_NAME_ENTRY_delete(sk,loc);
-        n=sk_X509_NAME_ENTRY_num(sk);
-        name->modified=1;
-        if (loc == n) return(ret);
-
-        /* else we need to fixup the set field */
-        if (loc != 0)
-                set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
-        else
-                set_prev=ret->set-1;
-        set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-
-        /* set_prev is the previous set
-         * set is the current set
-         * set_next is the following
-         * prev  1 1    1 1     1 1     1 1
-         * set   1      1       2       2
-         * next  1 1    2 2     2 2     3 2
-         * so basically only if prev and next differ by 2, then
-         * re-number down by 1 */
-        if (set_prev+1 < set_next)
-                for (i=loc; i<n; i++)
-                        sk_X509_NAME_ENTRY_value(sk,i)->set--;
-        return(ret);
-        }
-
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-                        unsigned char *bytes, int len, int loc, int set)
-{
-        X509_NAME_ENTRY *ne;
-        int ret;
-        ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
-        if(!ne) return 0;
-        ret = X509_NAME_add_entry(name, ne, loc, set);
-        X509_NAME_ENTRY_free(ne);
-        return ret;
-}
-
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-                        unsigned char *bytes, int len, int loc, int set)
-{
-        X509_NAME_ENTRY *ne;
-        int ret;
-        ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
-        if(!ne) return 0;
-        ret = X509_NAME_add_entry(name, ne, loc, set);
-        X509_NAME_ENTRY_free(ne);
-        return ret;
-}
-
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-                        const unsigned char *bytes, int len, int loc, int set)
-{
-        X509_NAME_ENTRY *ne;
-        int ret;
-        ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
-        if(!ne) return 0;
-        ret = X509_NAME_add_entry(name, ne, loc, set);
-        X509_NAME_ENTRY_free(ne);
-        return ret;
-}
-
-/* if set is -1, append to previous set, 0 'a new one', and 1,
- * prepend to the guy we are about to stomp on. */
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
-             int set)
-        {
-        X509_NAME_ENTRY *new_name=NULL;
-        int n,i,inc;
-        STACK_OF(X509_NAME_ENTRY) *sk;
-
-        if (name == NULL) return(0);
-        sk=name->entries;
-        n=sk_X509_NAME_ENTRY_num(sk);
-        if (loc > n) loc=n;
-        else if (loc < 0) loc=n;
-
-        name->modified=1;
-
-        if (set == -1)
-                {
-                if (loc == 0)
-                        {
-                        set=0;
-                        inc=1;
-                        }
-                else
-                        {
-                        set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
-                        inc=0;
-                        }
-                }
-        else /* if (set >= 0) */
-                {
-                if (loc >= n)
-                        {
-                        if (loc != 0)
-                                set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
-                        else
-                                set=0;
-                        }
-                else
-                        set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-                inc=(set == 0)?1:0;
-                }
-
-        if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
-                goto err;
-        new_name->set=set;
-        if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
-                {
-                X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (inc)
-                {
-                n=sk_X509_NAME_ENTRY_num(sk);
-                for (i=loc+1; i<n; i++)
-                        sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
-                }       
-        return(1);
-err:
-        if (new_name != NULL)
-                X509_NAME_ENTRY_free(new_name);
-        return(0);
-        }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-                const char *field, int type, const unsigned char *bytes, int len)
-        {
-        ASN1_OBJECT *obj;
-        X509_NAME_ENTRY *nentry;
-
-        obj=OBJ_txt2obj(field, 0);
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
-                                                X509_R_INVALID_FIELD_NAME);
-                ERR_add_error_data(2, "name=", field);
-                return(NULL);
-                }
-        nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-        ASN1_OBJECT_free(obj);
-        return nentry;
-        }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-             int type, unsigned char *bytes, int len)
-        {
-        ASN1_OBJECT *obj;
-        X509_NAME_ENTRY *nentry;
-
-        obj=OBJ_nid2obj(nid);
-        if (obj == NULL)
-                {
-                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-                return(NULL);
-                }
-        nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-        ASN1_OBJECT_free(obj);
-        return nentry;
-        }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-             ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
-        {
-        X509_NAME_ENTRY *ret;
-
-        if ((ne == NULL) || (*ne == NULL))
-                {
-                if ((ret=X509_NAME_ENTRY_new()) == NULL)
-                        return(NULL);
-                }
-        else
-                ret= *ne;
-
-        if (!X509_NAME_ENTRY_set_object(ret,obj))
-                goto err;
-        if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
-                goto err;
-
-        if ((ne != NULL) && (*ne == NULL)) *ne=ret;
-        return(ret);
-err:
-        if ((ne == NULL) || (ret != *ne))
-                X509_NAME_ENTRY_free(ret);
-        return(NULL);
-        }
-
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
-        {
-        if ((ne == NULL) || (obj == NULL))
-                {
-                X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        ASN1_OBJECT_free(ne->object);
-        ne->object=OBJ_dup(obj);
-        return((ne->object == NULL)?0:1);
-        }
-
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-             const unsigned char *bytes, int len)
-        {
-        int i;
-
-        if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
-        if((type > 0) && (type & MBSTRING_FLAG)) 
-                return ASN1_STRING_set_by_NID(&ne->value, bytes,
-                                                len, type,
-                                        OBJ_obj2nid(ne->object)) ? 1 : 0;
-        if (len < 0) len=strlen((char *)bytes);
-        i=ASN1_STRING_set(ne->value,bytes,len);
-        if (!i) return(0);
-        if (type != V_ASN1_UNDEF)
-                {
-                if (type == V_ASN1_APP_CHOOSE)
-                        ne->value->type=ASN1_PRINTABLE_type(bytes,len);
-                else
-                        ne->value->type=type;
-                }
-        return(1);
-        }
-
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
-        {
-        if (ne == NULL) return(NULL);
-        return(ne->object);
-        }
-
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
-        {
-        if (ne == NULL) return(NULL);
-        return(ne->value);
-        }
-
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/x509/x509rset.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_REQ_set_version(X509_REQ *x, long version)
-        {
-        if (x == NULL) return(0);
-        return(ASN1_INTEGER_set(x->req_info->version,version));
-        }
-
-int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
-        {
-        if ((x == NULL) || (x->req_info == NULL)) return(0);
-        return(X509_NAME_set(&x->req_info->subject,name));
-        }
-
-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
-        {
-        if ((x == NULL) || (x->req_info == NULL)) return(0);
-        return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
-        }
-
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index 4c3af946ec..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* x509spki.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
-{
-        if ((x == NULL) || (x->spkac == NULL)) return(0);
-        return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
-}
-
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
-{
-        if ((x == NULL) || (x->spkac == NULL))
-                return(NULL);
-        return(X509_PUBKEY_get(x->spkac->pubkey));
-}
-
-/* Load a Netscape SPKI from a base64 encoded string */
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
-{
-        unsigned char *spki_der, *p;
-        int spki_len;
-        NETSCAPE_SPKI *spki;
-        if(len <= 0) len = strlen(str);
-        if (!(spki_der = OPENSSL_malloc(len + 1))) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
-        if(spki_len < 0) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
-                                                X509_R_BASE64_DECODE_ERROR);
-                OPENSSL_free(spki_der);
-                return NULL;
-        }
-        p = spki_der;
-        spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
-        OPENSSL_free(spki_der);
-        return spki;
-}
-
-/* Generate a base64 encoded string from an SPKI */
-
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
-{
-        unsigned char *der_spki, *p;
-        char *b64_str;
-        int der_len;
-        der_len = i2d_NETSCAPE_SPKI(spki, NULL);
-        der_spki = OPENSSL_malloc(der_len);
-        b64_str = OPENSSL_malloc(der_len * 2);
-        if(!der_spki || !b64_str) {
-                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        p = der_spki;
-        i2d_NETSCAPE_SPKI(spki, &p);
-        EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
-        OPENSSL_free(der_spki);
-        return b64_str;
-}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index c25959a742..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* crypto/x509/x509type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
-        {
-        EVP_PKEY *pk;
-        int ret=0,i;
-
-        if (x == NULL) return(0);
-
-        if (pkey == NULL)
-                pk=X509_get_pubkey(x);
-        else
-                pk=pkey;
-
-        if (pk == NULL) return(0);
-
-        switch (pk->type)
-                {
-        case EVP_PKEY_RSA:
-                ret=EVP_PK_RSA|EVP_PKT_SIGN;
-/*              if (!sign only extension) */
-                        ret|=EVP_PKT_ENC;
-        break;
-        case EVP_PKEY_DSA:
-                ret=EVP_PK_DSA|EVP_PKT_SIGN;
-                break;
-        case EVP_PKEY_DH:
-                ret=EVP_PK_DH|EVP_PKT_EXCH;
-                break;
-        default:
-                break;
-                }
-
-        i=X509_get_signature_type(x);
-        switch (i)
-                {
-        case EVP_PKEY_RSA:
-                ret|=EVP_PKS_RSA;
-                break;
-        case EVP_PKEY_DSA:
-                ret|=EVP_PKS_DSA;
-                break;
-        default:
-                break;
-                }
-
-        if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
-                                           for, not bytes */
-                ret|=EVP_PKT_EXP;
-        if(pkey==NULL) EVP_PKEY_free(pk);
-        return(ret);
-        }
-
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index ac6dea493a..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/* crypto/x509/x_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_verify(X509 *a, EVP_PKEY *r)
-        {
-        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
-                a->signature,a->cert_info,r));
-        }
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
-        {
-        return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-                a->sig_alg,a->signature,a->req_info,r));
-        }
-
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
-        {
-        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                a->sig_alg, a->signature,a->crl,r));
-        }
-
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
-        {
-        return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-                a->sig_algor,a->signature,a->spkac,r));
-        }
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-        {
-        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
-                x->sig_alg, x->signature, x->cert_info,pkey,md));
-        }
-
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
-        {
-        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
-                x->signature, x->req_info,pkey,md));
-        }
-
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
-        {
-        x->crl->enc.modified = 1;
-        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
-                x->sig_alg, x->signature, x->crl,pkey,md));
-        }
-
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
-        {
-        return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
-                x->signature, x->spkac,pkey,md));
-        }
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
-        }
-
-int i2d_X509_fp(FILE *fp, X509 *x509)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
-        }
-#endif
-
-X509 *d2i_X509_bio(BIO *bp, X509 **x509)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
-        }
-
-int i2d_X509_bio(BIO *bp, X509 *x509)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-        }
-
-int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-        }
-#endif
-
-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-        }
-
-int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-        }
-
-int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-        }
-#endif
-
-PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-        }
-
-int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-        }
-
-#ifndef OPENSSL_NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-        }
-
-int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-        }
-#endif
-
-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-        }
-
-int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-        }
-
-#ifndef OPENSSL_NO_RSA
-
-#ifndef OPENSSL_NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-        }
-
-int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-        }
-
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
-        {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-        }
-
-
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
-        {
-        return((RSA *)ASN1_d2i_fp((char *(*)())
-                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
-                (unsigned char **)(rsa)));
-        }
-
-int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
-        {
-        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-        }
-
-int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
-        {
-        return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
-        }
-#endif
-
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-        }
-
-int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-        }
-
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
-        {
-        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-        }
-
-
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
-        {
-        return((RSA *)ASN1_d2i_bio((char *(*)())
-                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
-                (unsigned char **)(rsa)));
-        }
-
-int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
-        {
-        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-        }
-
-int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
-        {
-        return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
-        }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
-        {
-        return((DSA *)ASN1_d2i_fp((char *(*)())
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
-                (unsigned char **)(dsa)));
-        }
-
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
-        {
-        return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
-        }
-
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
-        {
-        return((DSA *)ASN1_d2i_fp((char *(*)())
-                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
-                (unsigned char **)(dsa)));
-        }
-
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
-        {
-        return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
-        }
-#endif
-
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
-        {
-        return((DSA *)ASN1_d2i_bio((char *(*)())
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
-                (unsigned char **)(dsa)));
-        }
-
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
-        {
-        return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
-        }
-
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
-        {
-        return((DSA *)ASN1_d2i_bio((char *(*)())
-                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
-                (unsigned char **)(dsa)));
-        }
-
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
-        {
-        return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
-        }
-
-#endif
-
-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-             unsigned int *len)
-        {
-        ASN1_BIT_STRING *key;
-        key = X509_get0_pubkey_bitstr(data);
-        if(!key) return 0;
-        return EVP_Digest(key->data, key->length, md, len, type, NULL);
-        }
-
-int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-             unsigned int *len)
-        {
-        return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
-        }
-
-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
-             unsigned int *len)
-        {
-        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
-        }
-
-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
-             unsigned int *len)
-        {
-        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
-        }
-
-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
-             unsigned int *len)
-        {
-        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
-        }
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
-             unsigned char *md, unsigned int *len)
-        {
-        return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
-                (char *)data,md,len));
-        }
-
-
-#ifndef OPENSSL_NO_FP_API
-X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
-        {
-        return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
-                (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
-        }
-
-int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
-        {
-        return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
-        }
-#endif
-
-X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
-        {
-        return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
-                (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
-        }
-
-int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
-        {
-        return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
-        }
-
-#ifndef OPENSSL_NO_FP_API
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-                                                 PKCS8_PRIV_KEY_INFO **p8inf)
-        {
-        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
-                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
-                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
-                                (unsigned char **)(p8inf)));
-        }
-
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
-        {
-        return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
-        }
-
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
-        {
-        PKCS8_PRIV_KEY_INFO *p8inf;
-        int ret;
-        p8inf = EVP_PKEY2PKCS8(key);
-        if(!p8inf) return 0;
-        ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
-        return ret;
-        }
-
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
-        {
-        return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
-        }
-
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
-{
-        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
-                (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
-}
-
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
-        {
-        return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
-        }
-
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
-{
-        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
-                (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
-}
-
-#endif
-
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-                                                 PKCS8_PRIV_KEY_INFO **p8inf)
-        {
-        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
-                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
-                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
-                                (unsigned char **)(p8inf)));
-        }
-
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
-        {
-        return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
-        }
-
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
-        {
-        PKCS8_PRIV_KEY_INFO *p8inf;
-        int ret;
-        p8inf = EVP_PKEY2PKCS8(key);
-        if(!p8inf) return 0;
-        ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
-        return ret;
-        }
-
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
-        {
-        return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
-        }
-
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
-        {
-        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
-                (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
-        }
-
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
-        {
-        return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
-        }
-
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
-        {
-        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
-                (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
-        }
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
deleted file mode 100644
index d8328ac468..0000000000
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ext_dat.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* This file contains a table of "standard" extensions */
-
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
-extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-
-/* This table will be searched using OBJ_bsearch so it *must* kept in
- * order of the ext_nid values.
- */
-
-static X509V3_EXT_METHOD *standard_exts[] = {
-&v3_nscert,
-&v3_ns_ia5_list[0],
-&v3_ns_ia5_list[1],
-&v3_ns_ia5_list[2],
-&v3_ns_ia5_list[3],
-&v3_ns_ia5_list[4],
-&v3_ns_ia5_list[5],
-&v3_ns_ia5_list[6],
-&v3_skey_id,
-&v3_key_usage,
-&v3_pkey_usage_period,
-&v3_alt[0],
-&v3_alt[1],
-&v3_bcons,
-&v3_crl_num,
-&v3_cpols,
-&v3_akey_id,
-&v3_crld,
-&v3_ext_ku,
-&v3_delta_crl,
-&v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_invdate,
-#endif
-&v3_sxnet,
-&v3_info,
-#ifndef OPENSSL_NO_OCSP
-&v3_ocsp_nonce,
-&v3_ocsp_crlid,
-&v3_ocsp_accresp,
-&v3_ocsp_nocheck,
-&v3_ocsp_acutoff,
-&v3_ocsp_serviceloc,
-#endif
-&v3_sinfo,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_hold,
-#endif
-&v3_pci,
-};
-
-/* Number of standard extensions */
-
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
deleted file mode 100644
index 97e686f97a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* v3_akey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-                        AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-                        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
-(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-0,0,
-NULL
-};
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-             AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
-{
-        char *tmp;
-        if(akeyid->keyid) {
-                tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
-                X509V3_add_value("keyid", tmp, &extlist);
-                OPENSSL_free(tmp);
-        }
-        if(akeyid->issuer) 
-                extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
-        if(akeyid->serial) {
-                tmp = hex_to_string(akeyid->serial->data,
-                                                 akeyid->serial->length);
-                X509V3_add_value("serial", tmp, &extlist);
-                OPENSSL_free(tmp);
-        }
-        return extlist;
-}
-
-/* Currently two options:
- * keyid: use the issuers subject keyid, the value 'always' means its is
- * an error if the issuer certificate doesn't have a key id.
- * issuer: use the issuers cert issuer and serial number. The default is
- * to only use this if keyid is not present. With the option 'always'
- * this is always included.
- */
-
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
-char keyid=0, issuer=0;
-int i;
-CONF_VALUE *cnf;
-ASN1_OCTET_STRING *ikeyid = NULL;
-X509_NAME *isname = NULL;
-GENERAL_NAMES * gens = NULL;
-GENERAL_NAME *gen = NULL;
-ASN1_INTEGER *serial = NULL;
-X509_EXTENSION *ext;
-X509 *cert;
-AUTHORITY_KEYID *akeyid;
-for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-        cnf = sk_CONF_VALUE_value(values, i);
-        if(!strcmp(cnf->name, "keyid")) {
-                keyid = 1;
-                if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
-        } else if(!strcmp(cnf->name, "issuer")) {
-                issuer = 1;
-                if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
-        } else {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
-                ERR_add_error_data(2, "name=", cnf->name);
-                return NULL;
-        }
-}
-
-if(!ctx || !ctx->issuer_cert) {
-        if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
-        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
-        return NULL;
-}
-
-cert = ctx->issuer_cert;
-
-if(keyid) {
-        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
-        if((i >= 0)  && (ext = X509_get_ext(cert, i)))
-                                                 ikeyid = X509V3_EXT_d2i(ext);
-        if(keyid==2 && !ikeyid) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-                return NULL;
-        }
-}
-
-if((issuer && !ikeyid) || (issuer == 2)) {
-        isname = X509_NAME_dup(X509_get_issuer_name(cert));
-        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
-        if(!isname || !serial) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
-                goto err;
-        }
-}
-
-if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-
-if(isname) {
-        if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
-                || !sk_GENERAL_NAME_push(gens, gen)) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        gen->type = GEN_DIRNAME;
-        gen->d.dirn = isname;
-}
-
-akeyid->issuer = gens;
-akeyid->serial = serial;
-akeyid->keyid = ikeyid;
-
-return akeyid;
-
-err:
-X509_NAME_free(isname);
-M_ASN1_INTEGER_free(serial);
-M_ASN1_OCTET_STRING_free(ikeyid);
-return NULL;
-
-}
-
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
deleted file mode 100644
index 2aafa26ba7..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akeya.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* v3_akey_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(AUTHORITY_KEYID) = {
-        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
-        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
-        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
-} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
deleted file mode 100644
index 58b935a3b6..0000000000
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/* v3_alt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_subject_alt,
-NULL, NULL, NULL},
-
-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_issuer_alt,
-NULL, NULL, NULL},
-};
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
-{
-        int i;
-        GENERAL_NAME *gen;
-        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                gen = sk_GENERAL_NAME_value(gens, i);
-                ret = i2v_GENERAL_NAME(method, gen, ret);
-        }
-        if(!ret) return sk_CONF_VALUE_new_null();
-        return ret;
-}
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
-                                GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
-{
-        unsigned char *p;
-        char oline[256];
-        switch (gen->type)
-        {
-                case GEN_OTHERNAME:
-                X509V3_add_value("othername","<unsupported>", &ret);
-                break;
-
-                case GEN_X400:
-                X509V3_add_value("X400Name","<unsupported>", &ret);
-                break;
-
-                case GEN_EDIPARTY:
-                X509V3_add_value("EdiPartyName","<unsupported>", &ret);
-                break;
-
-                case GEN_EMAIL:
-                X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
-                break;
-
-                case GEN_DNS:
-                X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
-                break;
-
-                case GEN_URI:
-                X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
-                break;
-
-                case GEN_DIRNAME:
-                X509_NAME_oneline(gen->d.dirn, oline, 256);
-                X509V3_add_value("DirName",oline, &ret);
-                break;
-
-                case GEN_IPADD:
-                p = gen->d.ip->data;
-                /* BUG: doesn't support IPV6 */
-                if(gen->d.ip->length != 4) {
-                        X509V3_add_value("IP Address","<invalid>", &ret);
-                        break;
-                }
-                BIO_snprintf(oline, sizeof oline,
-                             "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-                X509V3_add_value("IP Address",oline, &ret);
-                break;
-
-                case GEN_RID:
-                i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
-                X509V3_add_value("Registered ID",oline, &ret);
-                break;
-        }
-        return ret;
-}
-
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
-{
-        unsigned char *p;
-        switch (gen->type)
-        {
-                case GEN_OTHERNAME:
-                BIO_printf(out, "othername:<unsupported>");
-                break;
-
-                case GEN_X400:
-                BIO_printf(out, "X400Name:<unsupported>");
-                break;
-
-                case GEN_EDIPARTY:
-                /* Maybe fix this: it is supported now */
-                BIO_printf(out, "EdiPartyName:<unsupported>");
-                break;
-
-                case GEN_EMAIL:
-                BIO_printf(out, "email:%s",gen->d.ia5->data);
-                break;
-
-                case GEN_DNS:
-                BIO_printf(out, "DNS:%s",gen->d.ia5->data);
-                break;
-
-                case GEN_URI:
-                BIO_printf(out, "URI:%s",gen->d.ia5->data);
-                break;
-
-                case GEN_DIRNAME:
-                BIO_printf(out, "DirName: ");
-                X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
-                break;
-
-                case GEN_IPADD:
-                p = gen->d.ip->data;
-                /* BUG: doesn't support IPV6 */
-                if(gen->d.ip->length != 4) {
-                        BIO_printf(out,"IP Address:<invalid>");
-                        break;
-                }
-                BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-                break;
-
-                case GEN_RID:
-                BIO_printf(out, "Registered ID");
-                i2a_ASN1_OBJECT(out, gen->d.rid);
-                break;
-        }
-        return 1;
-}
-
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
-                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        GENERAL_NAMES *gens = NULL;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!name_cmp(cnf->name, "issuer") && cnf->value &&
-                                                !strcmp(cnf->value, "copy")) {
-                        if(!copy_issuer(ctx, gens)) goto err;
-                } else {
-                        GENERAL_NAME *gen;
-                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-                                                                 goto err; 
-                        sk_GENERAL_NAME_push(gens, gen);
-                }
-        }
-        return gens;
-        err:
-        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-        return NULL;
-}
-
-/* Append subject altname of issuer to issuer alt name of subject */
-
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
-{
-        GENERAL_NAMES *ialt;
-        GENERAL_NAME *gen;
-        X509_EXTENSION *ext;
-        int i;
-        if(ctx && (ctx->flags == CTX_TEST)) return 1;
-        if(!ctx || !ctx->issuer_cert) {
-                X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
-                goto err;
-        }
-        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
-        if(i < 0) return 1;
-        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
-                        !(ialt = X509V3_EXT_d2i(ext)) ) {
-                X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
-                goto err;
-        }
-
-        for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
-                gen = sk_GENERAL_NAME_value(ialt, i);
-                if(!sk_GENERAL_NAME_push(gens, gen)) {
-                        X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-        }
-        sk_GENERAL_NAME_free(ialt);
-
-        return 1;
-                
-        err:
-        return 0;
-        
-}
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
-                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        GENERAL_NAMES *gens = NULL;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!name_cmp(cnf->name, "email") && cnf->value &&
-                                                !strcmp(cnf->value, "copy")) {
-                        if(!copy_email(ctx, gens, 0)) goto err;
-                } else if(!name_cmp(cnf->name, "email") && cnf->value &&
-                                                !strcmp(cnf->value, "move")) {
-                        if(!copy_email(ctx, gens, 1)) goto err;
-                } else {
-                        GENERAL_NAME *gen;
-                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-                                                                 goto err; 
-                        sk_GENERAL_NAME_push(gens, gen);
-                }
-        }
-        return gens;
-        err:
-        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-        return NULL;
-}
-
-/* Copy any email addresses in a certificate or request to 
- * GENERAL_NAMES
- */
-
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
-{
-        X509_NAME *nm;
-        ASN1_IA5STRING *email = NULL;
-        X509_NAME_ENTRY *ne;
-        GENERAL_NAME *gen = NULL;
-        int i;
-        if(ctx->flags == CTX_TEST) return 1;
-        if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
-                X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
-                goto err;
-        }
-        /* Find the subject name */
-        if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
-        else nm = X509_REQ_get_subject_name(ctx->subject_req);
-
-        /* Now add any email address(es) to STACK */
-        i = -1;
-        while((i = X509_NAME_get_index_by_NID(nm,
-                                         NID_pkcs9_emailAddress, i)) >= 0) {
-                ne = X509_NAME_get_entry(nm, i);
-                email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
-                if (move_p)
-                        {
-                        X509_NAME_delete_entry(nm, i);
-                        i--;
-                        }
-                if(!email || !(gen = GENERAL_NAME_new())) {
-                        X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                gen->d.ia5 = email;
-                email = NULL;
-                gen->type = GEN_EMAIL;
-                if(!sk_GENERAL_NAME_push(gens, gen)) {
-                        X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                gen = NULL;
-        }
-
-        
-        return 1;
-                
-        err:
-        GENERAL_NAME_free(gen);
-        M_ASN1_IA5STRING_free(email);
-        return 0;
-        
-}
-
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        GENERAL_NAME *gen;
-        GENERAL_NAMES *gens = NULL;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
-                sk_GENERAL_NAME_push(gens, gen);
-        }
-        return gens;
-        err:
-        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-        return NULL;
-}
-
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                         CONF_VALUE *cnf)
-{
-char is_string = 0;
-int type;
-GENERAL_NAME *gen = NULL;
-
-char *name, *value;
-
-name = cnf->name;
-value = cnf->value;
-
-if(!value) {
-        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
-        return NULL;
-}
-
-if(!(gen = GENERAL_NAME_new())) {
-        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-        return NULL;
-}
-
-if(!name_cmp(name, "email")) {
-        is_string = 1;
-        type = GEN_EMAIL;
-} else if(!name_cmp(name, "URI")) {
-        is_string = 1;
-        type = GEN_URI;
-} else if(!name_cmp(name, "DNS")) {
-        is_string = 1;
-        type = GEN_DNS;
-} else if(!name_cmp(name, "RID")) {
-        ASN1_OBJECT *obj;
-        if(!(obj = OBJ_txt2obj(value,0))) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
-                ERR_add_error_data(2, "value=", value);
-                goto err;
-        }
-        gen->d.rid = obj;
-        type = GEN_RID;
-} else if(!name_cmp(name, "IP")) {
-        int i1,i2,i3,i4;
-        unsigned char ip[4];
-        if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
-            (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
-            (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
-                ERR_add_error_data(2, "value=", value);
-                goto err;
-        }
-        ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
-        if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
-                !ASN1_STRING_set(gen->d.ip, ip, 4)) {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-                        goto err;
-        }
-        type = GEN_IPADD;
-} else {
-        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
-        ERR_add_error_data(2, "name=", name);
-        goto err;
-}
-
-if(is_string) {
-        if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
-                      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-                                       strlen(value))) {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-}
-
-gen->type = type;
-
-return gen;
-
-err:
-GENERAL_NAME_free(gen);
-return NULL;
-}
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
deleted file mode 100644
index cbb012715e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* v3_bcons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-X509V3_EXT_METHOD v3_bcons = {
-NID_basic_constraints, 0,
-ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
-NULL,NULL,
-NULL
-};
-
-ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
-        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
-        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-             BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
-{
-        X509V3_add_value_bool("CA", bcons->ca, &extlist);
-        X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
-        return extlist;
-}
-
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
-        BASIC_CONSTRAINTS *bcons=NULL;
-        CONF_VALUE *val;
-        int i;
-        if(!(bcons = BASIC_CONSTRAINTS_new())) {
-                X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-                val = sk_CONF_VALUE_value(values, i);
-                if(!strcmp(val->name, "CA")) {
-                        if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
-                } else if(!strcmp(val->name, "pathlen")) {
-                        if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
-                } else {
-                        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
-                        X509V3_conf_err(val);
-                        goto err;
-                }
-        }
-        return bcons;
-        err:
-        BASIC_CONSTRAINTS_free(bcons);
-        return NULL;
-}
-
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
deleted file mode 100644
index 274965306d..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* v3_bitst.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-                                ASN1_BIT_STRING *bits,
-                                STACK_OF(CONF_VALUE) *extlist);
-
-static BIT_STRING_BITNAME ns_cert_type_table[] = {
-{0, "SSL Client", "client"},
-{1, "SSL Server", "server"},
-{2, "S/MIME", "email"},
-{3, "Object Signing", "objsign"},
-{4, "Unused", "reserved"},
-{5, "SSL CA", "sslCA"},
-{6, "S/MIME CA", "emailCA"},
-{7, "Object Signing CA", "objCA"},
-{-1, NULL, NULL}
-};
-
-static BIT_STRING_BITNAME key_usage_type_table[] = {
-{0, "Digital Signature", "digitalSignature"},
-{1, "Non Repudiation", "nonRepudiation"},
-{2, "Key Encipherment", "keyEncipherment"},
-{3, "Data Encipherment", "dataEncipherment"},
-{4, "Key Agreement", "keyAgreement"},
-{5, "Certificate Sign", "keyCertSign"},
-{6, "CRL Sign", "cRLSign"},
-{7, "Encipher Only", "encipherOnly"},
-{8, "Decipher Only", "decipherOnly"},
-{-1, NULL, NULL}
-};
-
-
-
-X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
-
-static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-             ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
-{
-        BIT_STRING_BITNAME *bnam;
-        for(bnam =method->usr_data; bnam->lname; bnam++) {
-                if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
-                        X509V3_add_value(bnam->lname, NULL, &ret);
-        }
-        return ret;
-}
-        
-static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        CONF_VALUE *val;
-        ASN1_BIT_STRING *bs;
-        int i;
-        BIT_STRING_BITNAME *bnam;
-        if(!(bs = M_ASN1_BIT_STRING_new())) {
-                X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                val = sk_CONF_VALUE_value(nval, i);
-                for(bnam = method->usr_data; bnam->lname; bnam++) {
-                        if(!strcmp(bnam->sname, val->name) ||
-                                !strcmp(bnam->lname, val->name) ) {
-                                if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
-                                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-                                                ERR_R_MALLOC_FAILURE);
-                                        M_ASN1_BIT_STRING_free(bs);
-                                        return NULL;
-                                }
-                                break;
-                        }
-                }
-                if(!bnam->lname) {
-                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-                                        X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
-                        X509V3_conf_err(val);
-                        M_ASN1_BIT_STRING_free(bs);
-                        return NULL;
-                }
-        }
-        return bs;
-}
-        
-
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
deleted file mode 100644
index 1284d5aaa5..0000000000
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/* v3_conf.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* extension creation utilities */
-
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc);
-/* CONF *conf:  Config file    */
-/* char *name:  Name    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-             char *value)
-        {
-        int crit;
-        int ext_type;
-        X509_EXTENSION *ret;
-        crit = v3_check_critical(&value);
-        if ((ext_type = v3_check_generic(&value))) 
-                return v3_generic_extension(name, value, crit, ext_type);
-        ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-        if (!ret)
-                {
-                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
-                ERR_add_error_data(4,"name=", name, ", value=", value);
-                }
-        return ret;
-        }
-
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             char *value)
-        {
-        int crit;
-        int ext_type;
-        crit = v3_check_critical(&value);
-        if ((ext_type = v3_check_generic(&value))) 
-                return v3_generic_extension(OBJ_nid2sn(ext_nid),
-                                                         value, crit, ext_type);
-        return do_ext_nconf(conf, ctx, ext_nid, crit, value);
-        }
-
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             int crit, char *value)
-        {
-        X509V3_EXT_METHOD *method;
-        X509_EXTENSION *ext;
-        STACK_OF(CONF_VALUE) *nval;
-        void *ext_struc;
-        if (ext_nid == NID_undef)
-                {
-                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
-                return NULL;
-                }
-        if (!(method = X509V3_EXT_get_nid(ext_nid)))
-                {
-                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
-                return NULL;
-                }
-        /* Now get internal extension representation based on type */
-        if (method->v2i)
-                {
-                if(*value == '@') nval = NCONF_get_section(conf, value + 1);
-                else nval = X509V3_parse_list(value);
-                if(!nval)
-                        {
-                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
-                        ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
-                        return NULL;
-                        }
-                ext_struc = method->v2i(method, ctx, nval);
-                if(*value != '@') sk_CONF_VALUE_pop_free(nval,
-                                                         X509V3_conf_free);
-                if(!ext_struc) return NULL;
-                }
-        else if(method->s2i)
-                {
-                if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-                }
-        else if(method->r2i)
-                {
-                if(!ctx->db)
-                        {
-                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
-                        return NULL;
-                        }
-                if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-                }
-        else
-                {
-                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
-                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
-                return NULL;
-                }
-
-        ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-        if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
-        else method->ext_free(ext_struc);
-        return ext;
-
-        }
-
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc)
-        {
-        unsigned char *ext_der;
-        int ext_len;
-        ASN1_OCTET_STRING *ext_oct;
-        X509_EXTENSION *ext;
-        /* Convert internal representation to DER */
-        if (method->it)
-                {
-                ext_der = NULL;
-                ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-                if (ext_len < 0) goto merr;
-                }
-         else
-                {
-                unsigned char *p;
-                ext_len = method->i2d(ext_struc, NULL);
-                if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
-                p = ext_der;
-                method->i2d(ext_struc, &p);
-                }
-        if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
-        ext_oct->data = ext_der;
-        ext_oct->length = ext_len;
-
-        ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-        if (!ext) goto merr;
-        M_ASN1_OCTET_STRING_free(ext_oct);
-
-        return ext;
-
-        merr:
-        X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
-        return NULL;
-
-        }
-
-/* Given an internal structure, nid and critical flag create an extension */
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-        {
-        X509V3_EXT_METHOD *method;
-        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
-                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
-                return NULL;
-        }
-        return do_ext_i2d(method, ext_nid, crit, ext_struc);
-}
-
-/* Check the extension string for critical flag */
-static int v3_check_critical(char **value)
-{
-        char *p = *value;
-        if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
-        p+=9;
-        while(isspace((unsigned char)*p)) p++;
-        *value = p;
-        return 1;
-}
-
-/* Check extension string for generic extension and return the type */
-static int v3_check_generic(char **value)
-{
-        char *p = *value;
-        if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
-        p+=4;
-        while (isspace((unsigned char)*p)) p++;
-        *value = p;
-        return 1;
-}
-
-/* Create a generic extension: for now just handle DER type */
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-             int crit, int type)
-        {
-        unsigned char *ext_der=NULL;
-        long ext_len;
-        ASN1_OBJECT *obj=NULL;
-        ASN1_OCTET_STRING *oct=NULL;
-        X509_EXTENSION *extension=NULL;
-        if (!(obj = OBJ_txt2obj(ext, 0)))
-                {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-                ERR_add_error_data(2, "name=", ext);
-                goto err;
-                }
-
-        if (!(ext_der = string_to_hex(value, &ext_len)))
-                {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-                ERR_add_error_data(2, "value=", value);
-                goto err;
-                }
-
-        if (!(oct = M_ASN1_OCTET_STRING_new()))
-                {
-                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        oct->data = ext_der;
-        oct->length = ext_len;
-        ext_der = NULL;
-
-        extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-
-        err:
-        ASN1_OBJECT_free(obj);
-        M_ASN1_OCTET_STRING_free(oct);
-        if(ext_der) OPENSSL_free(ext_der);
-        return extension;
-
-        }
-
-
-/* This is the main function: add a bunch of extensions based on a config file
- * section to an extension STACK.
- */
-
-
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-             STACK_OF(X509_EXTENSION) **sk)
-        {
-        X509_EXTENSION *ext;
-        STACK_OF(CONF_VALUE) *nval;
-        CONF_VALUE *val;        
-        int i;
-        if (!(nval = NCONF_get_section(conf, section))) return 0;
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
-                {
-                val = sk_CONF_VALUE_value(nval, i);
-                if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
-                                                                return 0;
-                if (sk) X509v3_add_ext(sk, ext, -1);
-                X509_EXTENSION_free(ext);
-                }
-        return 1;
-        }
-
-/* Convenience functions to add extensions to a certificate, CRL and request */
-
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509 *cert)
-        {
-        STACK_OF(X509_EXTENSION) **sk = NULL;
-        if (cert)
-                sk = &cert->cert_info->extensions;
-        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-        }
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509_CRL *crl)
-        {
-        STACK_OF(X509_EXTENSION) **sk = NULL;
-        if (crl)
-                sk = &crl->crl->extensions;
-        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-        }
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509_REQ *req)
-        {
-        STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-        int i;
-        if (req)
-                sk = &extlist;
-        i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-        if (!i || !sk)
-                return i;
-        i = X509_REQ_add_extensions(req, extlist);
-        sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
-        return i;
-        }
-
-/* Config database functions */
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-        {
-        if (ctx->db_meth->get_string)
-                        return ctx->db_meth->get_string(ctx->db, name, section);
-        return NULL;
-        }
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-        {
-        if (ctx->db_meth->get_section)
-                        return ctx->db_meth->get_section(ctx->db, section);
-        return NULL;
-        }
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str)
-        {
-        if (!str) return;
-        if (ctx->db_meth->free_string)
-                        ctx->db_meth->free_string(ctx->db, str);
-        }
-
-void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-        {
-        if (!section) return;
-        if (ctx->db_meth->free_section)
-                        ctx->db_meth->free_section(ctx->db, section);
-        }
-
-static char *nconf_get_string(void *db, char *section, char *value)
-        {
-        return NCONF_get_string(db, section, value);
-        }
-
-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
-        {
-        return NCONF_get_section(db, section);
-        }
-
-static X509V3_CONF_METHOD nconf_method = {
-nconf_get_string,
-nconf_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
-        {
-        ctx->db_meth = &nconf_method;
-        ctx->db = conf;
-        }
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-             X509_CRL *crl, int flags)
-        {
-        ctx->issuer_cert = issuer;
-        ctx->subject_cert = subj;
-        ctx->crl = crl;
-        ctx->subject_req = req;
-        ctx->flags = flags;
-        }
-
-/* Old conf compatibility functions */
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
-             char *value)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_nconf(&ctmp, ctx, name, value);
-        }
-
-/* LHASH *conf:  Config file    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
-             char *value)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
-        }
-
-static char *conf_lhash_get_string(void *db, char *section, char *value)
-        {
-        return CONF_get_string(db, section, value);
-        }
-
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-        {
-        return CONF_get_section(db, section);
-        }
-
-static X509V3_CONF_METHOD conf_lhash_method = {
-conf_lhash_get_string,
-conf_lhash_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-        {
-        ctx->db_meth = &conf_lhash_method;
-        ctx->db = lhash;
-        }
-
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-             X509 *cert)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
-        }
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-             X509_CRL *crl)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
-        }
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-             X509_REQ *req)
-        {
-        CONF ctmp;
-        CONF_set_nconf(&ctmp, conf);
-        return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
-        }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index 867525f336..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/* v3_cpols.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-/* Certificate policies extension support: this one is a bit complex... */
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-                                 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-                                        STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-
-X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-0,0,0,0,
-0,0,
-0,0,
-(X509V3_EXT_I2R)i2r_certpol,
-(X509V3_EXT_R2I)r2i_certpol,
-NULL
-};
-
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
-
-IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-
-ASN1_SEQUENCE(POLICYINFO) = {
-        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
-        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
-
-ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
-
-ASN1_ADB(POLICYQUALINFO) = {
-        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
-        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
-
-ASN1_SEQUENCE(POLICYQUALINFO) = {
-        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYQUALINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
-
-ASN1_SEQUENCE(USERNOTICE) = {
-        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
-        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
-} ASN1_SEQUENCE_END(USERNOTICE)
-
-IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
-
-ASN1_SEQUENCE(NOTICEREF) = {
-        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
-        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(NOTICEREF)
-
-IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-                X509V3_CTX *ctx, char *value)
-{
-        STACK_OF(POLICYINFO) *pols = NULL;
-        char *pstr;
-        POLICYINFO *pol;
-        ASN1_OBJECT *pobj;
-        STACK_OF(CONF_VALUE) *vals;
-        CONF_VALUE *cnf;
-        int i, ia5org;
-        pols = sk_POLICYINFO_new_null();
-        if (pols == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        vals =  X509V3_parse_list(value);
-        if (vals == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
-                goto err;
-        }
-        ia5org = 0;
-        for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-                cnf = sk_CONF_VALUE_value(vals, i);
-                if(cnf->value || !cnf->name ) {
-                        X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-                pstr = cnf->name;
-                if(!strcmp(pstr,"ia5org")) {
-                        ia5org = 1;
-                        continue;
-                } else if(*pstr == '@') {
-                        STACK_OF(CONF_VALUE) *polsect;
-                        polsect = X509V3_get_section(ctx, pstr + 1);
-                        if(!polsect) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = policy_section(ctx, polsect, ia5org);
-                        X509V3_section_free(ctx, polsect);
-                        if(!pol) goto err;
-                } else {
-                        if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = POLICYINFO_new();
-                        pol->policyid = pobj;
-                }
-                sk_POLICYINFO_push(pols, pol);
-        }
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        return pols;
-        err:
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
-        return NULL;
-}
-
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-                                STACK_OF(CONF_VALUE) *polstrs, int ia5org)
-{
-        int i;
-        CONF_VALUE *cnf;
-        POLICYINFO *pol;
-        POLICYQUALINFO *qual;
-        if(!(pol = POLICYINFO_new())) goto merr;
-        for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-                cnf = sk_CONF_VALUE_value(polstrs, i);
-                if(!strcmp(cnf->name, "policyIdentifier")) {
-                        ASN1_OBJECT *pobj;
-                        if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol->policyid = pobj;
-
-                } else if(!name_cmp(cnf->name, "CPS")) {
-                        if(!pol->qualifiers) pol->qualifiers =
-                                                 sk_POLICYQUALINFO_new_null();
-                        if(!(qual = POLICYQUALINFO_new())) goto merr;
-                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                                                 goto merr;
-                        qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-                        qual->d.cpsuri = M_ASN1_IA5STRING_new();
-                        if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!name_cmp(cnf->name, "userNotice")) {
-                        STACK_OF(CONF_VALUE) *unot;
-                        if(*cnf->value != '@') {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        unot = X509V3_get_section(ctx, cnf->value + 1);
-                        if(!unot) {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        qual = notice_section(ctx, unot, ia5org);
-                        X509V3_section_free(ctx, unot);
-                        if(!qual) goto err;
-                        if(!pol->qualifiers) pol->qualifiers =
-                                                 sk_POLICYQUALINFO_new_null();
-                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                                                 goto merr;
-                } else {
-                        X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        if(!pol->policyid) {
-                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
-                goto err;
-        }
-
-        return pol;
-
-        merr:
-        X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
-
-        err:
-        POLICYINFO_free(pol);
-        return NULL;
-        
-        
-}
-
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-                                        STACK_OF(CONF_VALUE) *unot, int ia5org)
-{
-        int i, ret;
-        CONF_VALUE *cnf;
-        USERNOTICE *not;
-        POLICYQUALINFO *qual;
-        if(!(qual = POLICYQUALINFO_new())) goto merr;
-        qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
-        if(!(not = USERNOTICE_new())) goto merr;
-        qual->d.usernotice = not;
-        for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-                cnf = sk_CONF_VALUE_value(unot, i);
-                if(!strcmp(cnf->name, "explicitText")) {
-                        not->exptext = M_ASN1_VISIBLESTRING_new();
-                        if(!ASN1_STRING_set(not->exptext, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!strcmp(cnf->name, "organization")) {
-                        NOTICEREF *nref;
-                        if(!not->noticeref) {
-                                if(!(nref = NOTICEREF_new())) goto merr;
-                                not->noticeref = nref;
-                        } else nref = not->noticeref;
-                        if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
-                        else nref->organization->type = V_ASN1_VISIBLESTRING;
-                        if(!ASN1_STRING_set(nref->organization, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!strcmp(cnf->name, "noticeNumbers")) {
-                        NOTICEREF *nref;
-                        STACK_OF(CONF_VALUE) *nos;
-                        if(!not->noticeref) {
-                                if(!(nref = NOTICEREF_new())) goto merr;
-                                not->noticeref = nref;
-                        } else nref = not->noticeref;
-                        nos = X509V3_parse_list(cnf->value);
-                        if(!nos || !sk_CONF_VALUE_num(nos)) {
-                                X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        ret = nref_nos(nref->noticenos, nos);
-                        sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-                        if (!ret)
-                                goto err;
-                } else {
-                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-
-        if(not->noticeref && 
-              (!not->noticeref->noticenos || !not->noticeref->organization)) {
-                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
-                        goto err;
-        }
-
-        return qual;
-
-        merr:
-        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-
-        err:
-        POLICYQUALINFO_free(qual);
-        return NULL;
-}
-
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
-{
-        CONF_VALUE *cnf;
-        ASN1_INTEGER *aint;
-
-        int i;
-
-        for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-                cnf = sk_CONF_VALUE_value(nos, i);
-                if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-                        X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
-                        goto err;
-                }
-                if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
-        }
-        return 1;
-
-        merr:
-        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-
-        err:
-        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-        return 0;
-}
-
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
-                BIO *out, int indent)
-{
-        int i;
-        POLICYINFO *pinfo;
-        /* First print out the policy OIDs */
-        for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
-                pinfo = sk_POLICYINFO_value(pol, i);
-                BIO_printf(out, "%*sPolicy: ", indent, "");
-                i2a_ASN1_OBJECT(out, pinfo->policyid);
-                BIO_puts(out, "\n");
-                if(pinfo->qualifiers)
-                         print_qualifiers(out, pinfo->qualifiers, indent + 2);
-        }
-        return 1;
-}
-
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
-                int indent)
-{
-        POLICYQUALINFO *qualinfo;
-        int i;
-        for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
-                qualinfo = sk_POLICYQUALINFO_value(quals, i);
-                switch(OBJ_obj2nid(qualinfo->pqualid))
-                {
-                        case NID_id_qt_cps:
-                        BIO_printf(out, "%*sCPS: %s\n", indent, "",
-                                                qualinfo->d.cpsuri->data);
-                        break;
-                
-                        case NID_id_qt_unotice:
-                        BIO_printf(out, "%*sUser Notice:\n", indent, "");
-                        print_notice(out, qualinfo->d.usernotice, indent + 2);
-                        break;
-
-                        default:
-                        BIO_printf(out, "%*sUnknown Qualifier: ",
-                                                         indent + 2, "");
-                        
-                        i2a_ASN1_OBJECT(out, qualinfo->pqualid);
-                        BIO_puts(out, "\n");
-                        break;
-                }
-        }
-}
-
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
-{
-        int i;
-        if(notice->noticeref) {
-                NOTICEREF *ref;
-                ref = notice->noticeref;
-                BIO_printf(out, "%*sOrganization: %s\n", indent, "",
-                                                 ref->organization->data);
-                BIO_printf(out, "%*sNumber%s: ", indent, "",
-                           sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
-                for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
-                        ASN1_INTEGER *num;
-                        char *tmp;
-                        num = sk_ASN1_INTEGER_value(ref->noticenos, i);
-                        if(i) BIO_puts(out, ", ");
-                        tmp = i2s_ASN1_INTEGER(NULL, num);
-                        BIO_puts(out, tmp);
-                        OPENSSL_free(tmp);
-                }
-                BIO_puts(out, "\n");
-        }
-        if(notice->exptext)
-                BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
-                                                         notice->exptext->data);
-}
-
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
deleted file mode 100644
index f90829c574..0000000000
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/* v3_crld.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-                STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_crld,
-(X509V3_EXT_V2I)v2i_crld,
-0,0,
-NULL
-};
-
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-                        STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
-{
-        DIST_POINT *point;
-        int i;
-        for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
-                point = sk_DIST_POINT_value(crld, i);
-                if(point->distpoint) {
-                        if(point->distpoint->type == 0)
-                                exts = i2v_GENERAL_NAMES(NULL,
-                                         point->distpoint->name.fullname, exts);
-                        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
-                }
-                if(point->reasons) 
-                        X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
-                if(point->CRLissuer)
-                        X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
-        }
-        return exts;
-}
-
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        STACK_OF(DIST_POINT) *crld = NULL;
-        GENERAL_NAMES *gens = NULL;
-        GENERAL_NAME *gen = NULL;
-        CONF_VALUE *cnf;
-        int i;
-        if(!(crld = sk_DIST_POINT_new_null())) goto merr;
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                DIST_POINT *point;
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
-                if(!(gens = GENERAL_NAMES_new())) goto merr;
-                if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
-                gen = NULL;
-                if(!(point = DIST_POINT_new())) goto merr;
-                if(!sk_DIST_POINT_push(crld, point)) {
-                        DIST_POINT_free(point);
-                        goto merr;
-                }
-                if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
-                point->distpoint->name.fullname = gens;
-                point->distpoint->type = 0;
-                gens = NULL;
-        }
-        return crld;
-
-        merr:
-        X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
-        err:
-        GENERAL_NAME_free(gen);
-        GENERAL_NAMES_free(gens);
-        sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
-        return NULL;
-}
-
-IMPLEMENT_STACK_OF(DIST_POINT)
-IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-
-
-ASN1_CHOICE(DIST_POINT_NAME) = {
-        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
-        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END(DIST_POINT_NAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-ASN1_SEQUENCE(DIST_POINT) = {
-        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
-        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
-} ASN1_SEQUENCE_END(DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
-
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
deleted file mode 100644
index 010c9d6260..0000000000
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/* v3_enum.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ENUMERATED_NAMES crl_reasons[] = {
-{0, "Unspecified", "unspecified"},
-{1, "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
-{6, "Certificate Hold", "certificateHold"},
-{8, "Remove From CRL", "removeFromCRL"},
-{-1, NULL, NULL}
-};
-
-X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-0,
-0,0,0,0,
-crl_reasons};
-
-
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
-             ASN1_ENUMERATED *e)
-{
-        ENUMERATED_NAMES *enam;
-        long strval;
-        strval = ASN1_ENUMERATED_get(e);
-        for(enam = method->usr_data; enam->lname; enam++) {
-                if(strval == enam->bitnum) return BUF_strdup(enam->lname);
-        }
-        return i2s_ASN1_ENUMERATED(method, e);
-}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
deleted file mode 100644
index b1cfaba1aa..0000000000
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* v3_extku.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                void *eku, STACK_OF(CONF_VALUE) *extlist);
-
-X509V3_EXT_METHOD v3_ext_ku = {
-        NID_ext_key_usage, 0,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0,0,0,0,
-        0,0,
-        i2v_EXTENDED_KEY_USAGE,
-        v2i_EXTENDED_KEY_USAGE,
-        0,0,
-        NULL
-};
-
-/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-X509V3_EXT_METHOD v3_ocsp_accresp = {
-        NID_id_pkix_OCSP_acceptableResponses, 0,
-        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-        0,0,0,0,
-        0,0,
-        i2v_EXTENDED_KEY_USAGE,
-        v2i_EXTENDED_KEY_USAGE,
-        0,0,
-        NULL
-};
-
-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
-ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
-
-IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                void *a, STACK_OF(CONF_VALUE) *ext_list)
-{
-        EXTENDED_KEY_USAGE *eku = a;
-        int i;
-        ASN1_OBJECT *obj;
-        char obj_tmp[80];
-        for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-                obj = sk_ASN1_OBJECT_value(eku, i);
-                i2t_ASN1_OBJECT(obj_tmp, 80, obj);
-                X509V3_add_value(NULL, obj_tmp, &ext_list);
-        }
-        return ext_list;
-}
-
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        EXTENDED_KEY_USAGE *extku;
-        char *extval;
-        ASN1_OBJECT *objtmp;
-        CONF_VALUE *val;
-        int i;
-
-        if(!(extku = sk_ASN1_OBJECT_new_null())) {
-                X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                val = sk_CONF_VALUE_value(nval, i);
-                if(val->value) extval = val->value;
-                else extval = val->name;
-                if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-                        sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-                        X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                        X509V3_conf_err(val);
-                        return NULL;
-                }
-                sk_ASN1_OBJECT_push(extku, objtmp);
-        }
-        return extku;
-}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
deleted file mode 100644
index 650b510980..0000000000
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* v3_genn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(OTHERNAME) = {
-        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
-        /* Maybe have a true ANY DEFINED BY later */
-        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
-} ASN1_SEQUENCE_END(OTHERNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
-
-ASN1_SEQUENCE(EDIPARTYNAME) = {
-        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
-} ASN1_SEQUENCE_END(EDIPARTYNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
-
-ASN1_CHOICE(GENERAL_NAME) = {
-        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
-        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
-        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
-        /* Don't decode this */
-        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
-        /* X509_NAME is a CHOICE type so use EXPLICIT */
-        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
-        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
-        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
-        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
-        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
-} ASN1_CHOICE_END(GENERAL_NAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
-
-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
-ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
deleted file mode 100644
index 9683afa47c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* v3_ia5.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
-EXT_IA5STRING(NID_netscape_base_url),
-EXT_IA5STRING(NID_netscape_revocation_url),
-EXT_IA5STRING(NID_netscape_ca_revocation_url),
-EXT_IA5STRING(NID_netscape_renewal_url),
-EXT_IA5STRING(NID_netscape_ca_policy_url),
-EXT_IA5STRING(NID_netscape_ssl_server_name),
-EXT_IA5STRING(NID_netscape_comment),
-EXT_END
-};
-
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-             ASN1_IA5STRING *ia5)
-{
-        char *tmp;
-        if(!ia5 || !ia5->length) return NULL;
-        if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
-                X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        memcpy(tmp, ia5->data, ia5->length);
-        tmp[ia5->length] = 0;
-        return tmp;
-}
-
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, char *str)
-{
-        ASN1_IA5STRING *ia5;
-        if(!str) {
-                X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
-                return NULL;
-        }
-        if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
-        if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
-                            strlen(str))) {
-                M_ASN1_IA5STRING_free(ia5);
-                goto err;
-        }
-#ifdef CHARSET_EBCDIC
-        ebcdic2ascii(ia5->data, ia5->data, ia5->length);
-#endif /*CHARSET_EBCDIC*/
-        return ia5;
-        err:
-        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-        return NULL;
-}
-
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
deleted file mode 100644
index 53e3f48859..0000000000
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/* v3_info.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                AUTHORITY_INFO_ACCESS *ainfo,
-                                                STACK_OF(CONF_VALUE) *ret);
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-X509V3_EXT_METHOD v3_sinfo =
-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
-        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
-        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
-} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
-
-IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-
-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
-ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                AUTHORITY_INFO_ACCESS *ainfo,
-                                                STACK_OF(CONF_VALUE) *ret)
-{
-        ACCESS_DESCRIPTION *desc;
-        int i,nlen;
-        char objtmp[80], *ntmp;
-        CONF_VALUE *vtmp;
-        for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
-                desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
-                ret = i2v_GENERAL_NAME(method, desc->location, ret);
-                if(!ret) break;
-                vtmp = sk_CONF_VALUE_value(ret, i);
-                i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
-                nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
-                ntmp = OPENSSL_malloc(nlen);
-                if(!ntmp) {
-                        X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
-                                        ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                }
-                BUF_strlcpy(ntmp, objtmp, nlen);
-                BUF_strlcat(ntmp, " - ", nlen);
-                BUF_strlcat(ntmp, vtmp->name, nlen);
-                OPENSSL_free(vtmp->name);
-                vtmp->name = ntmp;
-                
-        }
-        if(!ret) return sk_CONF_VALUE_new_null();
-        return ret;
-}
-
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        AUTHORITY_INFO_ACCESS *ainfo = NULL;
-        CONF_VALUE *cnf, ctmp;
-        ACCESS_DESCRIPTION *acc;
-        int i, objlen;
-        char *objtmp, *ptmp;
-        if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
-                X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!(acc = ACCESS_DESCRIPTION_new())
-                        || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
-                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ptmp = strchr(cnf->name, ';');
-                if(!ptmp) {
-                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
-                        goto err;
-                }
-                objlen = ptmp - cnf->name;
-                ctmp.name = ptmp + 1;
-                ctmp.value = cnf->value;
-                GENERAL_NAME_free(acc->location);
-                if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
-                                                                 goto err; 
-                if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
-                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                strncpy(objtmp, cnf->name, objlen);
-                objtmp[objlen] = 0;
-                acc->method = OBJ_txt2obj(objtmp, 0);
-                if(!acc->method) {
-                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
-                        ERR_add_error_data(2, "value=", objtmp);
-                        OPENSSL_free(objtmp);
-                        goto err;
-                }
-                OPENSSL_free(objtmp);
-
-        }
-        return ainfo;
-        err:
-        sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
-        return NULL;
-}
-
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
-        {
-        i2a_ASN1_OBJECT(bp, a->method);
-#ifdef UNDEF
-        i2a_GENERAL_NAME(bp, a->location);
-#endif
-        return 2;
-        }
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
deleted file mode 100644
index 7a43b4717b..0000000000
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* v3_int.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-X509V3_EXT_METHOD v3_crl_num = { 
-        NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-        0,0,0,0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-        0,
-        0,0,0,0, NULL};
-
-X509V3_EXT_METHOD v3_delta_crl = { 
-        NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-        0,0,0,0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-        0,
-        0,0,0,0, NULL};
-
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
deleted file mode 100644
index ca5a4a4a57..0000000000
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/* v3_lib.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-                const X509V3_EXT_METHOD * const *b);
-static void ext_list_free(X509V3_EXT_METHOD *ext);
-
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
-{
-        if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        return 1;
-}
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-                const X509V3_EXT_METHOD * const *b)
-{
-        return ((*a)->ext_nid - (*b)->ext_nid);
-}
-
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
-{
-        X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
-        int idx;
-        if(nid < 0) return NULL;
-        tmp.ext_nid = nid;
-        ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
-                        (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                        sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
-        if(ret) return *ret;
-        if(!ext_list) return NULL;
-        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-        if(idx == -1) return NULL;
-        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
-}
-
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
-{
-        int nid;
-        if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
-        return X509V3_EXT_get_nid(nid);
-}
-
-
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
-{
-        for(;extlist->ext_nid!=-1;extlist++) 
-                        if(!X509V3_EXT_add(extlist)) return 0;
-        return 1;
-}
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from)
-{
-        X509V3_EXT_METHOD *ext, *tmpext;
-        if(!(ext = X509V3_EXT_get_nid(nid_from))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
-                return 0;
-        }
-        if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
-                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        *tmpext = *ext;
-        tmpext->ext_nid = nid_to;
-        tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-        return X509V3_EXT_add(tmpext);
-}
-
-void X509V3_EXT_cleanup(void)
-{
-        sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
-        ext_list = NULL;
-}
-
-static void ext_list_free(X509V3_EXT_METHOD *ext)
-{
-        if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
-}
-
-/* Legacy function: we don't need to add standard extensions
- * any more because they are now kept in ext_dat.h.
- */
-
-int X509V3_add_standard_extensions(void)
-{
-        return 1;
-}
-
-/* Return an extension internal structure */
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext)
-{
-        X509V3_EXT_METHOD *method;
-        unsigned char *p;
-        if(!(method = X509V3_EXT_get(ext))) return NULL;
-        p = ext->value->data;
-        if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-        return method->d2i(NULL, &p, ext->value->length);
-}
-
-/* Get critical flag and decoded version of extension from a NID.
- * The "idx" variable returns the last found extension and can
- * be used to retrieve multiple extensions of the same NID.
- * However multiple extensions with the same NID is usually
- * due to a badly encoded certificate so if idx is NULL we
- * choke if multiple extensions exist.
- * The "crit" variable is set to the critical value.
- * The return value is the decoded extension or NULL on
- * error. The actual error can have several different causes,
- * the value of *crit reflects the cause:
- * >= 0, extension found but not decoded (reflects critical value).
- * -1 extension not found.
- * -2 extension occurs more than once.
- */
-
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
-{
-        int lastpos, i;
-        X509_EXTENSION *ex, *found_ex = NULL;
-        if(!x) {
-                if(idx) *idx = -1;
-                if(crit) *crit = -1;
-                return NULL;
-        }
-        if(idx) lastpos = *idx + 1;
-        else lastpos = 0;
-        if(lastpos < 0) lastpos = 0;
-        for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
-        {
-                ex = sk_X509_EXTENSION_value(x, i);
-                if(OBJ_obj2nid(ex->object) == nid) {
-                        if(idx) {
-                                *idx = i;
-                                found_ex = ex;
-                                break;
-                        } else if(found_ex) {
-                                /* Found more than one */
-                                if(crit) *crit = -2;
-                                return NULL;
-                        }
-                        found_ex = ex;
-                }
-        }
-        if(found_ex) {
-                /* Found it */
-                if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
-                return X509V3_EXT_d2i(found_ex);
-        }
-
-        /* Extension not found */
-        if(idx) *idx = -1;
-        if(crit) *crit = -1;
-        return NULL;
-}
-
-/* This function is a general extension append, replace and delete utility.
- * The precise operation is governed by the 'flags' value. The 'crit' and
- * 'value' arguments (if relevant) are the extensions internal structure.
- */
-
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
-                                        int crit, unsigned long flags)
-{
-        int extidx = -1;
-        int errcode;
-        X509_EXTENSION *ext, *extmp;
-        unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
-
-        /* If appending we don't care if it exists, otherwise
-         * look for existing extension.
-         */
-        if(ext_op != X509V3_ADD_APPEND)
-                extidx = X509v3_get_ext_by_NID(*x, nid, -1);
-
-        /* See if extension exists */
-        if(extidx >= 0) {
-                /* If keep existing, nothing to do */
-                if(ext_op == X509V3_ADD_KEEP_EXISTING)
-                        return 1;
-                /* If default then its an error */
-                if(ext_op == X509V3_ADD_DEFAULT) {
-                        errcode = X509V3_R_EXTENSION_EXISTS;
-                        goto err;
-                }
-                /* If delete, just delete it */
-                if(ext_op == X509V3_ADD_DELETE) {
-                        if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
-                        return 1;
-                }
-        } else {
-                /* If replace existing or delete, error since 
-                 * extension must exist
-                 */
-                if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
-                   (ext_op == X509V3_ADD_DELETE)) {
-                        errcode = X509V3_R_EXTENSION_NOT_FOUND;
-                        goto err;
-                }
-        }
-
-        /* If we get this far then we have to create an extension:
-         * could have some flags for alternative encoding schemes...
-         */
-
-        ext = X509V3_EXT_i2d(nid, crit, value);
-
-        if(!ext) {
-                X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
-                return 0;
-        }
-
-        /* If extension exists replace it.. */
-        if(extidx >= 0) {
-                extmp = sk_X509_EXTENSION_value(*x, extidx);
-                X509_EXTENSION_free(extmp);
-                if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
-                return 1;
-        }
-
-        if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
-        if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
-
-        return 1;
-
-        err:
-        if(!(flags & X509V3_ADD_SILENT))
-                X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
-        return 0;
-}
-
-IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
deleted file mode 100644
index 21badc13f9..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/* v3_ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_OCSP
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/x509v3.h>
-
-/* OCSP extensions and a couple of CRL entry extensions
- */
-
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
-
-static void *ocsp_nonce_new(void);
-static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
-static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
-
-X509V3_EXT_METHOD v3_ocsp_crlid = {
-        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
-        0,0,0,0,
-        0,0,
-        0,0,
-        i2r_ocsp_crlid,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_ocsp_acutoff = {
-        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0,0,0,0,
-        0,0,
-        0,0,
-        i2r_ocsp_acutoff,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_crl_invdate = {
-        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-        0,0,0,0,
-        0,0,
-        0,0,
-        i2r_ocsp_acutoff,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_crl_hold = {
-        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
-        0,0,0,0,
-        0,0,
-        0,0,
-        i2r_object,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_ocsp_nonce = {
-        NID_id_pkix_OCSP_Nonce, 0, NULL,
-        ocsp_nonce_new,
-        ocsp_nonce_free,
-        d2i_ocsp_nonce,
-        i2d_ocsp_nonce,
-        0,0,
-        0,0,
-        i2r_ocsp_nonce,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_ocsp_nocheck = {
-        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
-        0,0,0,0,
-        0,s2i_ocsp_nocheck,
-        0,0,
-        i2r_ocsp_nocheck,0,
-        NULL
-};
-
-X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
-        0,0,0,0,
-        0,0,
-        0,0,
-        i2r_ocsp_serviceloc,0,
-        NULL
-};
-
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
-{
-        OCSP_CRLID *a = in;
-        if (a->crlUrl)
-                {
-                if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
-                if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
-                }
-        if (a->crlNum)
-                {
-                if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
-                if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
-                }
-        if (a->crlTime)
-                {
-                if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
-                if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
-                }
-        return 1;
-        err:
-        return 0;
-}
-
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
-{
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
-        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
-        return 1;
-}
-
-
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
-{
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
-        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
-        return 1;
-}
-
-/* OCSP nonce. This is needs special treatment because it doesn't have
- * an ASN1 encoding at all: it just contains arbitrary data.
- */
-
-static void *ocsp_nonce_new(void)
-{
-        return ASN1_OCTET_STRING_new();
-}
-
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
-{
-        ASN1_OCTET_STRING *os = a;
-        if(pp) {
-                memcpy(*pp, os->data, os->length);
-                *pp += os->length;
-        }
-        return os->length;
-}
-
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
-{
-        ASN1_OCTET_STRING *os, **pos;
-        pos = a;
-        if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
-        else os = *pos;
-        if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
-
-        *pp += length;
-
-        if(pos) *pos = os;
-        return os;
-
-        err:
-        if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
-        OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
-        return NULL;
-}
-
-static void ocsp_nonce_free(void *a)
-{
-        M_ASN1_OCTET_STRING_free(a);
-}
-
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
-{
-        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
-        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
-        return 1;
-}
-
-/* Nocheck is just a single NULL. Don't print anything and always set it */
-
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
-{
-        return 1;
-}
-
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
-{
-        return ASN1_NULL_new();
-}
-
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
-        {
-        int i;
-        OCSP_SERVICELOC *a = in;
-        ACCESS_DESCRIPTION *ad;
-
-        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
-        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
-        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
-                {
-                                ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
-                                if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
-                                        goto err;
-                                if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
-                                if(BIO_puts(bp, " - ") <= 0) goto err;
-                                if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
-                }
-        return 1;
-err:
-        return 0;
-        }
-#endif
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
deleted file mode 100644
index b32d968619..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
-        BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-        X509V3_CTX *ctx, char *str);
-
-X509V3_EXT_METHOD v3_pci =
-        { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-          0,0,0,0,
-          0,0,
-          NULL, NULL,
-          (X509V3_EXT_I2R)i2r_pci,
-          (X509V3_EXT_R2I)r2i_pci,
-          NULL,
-        };
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
-        BIO *out, int indent)
-        {
-        BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
-        if (pci->pcPathLengthConstraint)
-          i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
-        else
-          BIO_printf(out, "infinite");
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*sPolicy Language: ", indent, "");
-        i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
-        BIO_puts(out, "\n");
-        if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-          BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
-                     pci->proxyPolicy->policy->data);
-        return 1;
-        }
-
-static int process_pci_value(CONF_VALUE *val,
-        ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
-        ASN1_OCTET_STRING **policy)
-        {
-        int free_policy = 0;
-
-        if (strcmp(val->name, "language") == 0)
-                {
-                if (*language)
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
-                        X509V3_conf_err(val);
-                        return 0;
-                        }
-                if (!(*language = OBJ_txt2obj(val->value, 0)))
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                        X509V3_conf_err(val);
-                        return 0;
-                        }
-                }
-        else if (strcmp(val->name, "pathlen") == 0)
-                {
-                if (*pathlen)
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
-                        X509V3_conf_err(val);
-                        return 0;
-                        }
-                if (!X509V3_get_value_int(val, pathlen))
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH);
-                        X509V3_conf_err(val);
-                        return 0;
-                        }
-                }
-        else if (strcmp(val->name, "policy") == 0)
-                {
-                unsigned char *tmp_data = NULL;
-                long val_len;
-                if (!*policy)
-                        {
-                        *policy = ASN1_OCTET_STRING_new();
-                        if (!*policy)
-                                {
-                                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-                                X509V3_conf_err(val);
-                                return 0;
-                                }
-                        free_policy = 1;
-                        }
-                if (strncmp(val->value, "hex:", 4) == 0)
-                        {
-                        unsigned char *tmp_data2 =
-                                string_to_hex(val->value + 4, &val_len);
-
-                        if (!tmp_data2) goto err;
-
-                        tmp_data = OPENSSL_realloc((*policy)->data,
-                                (*policy)->length + val_len + 1);
-                        if (tmp_data)
-                                {
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                        tmp_data2, val_len);
-                                (*policy)->length += val_len;
-                                (*policy)->data[(*policy)->length] = '\0';
-                                }
-                        }
-                else if (strncmp(val->value, "file:", 5) == 0)
-                        {
-                        unsigned char buf[2048];
-                        int n;
-                        BIO *b = BIO_new_file(val->value + 5, "r");
-                        if (!b)
-                                {
-                                X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
-                                X509V3_conf_err(val);
-                                goto err;
-                                }
-                        while((n = BIO_read(b, buf, sizeof(buf))) > 0
-                                || (n == 0 && BIO_should_retry(b)))
-                                {
-                                if (!n) continue;
-
-                                tmp_data = OPENSSL_realloc((*policy)->data,
-                                        (*policy)->length + n + 1);
-
-                                if (!tmp_data)
-                                        break;
-
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                        buf, n);
-                                (*policy)->length += n;
-                                (*policy)->data[(*policy)->length] = '\0';
-                                }
-
-                        if (n < 0)
-                                {
-                                X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
-                                X509V3_conf_err(val);
-                                goto err;
-                                }
-                        }
-                else if (strncmp(val->value, "text:", 5) == 0)
-                        {
-                        val_len = strlen(val->value + 5);
-                        tmp_data = OPENSSL_realloc((*policy)->data,
-                                (*policy)->length + val_len + 1);
-                        if (tmp_data)
-                                {
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                        val->value + 5, val_len);
-                                (*policy)->length += val_len;
-                                (*policy)->data[(*policy)->length] = '\0';
-                                }
-                        }
-                else
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
-                        X509V3_conf_err(val);
-                        goto err;
-                        }
-                if (!tmp_data)
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-                        X509V3_conf_err(val);
-                        goto err;
-                        }
-                }
-        return 1;
-err:
-        if (free_policy)
-                {
-                ASN1_OCTET_STRING_free(*policy);
-                *policy = NULL;
-                }
-        return 0;
-        }
-
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-        X509V3_CTX *ctx, char *value)
-        {
-        PROXY_CERT_INFO_EXTENSION *pci = NULL;
-        STACK_OF(CONF_VALUE) *vals;
-        ASN1_OBJECT *language = NULL;
-        ASN1_INTEGER *pathlen = NULL;
-        ASN1_OCTET_STRING *policy = NULL;
-        int i, j;
-
-        vals = X509V3_parse_list(value);
-        for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
-                {
-                CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
-                if (!cnf->name || (*cnf->name != '@' && !cnf->value))
-                        {
-                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                        }
-                if (*cnf->name == '@')
-                        {
-                        STACK_OF(CONF_VALUE) *sect;
-                        int success_p = 1;
-
-                        sect = X509V3_get_section(ctx, cnf->name + 1);
-                        if (!sect)
-                                {
-                                X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                                }
-                        for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
-                                {
-                                success_p =
-                                        process_pci_value(sk_CONF_VALUE_value(sect, j),
-                                                &language, &pathlen, &policy);
-                                }
-                        X509V3_section_free(ctx, sect);
-                        if (!success_p)
-                                goto err;
-                        }
-                else
-                        {
-                        if (!process_pci_value(cnf,
-                                        &language, &pathlen, &policy))
-                                {
-                                X509V3_conf_err(cnf);
-                                goto err;
-                                }
-                        }
-                }
-
-        /* Language is mandatory */
-        if (!language)
-                {
-                X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
-                goto err;
-                }
-        i = OBJ_obj2nid(language);
-        if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
-                {
-                X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
-                goto err;
-                }
-
-        pci = PROXY_CERT_INFO_EXTENSION_new();
-        if (!pci)
-                {
-                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        pci->proxyPolicy = PROXY_POLICY_new();
-        if (!pci->proxyPolicy)
-                {
-                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        pci->proxyPolicy->policyLanguage = language; language = NULL;
-        pci->proxyPolicy->policy = policy; policy = NULL;
-        pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
-        goto end;
-err:
-        if (language) { ASN1_OBJECT_free(language); language = NULL; }
-        if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
-        if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
-        if (pci && pci->proxyPolicy)
-                {
-                PROXY_POLICY_free(pci->proxyPolicy);
-                pci->proxyPolicy = NULL;
-                }
-        if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
-end:
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        return pci;
-        }
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c
deleted file mode 100644
index bb362e0e5a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pcia.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(PROXY_POLICY) =
-        {
-        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
-        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PROXY_POLICY)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
-
-ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
-        {
-        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
-        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
-} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
deleted file mode 100644
index 49a2e4697a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* v3_pku.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-*/
-X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-0,0,0,0,
-0,0,0,0,
-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
-NULL
-};
-
-ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
-        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
-        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
-} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
-             PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
-{
-        BIO_printf(out, "%*s", indent, "");
-        if(usage->notBefore) {
-                BIO_write(out, "Not Before: ", 12);
-                ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
-                if(usage->notAfter) BIO_write(out, ", ", 2);
-        }
-        if(usage->notAfter) {
-                BIO_write(out, "Not After: ", 11);
-                ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
-        }
-        return 1;
-}
-
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-STACK_OF(CONF_VALUE) *values;
-{
-return NULL;
-}
-*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
deleted file mode 100644
index 5d268eb768..0000000000
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/* v3_prn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-/* Extension printing routines */
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
-
-/* Print out a name+value stack */
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
-{
-        int i;
-        CONF_VALUE *nval;
-        if(!val) return;
-        if(!ml || !sk_CONF_VALUE_num(val)) {
-                BIO_printf(out, "%*s", indent, "");
-                if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
-        }
-        for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
-                if(ml) BIO_printf(out, "%*s", indent, "");
-                else if(i > 0) BIO_printf(out, ", ");
-                nval = sk_CONF_VALUE_value(val, i);
-                if(!nval->name) BIO_puts(out, nval->value);
-                else if(!nval->value) BIO_puts(out, nval->name);
-#ifndef CHARSET_EBCDIC
-                else BIO_printf(out, "%s:%s", nval->name, nval->value);
-#else
-                else {
-                        int len;
-                        char *tmp;
-                        len = strlen(nval->value)+1;
-                        tmp = OPENSSL_malloc(len);
-                        if (tmp)
-                        {
-                                ascii2ebcdic(tmp, nval->value, len);
-                                BIO_printf(out, "%s:%s", nval->name, tmp);
-                                OPENSSL_free(tmp);
-                        }
-                }
-#endif
-                if(ml) BIO_puts(out, "\n");
-        }
-}
-
-/* Main routine: print out a general extension */
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
-{
-        void *ext_str = NULL;
-        char *value = NULL;
-        unsigned char *p;
-        X509V3_EXT_METHOD *method;      
-        STACK_OF(CONF_VALUE) *nval = NULL;
-        int ok = 1;
-        if(!(method = X509V3_EXT_get(ext)))
-                return unknown_ext_print(out, ext, flag, indent, 0);
-        p = ext->value->data;
-        if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-        else ext_str = method->d2i(NULL, &p, ext->value->length);
-
-        if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
-
-        if(method->i2s) {
-                if(!(value = method->i2s(method, ext_str))) {
-                        ok = 0;
-                        goto err;
-                }
-#ifndef CHARSET_EBCDIC
-                BIO_printf(out, "%*s%s", indent, "", value);
-#else
-                {
-                        int len;
-                        char *tmp;
-                        len = strlen(value)+1;
-                        tmp = OPENSSL_malloc(len);
-                        if (tmp)
-                        {
-                                ascii2ebcdic(tmp, value, len);
-                                BIO_printf(out, "%*s%s", indent, "", tmp);
-                                OPENSSL_free(tmp);
-                        }
-                }
-#endif
-        } else if(method->i2v) {
-                if(!(nval = method->i2v(method, ext_str, NULL))) {
-                        ok = 0;
-                        goto err;
-                }
-                X509V3_EXT_val_prn(out, nval, indent,
-                                 method->ext_flags & X509V3_EXT_MULTILINE);
-        } else if(method->i2r) {
-                if(!method->i2r(method, ext_str, out, indent)) ok = 0;
-        } else ok = 0;
-
-        err:
-                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-                if(value) OPENSSL_free(value);
-                if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
-                else method->ext_free(ext_str);
-                return ok;
-}
-
-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
-{
-        int i, j;
-
-        if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
-
-        if(title) 
-                {
-                BIO_printf(bp,"%*s%s:\n",indent, "", title);
-                indent += 4;
-                }
-
-        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-                {
-                ASN1_OBJECT *obj;
-                X509_EXTENSION *ex;
-                ex=sk_X509_EXTENSION_value(exts, i);
-                if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
-                obj=X509_EXTENSION_get_object(ex);
-                i2a_ASN1_OBJECT(bp,obj);
-                j=X509_EXTENSION_get_critical(ex);
-                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-                        return 0;
-                if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
-                        {
-                        BIO_printf(bp, "%*s", indent + 4, "");
-                        M_ASN1_OCTET_STRING_print(bp,ex->value);
-                        }
-                if (BIO_write(bp,"\n",1) <= 0) return 0;
-                }
-        return 1;
-}
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
-{
-        switch(flag & X509V3_EXT_UNKNOWN_MASK) {
-
-                case X509V3_EXT_DEFAULT:
-                return 0;
-
-                case X509V3_EXT_ERROR_UNKNOWN:
-                if(supported)
-                        BIO_printf(out, "%*s<Parse Error>", indent, "");
-                else
-                        BIO_printf(out, "%*s<Not Supported>", indent, "");
-                return 1;
-
-                case X509V3_EXT_PARSE_UNKNOWN:
-                        return ASN1_parse_dump(out,
-                                ext->value->data, ext->value->length, indent, -1);
-                case X509V3_EXT_DUMP_UNKNOWN:
-                        return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
-
-                default:
-                return 1;
-        }
-}
-        
-
-#ifndef OPENSSL_NO_FP_API
-int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
-{
-        BIO *bio_tmp;
-        int ret;
-        if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-        ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
-        BIO_free(bio_tmp);
-        return ret;
-}
-#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
deleted file mode 100644
index bbdf6da493..0000000000
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ /dev/null
@@ -1,647 +0,0 @@
-/* v3_purp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-#include <openssl/x509_vfy.h>
-
-static void x509v3_cache_extensions(X509 *x);
-
-static int check_ssl_ca(const X509 *x);
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int purpose_smime(const X509 *x, int ca);
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
-
-static int xp_cmp(const X509_PURPOSE * const *a,
-                const X509_PURPOSE * const *b);
-static void xptable_free(X509_PURPOSE *p);
-
-static X509_PURPOSE xstandard[] = {
-        {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
-        {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
-        {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
-        {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
-        {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
-        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
-        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
-        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
-};
-
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
-
-IMPLEMENT_STACK_OF(X509_PURPOSE)
-
-static STACK_OF(X509_PURPOSE) *xptable = NULL;
-
-static int xp_cmp(const X509_PURPOSE * const *a,
-                const X509_PURPOSE * const *b)
-{
-        return (*a)->purpose - (*b)->purpose;
-}
-
-/* As much as I'd like to make X509_check_purpose use a "const" X509*
- * I really can't because it does recalculate hashes and do other non-const
- * things. */
-int X509_check_purpose(X509 *x, int id, int ca)
-{
-        int idx;
-        const X509_PURPOSE *pt;
-        if(!(x->ex_flags & EXFLAG_SET)) {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509);
-                x509v3_cache_extensions(x);
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-        }
-        if(id == -1) return 1;
-        idx = X509_PURPOSE_get_by_id(id);
-        if(idx == -1) return -1;
-        pt = X509_PURPOSE_get0(idx);
-        return pt->check_purpose(pt, x, ca);
-}
-
-int X509_PURPOSE_set(int *p, int purpose)
-{
-        if(X509_PURPOSE_get_by_id(purpose) == -1) {
-                X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
-                return 0;
-        }
-        *p = purpose;
-        return 1;
-}
-
-int X509_PURPOSE_get_count(void)
-{
-        if(!xptable) return X509_PURPOSE_COUNT;
-        return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
-}
-
-X509_PURPOSE * X509_PURPOSE_get0(int idx)
-{
-        if(idx < 0) return NULL;
-        if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
-        return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
-}
-
-int X509_PURPOSE_get_by_sname(char *sname)
-{
-        int i;
-        X509_PURPOSE *xptmp;
-        for(i = 0; i < X509_PURPOSE_get_count(); i++) {
-                xptmp = X509_PURPOSE_get0(i);
-                if(!strcmp(xptmp->sname, sname)) return i;
-        }
-        return -1;
-}
-
-int X509_PURPOSE_get_by_id(int purpose)
-{
-        X509_PURPOSE tmp;
-        int idx;
-        if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
-                return purpose - X509_PURPOSE_MIN;
-        tmp.purpose = purpose;
-        if(!xptable) return -1;
-        idx = sk_X509_PURPOSE_find(xptable, &tmp);
-        if(idx == -1) return -1;
-        return idx + X509_PURPOSE_COUNT;
-}
-
-int X509_PURPOSE_add(int id, int trust, int flags,
-                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
-                                        char *name, char *sname, void *arg)
-{
-        int idx;
-        X509_PURPOSE *ptmp;
-        /* This is set according to what we change: application can't set it */
-        flags &= ~X509_PURPOSE_DYNAMIC;
-        /* This will always be set for application modified trust entries */
-        flags |= X509_PURPOSE_DYNAMIC_NAME;
-        /* Get existing entry if any */
-        idx = X509_PURPOSE_get_by_id(id);
-        /* Need a new entry */
-        if(idx == -1) {
-                if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
-                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                ptmp->flags = X509_PURPOSE_DYNAMIC;
-        } else ptmp = X509_PURPOSE_get0(idx);
-
-        /* OPENSSL_free existing name if dynamic */
-        if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-                OPENSSL_free(ptmp->name);
-                OPENSSL_free(ptmp->sname);
-        }
-        /* dup supplied name */
-        ptmp->name = BUF_strdup(name);
-        ptmp->sname = BUF_strdup(sname);
-        if(!ptmp->name || !ptmp->sname) {
-                X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        /* Keep the dynamic flag of existing entry */
-        ptmp->flags &= X509_PURPOSE_DYNAMIC;
-        /* Set all other flags */
-        ptmp->flags |= flags;
-
-        ptmp->purpose = id;
-        ptmp->trust = trust;
-        ptmp->check_purpose = ck;
-        ptmp->usr_data = arg;
-
-        /* If its a new entry manage the dynamic table */
-        if(idx == -1) {
-                if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
-                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
-                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-        return 1;
-}
-
-static void xptable_free(X509_PURPOSE *p)
-        {
-        if(!p) return;
-        if (p->flags & X509_PURPOSE_DYNAMIC) 
-                {
-                if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
-                        OPENSSL_free(p->name);
-                        OPENSSL_free(p->sname);
-                }
-                OPENSSL_free(p);
-                }
-        }
-
-void X509_PURPOSE_cleanup(void)
-{
-        int i;
-        sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-        for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
-        xptable = NULL;
-}
-
-int X509_PURPOSE_get_id(X509_PURPOSE *xp)
-{
-        return xp->purpose;
-}
-
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
-{
-        return xp->name;
-}
-
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
-{
-        return xp->sname;
-}
-
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
-{
-        return xp->trust;
-}
-
-static int nid_cmp(int *a, int *b)
-        {
-        return *a - *b;
-        }
-
-int X509_supported_extension(X509_EXTENSION *ex)
-        {
-        /* This table is a list of the NIDs of supported extensions:
-         * that is those which are used by the verify process. If
-         * an extension is critical and doesn't appear in this list
-         * then the verify process will normally reject the certificate.
-         * The list must be kept in numerical order because it will be
-         * searched using bsearch.
-         */
-
-        static int supported_nids[] = {
-                NID_netscape_cert_type, /* 71 */
-                NID_key_usage,          /* 83 */
-                NID_subject_alt_name,   /* 85 */
-                NID_basic_constraints,  /* 87 */
-                NID_ext_key_usage,      /* 126 */
-                NID_proxyCertInfo       /* 661 */
-        };
-
-        int ex_nid;
-
-        ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-
-        if (ex_nid == NID_undef) 
-                return 0;
-
-        if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
-                sizeof(supported_nids)/sizeof(int), sizeof(int),
-                (int (*)(const void *, const void *))nid_cmp))
-                return 1;
-        return 0;
-        }
- 
-
-static void x509v3_cache_extensions(X509 *x)
-{
-        BASIC_CONSTRAINTS *bs;
-        PROXY_CERT_INFO_EXTENSION *pci;
-        ASN1_BIT_STRING *usage;
-        ASN1_BIT_STRING *ns;
-        EXTENDED_KEY_USAGE *extusage;
-        X509_EXTENSION *ex;
-        
-        int i;
-        if(x->ex_flags & EXFLAG_SET) return;
-#ifndef OPENSSL_NO_SHA
-        X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
-        /* Does subject name match issuer ? */
-        if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
-                         x->ex_flags |= EXFLAG_SS;
-        /* V1 should mean no extensions ... */
-        if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
-        /* Handle basic constraints */
-        if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
-                if(bs->ca) x->ex_flags |= EXFLAG_CA;
-                if(bs->pathlen) {
-                        if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
-                                                || !bs->ca) {
-                                x->ex_flags |= EXFLAG_INVALID;
-                                x->ex_pathlen = 0;
-                        } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
-                } else x->ex_pathlen = -1;
-                BASIC_CONSTRAINTS_free(bs);
-                x->ex_flags |= EXFLAG_BCONS;
-        }
-        /* Handle proxy certificates */
-        if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
-                if (x->ex_flags & EXFLAG_CA
-                    || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-                    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
-                        x->ex_flags |= EXFLAG_INVALID;
-                }
-                PROXY_CERT_INFO_EXTENSION_free(pci);
-                x->ex_flags |= EXFLAG_PROXY;
-        }
-        /* Handle key usage */
-        if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
-                if(usage->length > 0) {
-                        x->ex_kusage = usage->data[0];
-                        if(usage->length > 1) 
-                                x->ex_kusage |= usage->data[1] << 8;
-                } else x->ex_kusage = 0;
-                x->ex_flags |= EXFLAG_KUSAGE;
-                ASN1_BIT_STRING_free(usage);
-        }
-        x->ex_xkusage = 0;
-        if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
-                x->ex_flags |= EXFLAG_XKUSAGE;
-                for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
-                        switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
-                                case NID_server_auth:
-                                x->ex_xkusage |= XKU_SSL_SERVER;
-                                break;
-
-                                case NID_client_auth:
-                                x->ex_xkusage |= XKU_SSL_CLIENT;
-                                break;
-
-                                case NID_email_protect:
-                                x->ex_xkusage |= XKU_SMIME;
-                                break;
-
-                                case NID_code_sign:
-                                x->ex_xkusage |= XKU_CODE_SIGN;
-                                break;
-
-                                case NID_ms_sgc:
-                                case NID_ns_sgc:
-                                x->ex_xkusage |= XKU_SGC;
-                                break;
-
-                                case NID_OCSP_sign:
-                                x->ex_xkusage |= XKU_OCSP_SIGN;
-                                break;
-
-                                case NID_time_stamp:
-                                x->ex_xkusage |= XKU_TIMESTAMP;
-                                break;
-
-                                case NID_dvcs:
-                                x->ex_xkusage |= XKU_DVCS;
-                                break;
-                        }
-                }
-                sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
-        }
-
-        if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
-                if(ns->length > 0) x->ex_nscert = ns->data[0];
-                else x->ex_nscert = 0;
-                x->ex_flags |= EXFLAG_NSCERT;
-                ASN1_BIT_STRING_free(ns);
-        }
-        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
-        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-        for (i = 0; i < X509_get_ext_count(x); i++)
-                {
-                ex = X509_get_ext(x, i);
-                if (!X509_EXTENSION_get_critical(ex))
-                        continue;
-                if (!X509_supported_extension(ex))
-                        {
-                        x->ex_flags |= EXFLAG_CRITICAL;
-                        break;
-                        }
-                }
-        x->ex_flags |= EXFLAG_SET;
-}
-
-/* CA checks common to all purposes
- * return codes:
- * 0 not a CA
- * 1 is a CA
- * 2 basicConstraints absent so "maybe" a CA
- * 3 basicConstraints absent but self signed V1.
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
- */
-
-#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
-#define ku_reject(x, usage) \
-        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#define xku_reject(x, usage) \
-        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
-#define ns_reject(x, usage) \
-        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
-
-static int check_ca(const X509 *x)
-{
-        /* keyUsage if present should allow cert signing */
-        if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
-        if(x->ex_flags & EXFLAG_BCONS) {
-                if(x->ex_flags & EXFLAG_CA) return 1;
-                /* If basicConstraints says not a CA then say so */
-                else return 0;
-        } else {
-                /* we support V1 roots for...  uh, I don't really know why. */
-                if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
-                /* If key usage present it must have certSign so tolerate it */
-                else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
-                /* Older certificates could have Netscape-specific CA types */
-                else if (x->ex_flags & EXFLAG_NSCERT
-                         && x->ex_nscert & NS_ANY_CA) return 5;
-                /* can this still be regarded a CA certificate?  I doubt it */
-                return 0;
-        }
-}
-
-int X509_check_ca(X509 *x)
-{
-        if(!(x->ex_flags & EXFLAG_SET)) {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509);
-                x509v3_cache_extensions(x);
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-        }
-
-        return check_ca(x);
-}
-
-/* Check SSL CA: common checks for SSL client and server */
-static int check_ssl_ca(const X509 *x)
-{
-        int ca_ret;
-        ca_ret = check_ca(x);
-        if(!ca_ret) return 0;
-        /* check nsCertType if present */
-        if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
-        else return 0;
-}
-
-
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
-        if(ca) return check_ssl_ca(x);
-        /* We need to do digital signatures with it */
-        if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
-        /* nsCertType if present should allow SSL client use */ 
-        if(ns_reject(x, NS_SSL_CLIENT)) return 0;
-        return 1;
-}
-
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
-        if(ca) return check_ssl_ca(x);
-
-        if(ns_reject(x, NS_SSL_SERVER)) return 0;
-        /* Now as for keyUsage: we'll at least need to sign OR encipher */
-        if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
-        
-        return 1;
-
-}
-
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        int ret;
-        ret = check_purpose_ssl_server(xp, x, ca);
-        if(!ret || ca) return ret;
-        /* We need to encipher or Netscape complains */
-        if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-        return ret;
-}
-
-/* common S/MIME checks */
-static int purpose_smime(const X509 *x, int ca)
-{
-        if(xku_reject(x,XKU_SMIME)) return 0;
-        if(ca) {
-                int ca_ret;
-                ca_ret = check_ca(x);
-                if(!ca_ret) return 0;
-                /* check nsCertType if present */
-                if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
-                else return 0;
-        }
-        if(x->ex_flags & EXFLAG_NSCERT) {
-                if(x->ex_nscert & NS_SMIME) return 1;
-                /* Workaround for some buggy certificates */
-                if(x->ex_nscert & NS_SSL_CLIENT) return 2;
-                return 0;
-        }
-        return 1;
-}
-
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        int ret;
-        ret = purpose_smime(x, ca);
-        if(!ret || ca) return ret;
-        if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
-        return ret;
-}
-
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        int ret;
-        ret = purpose_smime(x, ca);
-        if(!ret || ca) return ret;
-        if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-        return ret;
-}
-
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        if(ca) {
-                int ca_ret;
-                if((ca_ret = check_ca(x)) != 2) return ca_ret;
-                else return 0;
-        }
-        if(ku_reject(x, KU_CRL_SIGN)) return 0;
-        return 1;
-}
-
-/* OCSP helper: this is *not* a full OCSP check. It just checks that
- * each CA is valid. Additional checks must be made on the chain.
- */
-
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        /* Must be a valid CA.  Should we really support the "I don't know"
-           value (2)? */
-        if(ca) return check_ca(x);
-        /* leaf certificate is checked in OCSP_verify() */
-        return 1;
-}
-
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-        return 1;
-}
-
-/* Various checks to see if one certificate issued the second.
- * This can be used to prune a set of possible issuer certificates
- * which have been looked up using some simple method such as by
- * subject name.
- * These are:
- * 1. Check issuer_name(subject) == subject_name(issuer)
- * 2. If akid(subject) exists check it matches issuer
- * 3. If key_usage(issuer) exists check it supports certificate signing
- * returns 0 for OK, positive for reason for mismatch, reasons match
- * codes for X509_verify_cert()
- */
-
-int X509_check_issued(X509 *issuer, X509 *subject)
-{
-        if(X509_NAME_cmp(X509_get_subject_name(issuer),
-                        X509_get_issuer_name(subject)))
-                                return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-        x509v3_cache_extensions(issuer);
-        x509v3_cache_extensions(subject);
-        if(subject->akid) {
-                /* Check key ids (if present) */
-                if(subject->akid->keyid && issuer->skid &&
-                 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
-                                return X509_V_ERR_AKID_SKID_MISMATCH;
-                /* Check serial number */
-                if(subject->akid->serial &&
-                        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
-                                                subject->akid->serial))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-                /* Check issuer name */
-                if(subject->akid->issuer) {
-                        /* Ugh, for some peculiar reason AKID includes
-                         * SEQUENCE OF GeneralName. So look for a DirName.
-                         * There may be more than one but we only take any
-                         * notice of the first.
-                         */
-                        GENERAL_NAMES *gens;
-                        GENERAL_NAME *gen;
-                        X509_NAME *nm = NULL;
-                        int i;
-                        gens = subject->akid->issuer;
-                        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                                gen = sk_GENERAL_NAME_value(gens, i);
-                                if(gen->type == GEN_DIRNAME) {
-                                        nm = gen->d.dirn;
-                                        break;
-                                }
-                        }
-                        if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-                }
-        }
-        if(subject->ex_flags & EXFLAG_PROXY)
-                {
-                if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
-                        return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
-                }
-        else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
-                return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
-        return X509_V_OK;
-}
-
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
deleted file mode 100644
index c0f044ac1b..0000000000
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* v3_skey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
-(X509V3_EXT_S2I)s2i_skey_id,
-0,0,0,0,
-NULL};
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-             ASN1_OCTET_STRING *oct)
-{
-        return hex_to_string(oct->data, oct->length);
-}
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, char *str)
-{
-        ASN1_OCTET_STRING *oct;
-        long length;
-
-        if(!(oct = M_ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        if(!(oct->data = string_to_hex(str, &length))) {
-                M_ASN1_OCTET_STRING_free(oct);
-                return NULL;
-        }
-
-        oct->length = length;
-
-        return oct;
-
-}
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, char *str)
-{
-        ASN1_OCTET_STRING *oct;
-        ASN1_BIT_STRING *pk;
-        unsigned char pkey_dig[EVP_MAX_MD_SIZE];
-        unsigned int diglen;
-
-        if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
-
-        if(!(oct = M_ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-
-        if(ctx && (ctx->flags == CTX_TEST)) return oct;
-
-        if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
-                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-                goto err;
-        }
-
-        if(ctx->subject_req) 
-                pk = ctx->subject_req->req_info->pubkey->public_key;
-        else pk = ctx->subject_cert->cert_info->key->public_key;
-
-        if(!pk) {
-                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-                goto err;
-        }
-
-        EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
-
-        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
-                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        return oct;
-        
-        err:
-        M_ASN1_OCTET_STRING_free(oct);
-        return NULL;
-}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
deleted file mode 100644
index d3f4ba3a72..0000000000
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/* v3_sxnet.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-/* Support for Thawte strong extranet extension */
-
-#define SXNET_TEST
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
-#ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                STACK_OF(CONF_VALUE) *nval);
-#endif
-X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
-0,0,0,0,
-0,0,
-0, 
-#ifdef SXNET_TEST
-(X509V3_EXT_V2I)sxnet_v2i,
-#else
-0,
-#endif
-(X509V3_EXT_I2R)sxnet_i2r,
-0,
-NULL
-};
-
-ASN1_SEQUENCE(SXNETID) = {
-        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
-        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(SXNETID)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
-
-ASN1_SEQUENCE(SXNET) = {
-        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
-        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
-} ASN1_SEQUENCE_END(SXNET)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNET)
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
-             int indent)
-{
-        long v;
-        char *tmp;
-        SXNETID *id;
-        int i;
-        v = ASN1_INTEGER_get(sx->version);
-        BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
-        for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-                id = sk_SXNETID_value(sx->ids, i);
-                tmp = i2s_ASN1_INTEGER(NULL, id->zone);
-                BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
-                OPENSSL_free(tmp);
-                M_ASN1_OCTET_STRING_print(out, id->user);
-        }
-        return 1;
-}
-
-#ifdef SXNET_TEST
-
-/* NBB: this is used for testing only. It should *not* be used for anything
- * else because it will just take static IDs from the configuration file and
- * they should really be separate values for each user.
- */
-
-
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-             STACK_OF(CONF_VALUE) *nval)
-{
-        CONF_VALUE *cnf;
-        SXNET *sx = NULL;
-        int i;
-        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
-                                                                 return NULL;
-        }
-        return sx;
-}
-                
-        
-#endif
-
-/* Strong Extranet utility functions */
-
-/* Add an id given the zone as an ASCII number */
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
-             int userlen)
-{
-        ASN1_INTEGER *izone = NULL;
-        if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-                return 0;
-        }
-        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-}
-
-/* Add an id given the zone as an unsigned long */
-
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-             int userlen)
-{
-        ASN1_INTEGER *izone = NULL;
-        if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
-                M_ASN1_INTEGER_free(izone);
-                return 0;
-        }
-        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-        
-}
-
-/* Add an id given the zone as an ASN1_INTEGER.
- * Note this version uses the passed integer and doesn't make a copy so don't
- * free it up afterwards.
- */
-
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
-             int userlen)
-{
-        SXNET *sx = NULL;
-        SXNETID *id = NULL;
-        if(!psx || !zone || !user) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
-                return 0;
-        }
-        if(userlen == -1) userlen = strlen(user);
-        if(userlen > 64) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
-                return 0;
-        }
-        if(!*psx) {
-                if(!(sx = SXNET_new())) goto err;
-                if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
-                *psx = sx;
-        } else sx = *psx;
-        if(SXNET_get_id_INTEGER(sx, zone)) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
-                return 0;
-        }
-
-        if(!(id = SXNETID_new())) goto err;
-        if(userlen == -1) userlen = strlen(user);
-                
-        if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
-        if(!sk_SXNETID_push(sx->ids, id)) goto err;
-        id->zone = zone;
-        return 1;
-        
-        err:
-        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
-        SXNETID_free(id);
-        SXNET_free(sx);
-        *psx = NULL;
-        return 0;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
-{
-        ASN1_INTEGER *izone = NULL;
-        ASN1_OCTET_STRING *oct;
-        if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-                return NULL;
-        }
-        oct = SXNET_get_id_INTEGER(sx, izone);
-        M_ASN1_INTEGER_free(izone);
-        return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
-{
-        ASN1_INTEGER *izone = NULL;
-        ASN1_OCTET_STRING *oct;
-        if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-                X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
-                M_ASN1_INTEGER_free(izone);
-                return NULL;
-        }
-        oct = SXNET_get_id_INTEGER(sx, izone);
-        M_ASN1_INTEGER_free(izone);
-        return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
-{
-        SXNETID *id;
-        int i;
-        for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-                id = sk_SXNETID_value(sx->ids, i);
-                if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
-        }
-        return NULL;
-}
-
-IMPLEMENT_STACK_OF(SXNETID)
-IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
deleted file mode 100644
index f23a8d29a0..0000000000
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ /dev/null
@@ -1,535 +0,0 @@
-/* v3_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static char *strip_spaces(char *name);
-static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(void *str);
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
-
-/* Add a CONF_VALUE name value pair to stack */
-
-int X509V3_add_value(const char *name, const char *value,
-                                                STACK_OF(CONF_VALUE) **extlist)
-{
-        CONF_VALUE *vtmp = NULL;
-        char *tname = NULL, *tvalue = NULL;
-        if(name && !(tname = BUF_strdup(name))) goto err;
-        if(value && !(tvalue = BUF_strdup(value))) goto err;
-        if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
-        if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
-        vtmp->section = NULL;
-        vtmp->name = tname;
-        vtmp->value = tvalue;
-        if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
-        return 1;
-        err:
-        X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
-        if(vtmp) OPENSSL_free(vtmp);
-        if(tname) OPENSSL_free(tname);
-        if(tvalue) OPENSSL_free(tvalue);
-        return 0;
-}
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-                           STACK_OF(CONF_VALUE) **extlist)
-    {
-    return X509V3_add_value(name,(const char *)value,extlist);
-    }
-
-/* Free function for STACK_OF(CONF_VALUE) */
-
-void X509V3_conf_free(CONF_VALUE *conf)
-{
-        if(!conf) return;
-        if(conf->name) OPENSSL_free(conf->name);
-        if(conf->value) OPENSSL_free(conf->value);
-        if(conf->section) OPENSSL_free(conf->section);
-        OPENSSL_free(conf);
-}
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist)
-{
-        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-        return X509V3_add_value(name, "FALSE", extlist);
-}
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist)
-{
-        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-        return 1;
-}
-
-
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
-{
-        BIGNUM *bntmp = NULL;
-        char *strtmp = NULL;
-        if(!a) return NULL;
-        if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
-            !(strtmp = BN_bn2dec(bntmp)) )
-                X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-        BN_free(bntmp);
-        return strtmp;
-}
-
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
-{
-        BIGNUM *bntmp = NULL;
-        char *strtmp = NULL;
-        if(!a) return NULL;
-        if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
-            !(strtmp = BN_bn2dec(bntmp)) )
-                X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-        BN_free(bntmp);
-        return strtmp;
-}
-
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
-{
-        BIGNUM *bn = NULL;
-        ASN1_INTEGER *aint;
-        int isneg, ishex;
-        int ret;
-        bn = BN_new();
-        if (!value) {
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
-                return 0;
-        }
-        if (value[0] == '-') {
-                value++;
-                isneg = 1;
-        } else isneg = 0;
-
-        if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
-                value += 2;
-                ishex = 1;
-        } else ishex = 0;
-
-        if (ishex) ret = BN_hex2bn(&bn, value);
-        else ret = BN_dec2bn(&bn, value);
-
-        if (!ret) {
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
-                return 0;
-        }
-
-        if (isneg && BN_is_zero(bn)) isneg = 0;
-
-        aint = BN_to_ASN1_INTEGER(bn, NULL);
-        BN_free(bn);
-        if (!aint) {
-                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
-                return 0;
-        }
-        if (isneg) aint->type |= V_ASN1_NEG;
-        return aint;
-}
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-             STACK_OF(CONF_VALUE) **extlist)
-{
-        char *strtmp;
-        int ret;
-        if(!aint) return 1;
-        if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
-        ret = X509V3_add_value(name, strtmp, extlist);
-        OPENSSL_free(strtmp);
-        return ret;
-}
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
-{
-        char *btmp;
-        if(!(btmp = value->value)) goto err;
-        if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
-                 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
-                || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
-                *asn1_bool = 0xff;
-                return 1;
-        } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
-                 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
-                || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
-                *asn1_bool = 0;
-                return 1;
-        }
-        err:
-        X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
-        X509V3_conf_err(value);
-        return 0;
-}
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
-{
-        ASN1_INTEGER *itmp;
-        if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
-                X509V3_conf_err(value);
-                return 0;
-        }
-        *aint = itmp;
-        return 1;
-}
-
-#define HDR_NAME        1
-#define HDR_VALUE       2
-
-/*#define DEBUG*/
-
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
-{
-        char *p, *q, c;
-        char *ntmp, *vtmp;
-        STACK_OF(CONF_VALUE) *values = NULL;
-        char *linebuf;
-        int state;
-        /* We are going to modify the line so copy it first */
-        linebuf = BUF_strdup(line);
-        state = HDR_NAME;
-        ntmp = NULL;
-        /* Go through all characters */
-        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-                switch(state) {
-                        case HDR_NAME:
-                        if(c == ':') {
-                                state = HDR_VALUE;
-                                *p = 0;
-                                ntmp = strip_spaces(q);
-                                if(!ntmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-                                        goto err;
-                                }
-                                q = p + 1;
-                        } else if(c == ',') {
-                                *p = 0;
-                                ntmp = strip_spaces(q);
-                                q = p + 1;
-#if 0
-                                printf("%s\n", ntmp);
-#endif
-                                if(!ntmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-                                        goto err;
-                                }
-                                X509V3_add_value(ntmp, NULL, &values);
-                        }
-                        break ;
-
-                        case HDR_VALUE:
-                        if(c == ',') {
-                                state = HDR_NAME;
-                                *p = 0;
-                                vtmp = strip_spaces(q);
-#if 0
-                                printf("%s\n", ntmp);
-#endif
-                                if(!vtmp) {
-                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-                                        goto err;
-                                }
-                                X509V3_add_value(ntmp, vtmp, &values);
-                                ntmp = NULL;
-                                q = p + 1;
-                        }
-
-                }
-        }
-
-        if(state == HDR_VALUE) {
-                vtmp = strip_spaces(q);
-#if 0
-                printf("%s=%s\n", ntmp, vtmp);
-#endif
-                if(!vtmp) {
-                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-                        goto err;
-                }
-                X509V3_add_value(ntmp, vtmp, &values);
-        } else {
-                ntmp = strip_spaces(q);
-#if 0
-                printf("%s\n", ntmp);
-#endif
-                if(!ntmp) {
-                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-                        goto err;
-                }
-                X509V3_add_value(ntmp, NULL, &values);
-        }
-OPENSSL_free(linebuf);
-return values;
-
-err:
-OPENSSL_free(linebuf);
-sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
-return NULL;
-
-}
-
-/* Delete leading and trailing spaces from a string */
-static char *strip_spaces(char *name)
-{
-        char *p, *q;
-        /* Skip over leading spaces */
-        p = name;
-        while(isspace((unsigned char)*p)) p++;
-        if(!*p) return NULL;
-        q = p + strlen(p) - 1;
-        while((q != p) && isspace((unsigned char)*q)) q--;
-        if(p != q) q[1] = 0;
-        if(!*p) return NULL;
-        return p;
-}
-
-/* hex string utilities */
-
-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
- * hex representation
- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
- */
-
-char *hex_to_string(unsigned char *buffer, long len)
-{
-        char *tmp, *q;
-        unsigned char *p;
-        int i;
-        static char hexdig[] = "0123456789ABCDEF";
-        if(!buffer || !len) return NULL;
-        if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
-                X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        q = tmp;
-        for(i = 0, p = buffer; i < len; i++,p++) {
-                *q++ = hexdig[(*p >> 4) & 0xf];
-                *q++ = hexdig[*p & 0xf];
-                *q++ = ':';
-        }
-        q[-1] = 0;
-#ifdef CHARSET_EBCDIC
-        ebcdic2ascii(tmp, tmp, q - tmp - 1);
-#endif
-
-        return tmp;
-}
-
-/* Give a string of hex digits convert to
- * a buffer
- */
-
-unsigned char *string_to_hex(char *str, long *len)
-{
-        unsigned char *hexbuf, *q;
-        unsigned char ch, cl, *p;
-        if(!str) {
-                X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
-                return NULL;
-        }
-        if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
-        for(p = (unsigned char *)str, q = hexbuf; *p;) {
-                ch = *p++;
-#ifdef CHARSET_EBCDIC
-                ch = os_toebcdic[ch];
-#endif
-                if(ch == ':') continue;
-                cl = *p++;
-#ifdef CHARSET_EBCDIC
-                cl = os_toebcdic[cl];
-#endif
-                if(!cl) {
-                        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
-                        OPENSSL_free(hexbuf);
-                        return NULL;
-                }
-                if(isupper(ch)) ch = tolower(ch);
-                if(isupper(cl)) cl = tolower(cl);
-
-                if((ch >= '0') && (ch <= '9')) ch -= '0';
-                else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
-                else goto badhex;
-
-                if((cl >= '0') && (cl <= '9')) cl -= '0';
-                else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
-                else goto badhex;
-
-                *q++ = (ch << 4) | cl;
-        }
-
-        if(len) *len = q - hexbuf;
-
-        return hexbuf;
-
-        err:
-        if(hexbuf) OPENSSL_free(hexbuf);
-        X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
-        return NULL;
-
-        badhex:
-        OPENSSL_free(hexbuf);
-        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
-        return NULL;
-
-}
-
-/* V2I name comparison function: returns zero if 'name' matches
- * cmp or cmp.*
- */
-
-int name_cmp(const char *name, const char *cmp)
-{
-        int len, ret;
-        char c;
-        len = strlen(cmp);
-        if((ret = strncmp(name, cmp, len))) return ret;
-        c = name[len];
-        if(!c || (c=='.')) return 0;
-        return 1;
-}
-
-static int sk_strcmp(const char * const *a, const char * const *b)
-{
-        return strcmp(*a, *b);
-}
-
-STACK *X509_get1_email(X509 *x)
-{
-        GENERAL_NAMES *gens;
-        STACK *ret;
-        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-        ret = get_email(X509_get_subject_name(x), gens);
-        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-        return ret;
-}
-
-STACK *X509_REQ_get1_email(X509_REQ *x)
-{
-        GENERAL_NAMES *gens;
-        STACK_OF(X509_EXTENSION) *exts;
-        STACK *ret;
-        exts = X509_REQ_get_extensions(x);
-        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
-        ret = get_email(X509_REQ_get_subject_name(x), gens);
-        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-        return ret;
-}
-
-
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
-{
-        STACK *ret = NULL;
-        X509_NAME_ENTRY *ne;
-        ASN1_IA5STRING *email;
-        GENERAL_NAME *gen;
-        int i;
-        /* Now add any email address(es) to STACK */
-        i = -1;
-        /* First supplied X509_NAME */
-        while((i = X509_NAME_get_index_by_NID(name,
-                                         NID_pkcs9_emailAddress, i)) >= 0) {
-                ne = X509_NAME_get_entry(name, i);
-                email = X509_NAME_ENTRY_get_data(ne);
-                if(!append_ia5(&ret, email)) return NULL;
-        }
-        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-        {
-                gen = sk_GENERAL_NAME_value(gens, i);
-                if(gen->type != GEN_EMAIL) continue;
-                if(!append_ia5(&ret, gen->d.ia5)) return NULL;
-        }
-        return ret;
-}
-
-static void str_free(void *str)
-{
-        OPENSSL_free(str);
-}
-
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
-{
-        char *emtmp;
-        /* First some sanity checks */
-        if(email->type != V_ASN1_IA5STRING) return 1;
-        if(!email->data || !email->length) return 1;
-        if(!*sk) *sk = sk_new(sk_strcmp);
-        if(!*sk) return 0;
-        /* Don't add duplicates */
-        if(sk_find(*sk, (char *)email->data) != -1) return 1;
-        emtmp = BUF_strdup((char *)email->data);
-        if(!emtmp || !sk_push(*sk, emtmp)) {
-                X509_email_free(*sk);
-                *sk = NULL;
-                return 0;
-        }
-        return 1;
-}
-
-void X509_email_free(STACK *sk)
-{
-        sk_pop_free(sk, str_free);
-}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
deleted file mode 100644
index e1edaf5248..0000000000
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* crypto/x509v3/v3err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
-
-static ERR_STRING_DATA X509V3_str_functs[]=
-        {
-{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
-{ERR_FUNC(X509V3_F_COPY_ISSUER),        "COPY_ISSUER"},
-{ERR_FUNC(X509V3_F_DO_EXT_CONF),        "DO_EXT_CONF"},
-{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
-{ERR_FUNC(X509V3_F_HEX_TO_STRING),      "hex_to_string"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),        "i2s_ASN1_ENUMERATED"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER),   "i2s_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),  "I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_NOTICE_SECTION),     "NOTICE_SECTION"},
-{ERR_FUNC(X509V3_F_NREF_NOS),   "NREF_NOS"},
-{ERR_FUNC(X509V3_F_POLICY_SECTION),     "POLICY_SECTION"},
-{ERR_FUNC(X509V3_F_R2I_CERTPOL),        "R2I_CERTPOL"},
-{ERR_FUNC(X509V3_F_R2I_PCI),    "R2I_PCI"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER),   "s2i_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),      "s2i_ASN1_OCTET_STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),   "S2I_ASN1_SKEY_ID"},
-{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID),    "S2I_S2I_SKEY_ID"},
-{ERR_FUNC(X509V3_F_STRING_TO_HEX),      "string_to_hex"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ASC),      "SXNET_ADD_ASC"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),       "SXNET_add_id_INTEGER"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC),   "SXNET_get_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
-{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION),     "V2I_ACCESS_DESCRIPTION"},
-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),        "V2I_ASN1_BIT_STRING"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID),        "V2I_AUTHORITY_KEYID"},
-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS),      "V2I_BASIC_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_CRLD),   "V2I_CRLD"},
-{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME),   "v2i_GENERAL_NAME"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),  "v2i_GENERAL_NAMES"},
-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION),       "V3_GENERIC_EXTENSION"},
-{ERR_FUNC(X509V3_F_X509V3_ADD_I2D),     "X509V3_ADD_I2D"},
-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE),   "X509V3_add_value"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD),     "X509V3_EXT_add"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS),       "X509V3_EXT_add_alias"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF),    "X509V3_EXT_conf"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D),     "X509V3_EXT_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL),      "X509V3_get_value_bool"},
-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST),  "X509V3_parse_list"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD),   "X509_PURPOSE_add"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET),   "X509_PURPOSE_set"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA X509V3_str_reasons[]=
-        {
-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     ,"bad ip address"},
-{ERR_REASON(X509V3_R_BAD_OBJECT)         ,"bad object"},
-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
-{ERR_REASON(X509V3_R_EXTENSION_EXISTS)   ,"extension exists"},
-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
-{ERR_REASON(X509V3_R_INVALID_NAME)       ,"invalid name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(X509V3_R_INVALID_NULL_NAME)  ,"invalid null name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
-{ERR_REASON(X509V3_R_INVALID_NUMBER)     ,"invalid number"},
-{ERR_REASON(X509V3_R_INVALID_NUMBERS)    ,"invalid numbers"},
-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
-{ERR_REASON(X509V3_R_INVALID_OPTION)     ,"invalid option"},
-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
-{ERR_REASON(X509V3_R_INVALID_PURPOSE)    ,"invalid purpose"},
-{ERR_REASON(X509V3_R_INVALID_SECTION)    ,"invalid section"},
-{ERR_REASON(X509V3_R_INVALID_SYNTAX)     ,"invalid syntax"},
-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
-{ERR_REASON(X509V3_R_MISSING_VALUE)      ,"missing value"},
-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS)  ,"no issuer details"},
-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      ,"no public key"},
-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT)  ,"policy syntax not"},
-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION)  ,"unknown extension"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
-{ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},
-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
-{ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_X509V3_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,X509V3_str_functs);
-                ERR_load_strings(0,X509V3_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
deleted file mode 100644
index e6d91251c2..0000000000
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ /dev/null
@@ -1,687 +0,0 @@
-/* x509v3.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_X509V3_H
-#define HEADER_X509V3_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Forward reference */
-struct v3_ext_method;
-struct v3_ext_ctx;
-
-/* Useful typedefs */
-
-typedef void * (*X509V3_EXT_NEW)(void);
-typedef void (*X509V3_EXT_FREE)(void *);
-typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-/* V3 extension structure */
-
-struct v3_ext_method {
-int ext_nid;
-int ext_flags;
-/* If this is set the following four fields are ignored */
-ASN1_ITEM_EXP *it;
-/* Old style ASN1 calls */
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-
-/* The following pair is used for string extensions */
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-
-/* The following pair is used for multi-valued extensions */
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-
-/* The following are used for raw extensions */
-X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;
-
-void *usr_data; /* Any extension specific data */
-};
-
-typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-} X509V3_CONF_METHOD;
-
-/* Context specific info */
-struct v3_ext_ctx {
-#define CTX_TEST 0x1
-int flags;
-X509 *issuer_cert;
-X509 *subject_cert;
-X509_REQ *subject_req;
-X509_CRL *crl;
-X509V3_CONF_METHOD *db_meth;
-void *db;
-/* Maybe more here */
-};
-
-typedef struct v3_ext_method X509V3_EXT_METHOD;
-typedef struct v3_ext_ctx X509V3_CTX;
-
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
-
-/* ext_flags values */
-#define X509V3_EXT_DYNAMIC      0x1
-#define X509V3_EXT_CTX_DEP      0x2
-#define X509V3_EXT_MULTILINE    0x4
-
-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
-
-typedef struct BASIC_CONSTRAINTS_st {
-int ca;
-ASN1_INTEGER *pathlen;
-} BASIC_CONSTRAINTS;
-
-
-typedef struct PKEY_USAGE_PERIOD_st {
-ASN1_GENERALIZEDTIME *notBefore;
-ASN1_GENERALIZEDTIME *notAfter;
-} PKEY_USAGE_PERIOD;
-
-typedef struct otherName_st {
-ASN1_OBJECT *type_id;
-ASN1_TYPE *value;
-} OTHERNAME;
-
-typedef struct EDIPartyName_st {
-        ASN1_STRING *nameAssigner;
-        ASN1_STRING *partyName;
-} EDIPARTYNAME;
-
-typedef struct GENERAL_NAME_st {
-
-#define GEN_OTHERNAME   0
-#define GEN_EMAIL       1
-#define GEN_DNS         2
-#define GEN_X400        3
-#define GEN_DIRNAME     4
-#define GEN_EDIPARTY    5
-#define GEN_URI         6
-#define GEN_IPADD       7
-#define GEN_RID         8
-
-int type;
-union {
-        char *ptr;
-        OTHERNAME *otherName; /* otherName */
-        ASN1_IA5STRING *rfc822Name;
-        ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
-        X509_NAME *directoryName;
-        EDIPARTYNAME *ediPartyName;
-        ASN1_IA5STRING *uniformResourceIdentifier;
-        ASN1_OCTET_STRING *iPAddress;
-        ASN1_OBJECT *registeredID;
-
-        /* Old names */
-        ASN1_OCTET_STRING *ip; /* iPAddress */
-        X509_NAME *dirn;                /* dirn */
-        ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
-        ASN1_OBJECT *rid; /* registeredID */
-        ASN1_TYPE *other; /* x400Address */
-} d;
-} GENERAL_NAME;
-
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
-typedef struct ACCESS_DESCRIPTION_st {
-        ASN1_OBJECT *method;
-        GENERAL_NAME *location;
-} ACCESS_DESCRIPTION;
-
-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
-
-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
-
-DECLARE_STACK_OF(GENERAL_NAME)
-DECLARE_ASN1_SET_OF(GENERAL_NAME)
-
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
-        GENERAL_NAMES *fullname;
-        STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-} DIST_POINT_NAME;
-
-typedef struct DIST_POINT_st {
-DIST_POINT_NAME *distpoint;
-ASN1_BIT_STRING *reasons;
-GENERAL_NAMES *CRLissuer;
-} DIST_POINT;
-
-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
-
-DECLARE_STACK_OF(DIST_POINT)
-DECLARE_ASN1_SET_OF(DIST_POINT)
-
-typedef struct AUTHORITY_KEYID_st {
-ASN1_OCTET_STRING *keyid;
-GENERAL_NAMES *issuer;
-ASN1_INTEGER *serial;
-} AUTHORITY_KEYID;
-
-/* Strong extranet structures */
-
-typedef struct SXNET_ID_st {
-        ASN1_INTEGER *zone;
-        ASN1_OCTET_STRING *user;
-} SXNETID;
-
-DECLARE_STACK_OF(SXNETID)
-DECLARE_ASN1_SET_OF(SXNETID)
-
-typedef struct SXNET_st {
-        ASN1_INTEGER *version;
-        STACK_OF(SXNETID) *ids;
-} SXNET;
-
-typedef struct NOTICEREF_st {
-        ASN1_STRING *organization;
-        STACK_OF(ASN1_INTEGER) *noticenos;
-} NOTICEREF;
-
-typedef struct USERNOTICE_st {
-        NOTICEREF *noticeref;
-        ASN1_STRING *exptext;
-} USERNOTICE;
-
-typedef struct POLICYQUALINFO_st {
-        ASN1_OBJECT *pqualid;
-        union {
-                ASN1_IA5STRING *cpsuri;
-                USERNOTICE *usernotice;
-                ASN1_TYPE *other;
-        } d;
-} POLICYQUALINFO;
-
-DECLARE_STACK_OF(POLICYQUALINFO)
-DECLARE_ASN1_SET_OF(POLICYQUALINFO)
-
-typedef struct POLICYINFO_st {
-        ASN1_OBJECT *policyid;
-        STACK_OF(POLICYQUALINFO) *qualifiers;
-} POLICYINFO;
-
-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
-
-DECLARE_STACK_OF(POLICYINFO)
-DECLARE_ASN1_SET_OF(POLICYINFO)
-
-/* Proxy certificate structures, see RFC 3820 */
-typedef struct PROXY_POLICY_st
-        {
-        ASN1_OBJECT *policyLanguage;
-        ASN1_OCTET_STRING *policy;
-        } PROXY_POLICY;
-
-typedef struct PROXY_CERT_INFO_EXTENSION_st
-        {
-        ASN1_INTEGER *pcPathLengthConstraint;
-        PROXY_POLICY *proxyPolicy;
-        } PROXY_CERT_INFO_EXTENSION;
-
-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
-
-
-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
-
-#define X509V3_set_ctx_test(ctx) \
-                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-
-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
-                        0,0,0,0, \
-                        0,0, \
-                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
-                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
-                        NULL, NULL, \
-                        table}
-
-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
-                        0,0,0,0, \
-                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
-                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-                        0,0,0,0, \
-                        NULL}
-
-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-
-/* X509_PURPOSE stuff */
-
-#define EXFLAG_BCONS            0x1
-#define EXFLAG_KUSAGE           0x2
-#define EXFLAG_XKUSAGE          0x4
-#define EXFLAG_NSCERT           0x8
-
-#define EXFLAG_CA               0x10
-#define EXFLAG_SS               0x20
-#define EXFLAG_V1               0x40
-#define EXFLAG_INVALID          0x80
-#define EXFLAG_SET              0x100
-#define EXFLAG_CRITICAL         0x200
-#define EXFLAG_PROXY            0x400
-
-#define KU_DIGITAL_SIGNATURE    0x0080
-#define KU_NON_REPUDIATION      0x0040
-#define KU_KEY_ENCIPHERMENT     0x0020
-#define KU_DATA_ENCIPHERMENT    0x0010
-#define KU_KEY_AGREEMENT        0x0008
-#define KU_KEY_CERT_SIGN        0x0004
-#define KU_CRL_SIGN             0x0002
-#define KU_ENCIPHER_ONLY        0x0001
-#define KU_DECIPHER_ONLY        0x8000
-
-#define NS_SSL_CLIENT           0x80
-#define NS_SSL_SERVER           0x40
-#define NS_SMIME                0x20
-#define NS_OBJSIGN              0x10
-#define NS_SSL_CA               0x04
-#define NS_SMIME_CA             0x02
-#define NS_OBJSIGN_CA           0x01
-#define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
-
-#define XKU_SSL_SERVER          0x1     
-#define XKU_SSL_CLIENT          0x2
-#define XKU_SMIME               0x4
-#define XKU_CODE_SIGN           0x8
-#define XKU_SGC                 0x10
-#define XKU_OCSP_SIGN           0x20
-#define XKU_TIMESTAMP           0x40
-#define XKU_DVCS                0x80
-
-#define X509_PURPOSE_DYNAMIC    0x1
-#define X509_PURPOSE_DYNAMIC_NAME       0x2
-
-typedef struct x509_purpose_st {
-        int purpose;
-        int trust;              /* Default trust ID */
-        int flags;
-        int (*check_purpose)(const struct x509_purpose_st *,
-                                const X509 *, int);
-        char *name;
-        char *sname;
-        void *usr_data;
-} X509_PURPOSE;
-
-#define X509_PURPOSE_SSL_CLIENT         1
-#define X509_PURPOSE_SSL_SERVER         2
-#define X509_PURPOSE_NS_SSL_SERVER      3
-#define X509_PURPOSE_SMIME_SIGN         4
-#define X509_PURPOSE_SMIME_ENCRYPT      5
-#define X509_PURPOSE_CRL_SIGN           6
-#define X509_PURPOSE_ANY                7
-#define X509_PURPOSE_OCSP_HELPER        8
-
-#define X509_PURPOSE_MIN                1
-#define X509_PURPOSE_MAX                8
-
-/* Flags for X509V3_EXT_print() */
-
-#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT              0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
-
-/* Flags for X509V3_add1_i2d */
-
-#define X509V3_ADD_OP_MASK              0xfL
-#define X509V3_ADD_DEFAULT              0L
-#define X509V3_ADD_APPEND               1L
-#define X509V3_ADD_REPLACE              2L
-#define X509V3_ADD_REPLACE_EXISTING     3L
-#define X509V3_ADD_KEEP_EXISTING        4L
-#define X509V3_ADD_DELETE               5L
-#define X509V3_ADD_SILENT               0x10
-
-DECLARE_STACK_OF(X509_PURPOSE)
-
-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-DECLARE_ASN1_FUNCTIONS(SXNET)
-DECLARE_ASN1_FUNCTIONS(SXNETID)
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
-
-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-DECLARE_ASN1_FUNCTIONS(OTHERNAME)
-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-
-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
-
-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-DECLARE_ASN1_FUNCTIONS(POLICYINFO)
-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
-DECLARE_ASN1_FUNCTIONS(USERNOTICE)
-DECLARE_ASN1_FUNCTIONS(NOTICEREF)
-
-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-#ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
-void X509V3_conf_free(CONF_VALUE *val);
-
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
-#endif
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-                                 X509_REQ *req, X509_CRL *crl, int flags);
-
-int X509V3_add_value(const char *name, const char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-                                                STACK_OF(CONF_VALUE) **extlist);
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-void X509V3_EXT_cleanup(void);
-
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
-int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-
-char *hex_to_string(unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
-                                                                 int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
-
-int X509_check_ca(X509 *x);
-int X509_check_purpose(X509 *x, int id, int ca);
-int X509_supported_extension(X509_EXTENSION *ex);
-int X509_PURPOSE_set(int *p, int purpose);
-int X509_check_issued(X509 *issuer, X509 *subject);
-int X509_PURPOSE_get_count(void);
-X509_PURPOSE * X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(int id, int trust, int flags,
-                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
-                                char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
-void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
-
-STACK *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509V3_strings(void);
-
-/* Error codes for the X509V3 functions. */
-
-/* Function codes. */
-#define X509V3_F_COPY_EMAIL                              122
-#define X509V3_F_COPY_ISSUER                             123
-#define X509V3_F_DO_EXT_CONF                             124
-#define X509V3_F_DO_EXT_I2D                              135
-#define X509V3_F_HEX_TO_STRING                           111
-#define X509V3_F_I2S_ASN1_ENUMERATED                     121
-#define X509V3_F_I2S_ASN1_IA5STRING                      142
-#define X509V3_F_I2S_ASN1_INTEGER                        120
-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
-#define X509V3_F_NOTICE_SECTION                          132
-#define X509V3_F_NREF_NOS                                133
-#define X509V3_F_POLICY_SECTION                          131
-#define X509V3_F_R2I_CERTPOL                             130
-#define X509V3_F_R2I_PCI                                 142
-#define X509V3_F_S2I_ASN1_IA5STRING                      100
-#define X509V3_F_S2I_ASN1_INTEGER                        108
-#define X509V3_F_S2I_ASN1_OCTET_STRING                   112
-#define X509V3_F_S2I_ASN1_SKEY_ID                        114
-#define X509V3_F_S2I_S2I_SKEY_ID                         115
-#define X509V3_F_STRING_TO_HEX                           113
-#define X509V3_F_SXNET_ADD_ASC                           125
-#define X509V3_F_SXNET_ADD_ID_INTEGER                    126
-#define X509V3_F_SXNET_ADD_ID_ULONG                      127
-#define X509V3_F_SXNET_GET_ID_ASC                        128
-#define X509V3_F_SXNET_GET_ID_ULONG                      129
-#define X509V3_F_V2I_ACCESS_DESCRIPTION                  139
-#define X509V3_F_V2I_ASN1_BIT_STRING                     101
-#define X509V3_F_V2I_AUTHORITY_KEYID                     119
-#define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
-#define X509V3_F_V2I_CRLD                                134
-#define X509V3_F_V2I_EXT_KU                              103
-#define X509V3_F_V2I_GENERAL_NAME                        117
-#define X509V3_F_V2I_GENERAL_NAMES                       118
-#define X509V3_F_V3_GENERIC_EXTENSION                    116
-#define X509V3_F_X509V3_ADD_I2D                          140
-#define X509V3_F_X509V3_ADD_VALUE                        105
-#define X509V3_F_X509V3_EXT_ADD                          104
-#define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
-#define X509V3_F_X509V3_EXT_CONF                         107
-#define X509V3_F_X509V3_EXT_I2D                          136
-#define X509V3_F_X509V3_GET_VALUE_BOOL                   110
-#define X509V3_F_X509V3_PARSE_LIST                       109
-#define X509V3_F_X509_PURPOSE_ADD                        137
-#define X509V3_F_X509_PURPOSE_SET                        141
-
-/* Reason codes. */
-#define X509V3_R_BAD_IP_ADDRESS                          118
-#define X509V3_R_BAD_OBJECT                              119
-#define X509V3_R_BN_DEC2BN_ERROR                         100
-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
-#define X509V3_R_DUPLICATE_ZONE_ID                       133
-#define X509V3_R_ERROR_CONVERTING_ZONE                   131
-#define X509V3_R_ERROR_CREATING_EXTENSION                144
-#define X509V3_R_ERROR_IN_EXTENSION                      128
-#define X509V3_R_EXPECTED_A_SECTION_NAME                 137
-#define X509V3_R_EXTENSION_EXISTS                        145
-#define X509V3_R_EXTENSION_NAME_ERROR                    115
-#define X509V3_R_EXTENSION_NOT_FOUND                     102
-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
-#define X509V3_R_EXTENSION_VALUE_ERROR                   116
-#define X509V3_R_ILLEGAL_HEX_DIGIT                       113
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             153
-#define X509V3_R_INVALID_BOOLEAN_STRING                  104
-#define X509V3_R_INVALID_EXTENSION_STRING                105
-#define X509V3_R_INVALID_NAME                            106
-#define X509V3_R_INVALID_NULL_ARGUMENT                   107
-#define X509V3_R_INVALID_NULL_NAME                       108
-#define X509V3_R_INVALID_NULL_VALUE                      109
-#define X509V3_R_INVALID_NUMBER                          140
-#define X509V3_R_INVALID_NUMBERS                         141
-#define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
-#define X509V3_R_INVALID_OPTION                          138
-#define X509V3_R_INVALID_POLICY_IDENTIFIER               134
-#define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER         147
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING            151
-#define X509V3_R_INVALID_PURPOSE                         146
-#define X509V3_R_INVALID_SECTION                         135
-#define X509V3_R_INVALID_SYNTAX                          143
-#define X509V3_R_ISSUER_DECODE_ERROR                     126
-#define X509V3_R_MISSING_VALUE                           124
-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
-#define X509V3_R_NO_CONFIG_DATABASE                      136
-#define X509V3_R_NO_ISSUER_CERTIFICATE                   121
-#define X509V3_R_NO_ISSUER_DETAILS                       127
-#define X509V3_R_NO_POLICY_IDENTIFIER                    139
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   148
-#define X509V3_R_NO_PUBLIC_KEY                           114
-#define X509V3_R_NO_SUBJECT_DETAILS                      125
-#define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        149
-#define X509V3_R_POLICY_PATH_LENGTH                      152
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     150
-#define X509V3_R_POLICY_SYNTAX_NOT                       154
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   155
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156
-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
-#define X509V3_R_UNKNOWN_EXTENSION                       129
-#define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
-#define X509V3_R_UNKNOWN_OPTION                          120
-#define X509V3_R_UNSUPPORTED_OPTION                      117
-#define X509V3_R_USER_TOO_LONG                           132
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index e6afecc724..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index d683ee43e1..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,598 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct bio_ssl_st
-        {
-        SSL *ssl; /* The ssl handle :-) */
-        /* re-negotiate every time the total number of bytes is this size */
-        int num_renegotiates;
-        unsigned long renegotiate_count;
-        unsigned long byte_count;
-        unsigned long renegotiate_timeout;
-        unsigned long last_time;
-        } BIO_SSL;
-
-static BIO_METHOD methods_sslp=
-        {
-        BIO_TYPE_SSL,"ssl",
-        ssl_write,
-        ssl_read,
-        ssl_puts,
-        NULL, /* ssl_gets, */
-        ssl_ctrl,
-        ssl_new,
-        ssl_free,
-        ssl_callback_ctrl,
-        };
-
-BIO_METHOD *BIO_f_ssl(void)
-        {
-        return(&methods_sslp);
-        }
-
-static int ssl_new(BIO *bi)
-        {
-        BIO_SSL *bs;
-
-        bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
-        if (bs == NULL)
-                {
-                BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        memset(bs,0,sizeof(BIO_SSL));
-        bi->init=0;
-        bi->ptr=(char *)bs;
-        bi->flags=0;
-        return(1);
-        }
-
-static int ssl_free(BIO *a)
-        {
-        BIO_SSL *bs;
-
-        if (a == NULL) return(0);
-        bs=(BIO_SSL *)a->ptr;
-        if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
-        if (a->shutdown)
-                {
-                if (a->init && (bs->ssl != NULL))
-                        SSL_free(bs->ssl);
-                a->init=0;
-                a->flags=0;
-                }
-        if (a->ptr != NULL)
-                OPENSSL_free(a->ptr);
-        return(1);
-        }
-        
-static int ssl_read(BIO *b, char *out, int outl)
-        {
-        int ret=1;
-        BIO_SSL *sb;
-        SSL *ssl;
-        int retry_reason=0;
-        int r=0;
-
-        if (out == NULL) return(0);
-        sb=(BIO_SSL *)b->ptr;
-        ssl=sb->ssl;
-
-        BIO_clear_retry_flags(b);
-
-#if 0
-        if (!SSL_is_init_finished(ssl))
-                {
-/*              ret=SSL_do_handshake(ssl); */
-                if (ret > 0)
-                        {
-
-                        outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-                        ret= -1;
-                        goto end;
-                        }
-                }
-#endif
-/*      if (ret > 0) */
-        ret=SSL_read(ssl,out,outl);
-
-        switch (SSL_get_error(ssl,ret))
-                {
-        case SSL_ERROR_NONE:
-                if (ret <= 0) break;
-                if (sb->renegotiate_count > 0)
-                        {
-                        sb->byte_count+=ret;
-                        if (sb->byte_count > sb->renegotiate_count)
-                                {
-                                sb->byte_count=0;
-                                sb->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                r=1;
-                                }
-                        }
-                if ((sb->renegotiate_timeout > 0) && (!r))
-                        {
-                        unsigned long tm;
-
-                        tm=(unsigned long)time(NULL);
-                        if (tm > sb->last_time+sb->renegotiate_timeout)
-                                {
-                                sb->last_time=tm;
-                                sb->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                }
-                        }
-
-                break;
-        case SSL_ERROR_WANT_READ:
-                BIO_set_retry_read(b);
-                break;
-        case SSL_ERROR_WANT_WRITE:
-                BIO_set_retry_write(b);
-                break;
-        case SSL_ERROR_WANT_X509_LOOKUP:
-                BIO_set_retry_special(b);
-                retry_reason=BIO_RR_SSL_X509_LOOKUP;
-                break;
-        case SSL_ERROR_WANT_ACCEPT:
-                BIO_set_retry_special(b);
-                retry_reason=BIO_RR_ACCEPT;
-                break;
-        case SSL_ERROR_WANT_CONNECT:
-                BIO_set_retry_special(b);
-                retry_reason=BIO_RR_CONNECT;
-                break;
-        case SSL_ERROR_SYSCALL:
-        case SSL_ERROR_SSL:
-        case SSL_ERROR_ZERO_RETURN:
-        default:
-                break;
-                }
-
-        b->retry_reason=retry_reason;
-        return(ret);
-        }
-
-static int ssl_write(BIO *b, const char *out, int outl)
-        {
-        int ret,r=0;
-        int retry_reason=0;
-        SSL *ssl;
-        BIO_SSL *bs;
-
-        if (out == NULL) return(0);
-        bs=(BIO_SSL *)b->ptr;
-        ssl=bs->ssl;
-
-        BIO_clear_retry_flags(b);
-
-/*      ret=SSL_do_handshake(ssl);
-        if (ret > 0) */
-        ret=SSL_write(ssl,out,outl);
-
-        switch (SSL_get_error(ssl,ret))
-                {
-        case SSL_ERROR_NONE:
-                if (ret <= 0) break;
-                if (bs->renegotiate_count > 0)
-                        {
-                        bs->byte_count+=ret;
-                        if (bs->byte_count > bs->renegotiate_count)
-                                {
-                                bs->byte_count=0;
-                                bs->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                r=1;
-                                }
-                        }
-                if ((bs->renegotiate_timeout > 0) && (!r))
-                        {
-                        unsigned long tm;
-
-                        tm=(unsigned long)time(NULL);
-                        if (tm > bs->last_time+bs->renegotiate_timeout)
-                                {
-                                bs->last_time=tm;
-                                bs->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                }
-                        }
-                break;
-        case SSL_ERROR_WANT_WRITE:
-                BIO_set_retry_write(b);
-                break;
-        case SSL_ERROR_WANT_READ:
-                BIO_set_retry_read(b);
-                break;
-        case SSL_ERROR_WANT_X509_LOOKUP:
-                BIO_set_retry_special(b);
-                retry_reason=BIO_RR_SSL_X509_LOOKUP;
-                break;
-        case SSL_ERROR_WANT_CONNECT:
-                BIO_set_retry_special(b);
-                retry_reason=BIO_RR_CONNECT;
-        case SSL_ERROR_SYSCALL:
-        case SSL_ERROR_SSL:
-        default:
-                break;
-                }
-
-        b->retry_reason=retry_reason;
-        return(ret);
-        }
-
-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        SSL **sslp,*ssl;
-        BIO_SSL *bs;
-        BIO *dbio,*bio;
-        long ret=1;
-
-        bs=(BIO_SSL *)b->ptr;
-        ssl=bs->ssl;
-        if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
-                return(0);
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                SSL_shutdown(ssl);
-
-                if (ssl->handshake_func == ssl->method->ssl_connect)
-                        SSL_set_connect_state(ssl);
-                else if (ssl->handshake_func == ssl->method->ssl_accept)
-                        SSL_set_accept_state(ssl);
-
-                SSL_clear(ssl);
-
-                if (b->next_bio != NULL)
-                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-                else if (ssl->rbio != NULL)
-                        ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-                else
-                        ret=1;
-                break;
-        case BIO_CTRL_INFO:
-                ret=0;
-                break;
-        case BIO_C_SSL_MODE:
-                if (num) /* client mode */
-                        SSL_set_connect_state(ssl);
-                else
-                        SSL_set_accept_state(ssl);
-                break;
-        case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
-                ret=bs->renegotiate_timeout;
-                if (num < 60) num=5;
-                bs->renegotiate_timeout=(unsigned long)num;
-                bs->last_time=(unsigned long)time(NULL);
-                break;
-        case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
-                ret=bs->renegotiate_count;
-                if ((long)num >=512)
-                        bs->renegotiate_count=(unsigned long)num;
-                break;
-        case BIO_C_GET_SSL_NUM_RENEGOTIATES:
-                ret=bs->num_renegotiates;
-                break;
-        case BIO_C_SET_SSL:
-                if (ssl != NULL)
-                        ssl_free(b);
-                b->shutdown=(int)num;
-                ssl=(SSL *)ptr;
-                ((BIO_SSL *)b->ptr)->ssl=ssl;
-                bio=SSL_get_rbio(ssl);
-                if (bio != NULL)
-                        {
-                        if (b->next_bio != NULL)
-                                BIO_push(bio,b->next_bio);
-                        b->next_bio=bio;
-                        CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
-                        }
-                b->init=1;
-                break;
-        case BIO_C_GET_SSL:
-                if (ptr != NULL)
-                        {
-                        sslp=(SSL **)ptr;
-                        *sslp=ssl;
-                        }
-                else
-                        ret=0;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret=b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown=(int)num;
-                break;
-        case BIO_CTRL_WPENDING:
-                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_PENDING:
-                ret=SSL_pending(ssl);
-                if (ret == 0)
-                        ret=BIO_pending(ssl->rbio);
-                break;
-        case BIO_CTRL_FLUSH:
-                BIO_clear_retry_flags(b);
-                ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-                BIO_copy_next_retry(b);
-                break;
-        case BIO_CTRL_PUSH:
-                if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
-                        {
-                        SSL_set_bio(ssl,b->next_bio,b->next_bio);
-                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
-                        }
-                break;
-        case BIO_CTRL_POP:
-                /* ugly bit of a hack */
-                if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
-                        {
-                        BIO_free_all(ssl->wbio);
-                        }
-                if (b->next_bio != NULL)
-                        {
-                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
-                        }
-                ssl->wbio=NULL;
-                ssl->rbio=NULL;
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-
-                b->retry_reason=0;
-                ret=(int)SSL_do_handshake(ssl);
-
-                switch (SSL_get_error(ssl,(int)ret))
-                        {
-                case SSL_ERROR_WANT_READ:
-                        BIO_set_flags(b,
-                                BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-                        break;
-                case SSL_ERROR_WANT_WRITE:
-                        BIO_set_flags(b,
-                                BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-                        break;
-                case SSL_ERROR_WANT_CONNECT:
-                        BIO_set_flags(b,
-                                BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
-                        b->retry_reason=b->next_bio->retry_reason;
-                        break;
-                default:
-                        break;
-                        }
-                break;
-        case BIO_CTRL_DUP:
-                dbio=(BIO *)ptr;
-                if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
-                        SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
-                ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
-                ((BIO_SSL *)dbio->ptr)->renegotiate_count=
-                        ((BIO_SSL *)b->ptr)->renegotiate_count;
-                ((BIO_SSL *)dbio->ptr)->byte_count=
-                        ((BIO_SSL *)b->ptr)->byte_count;
-                ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
-                        ((BIO_SSL *)b->ptr)->renegotiate_timeout;
-                ((BIO_SSL *)dbio->ptr)->last_time=
-                        ((BIO_SSL *)b->ptr)->last_time;
-                ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
-                break;
-        case BIO_C_GET_FD:
-                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-                break;
-        case BIO_CTRL_SET_CALLBACK:
-                {
-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-                BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                ret = -1;
-#else
-                ret=0;
-#endif
-                }
-                break;
-        case BIO_CTRL_GET_CALLBACK:
-                {
-                void (**fptr)();
-
-                fptr=(void (**)())ptr;
-                *fptr=SSL_get_info_callback(ssl);
-                }
-                break;
-        default:
-                ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-                break;
-                }
-        return(ret);
-        }
-
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        SSL *ssl;
-        BIO_SSL *bs;
-        long ret=1;
-
-        bs=(BIO_SSL *)b->ptr;
-        ssl=bs->ssl;
-        switch (cmd)
-                {
-        case BIO_CTRL_SET_CALLBACK:
-                {
-                /* FIXME: setting this via a completely different prototype
-                   seems like a crap idea */
-                SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
-                }
-                break;
-        default:
-                ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
-                break;
-                }
-        return(ret);
-        }
-
-static int ssl_puts(BIO *bp, const char *str)
-        {
-        int n,ret;
-
-        n=strlen(str);
-        ret=BIO_write(bp,str,n);
-        return(ret);
-        }
-
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
-        {
-#ifndef OPENSSL_NO_SOCK
-        BIO *ret=NULL,*buf=NULL,*ssl=NULL;
-
-        if ((buf=BIO_new(BIO_f_buffer())) == NULL)
-                return(NULL);
-        if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
-                goto err;
-        if ((ret=BIO_push(buf,ssl)) == NULL)
-                goto err;
-        return(ret);
-err:
-        if (buf != NULL) BIO_free(buf);
-        if (ssl != NULL) BIO_free(ssl);
-#endif
-        return(NULL);
-        }
-
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
-        {
-        BIO *ret=NULL,*con=NULL,*ssl=NULL;
-
-        if ((con=BIO_new(BIO_s_connect())) == NULL)
-                return(NULL);
-        if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
-                goto err;
-        if ((ret=BIO_push(ssl,con)) == NULL)
-                goto err;
-        return(ret);
-err:
-        if (con != NULL) BIO_free(con);
-        if (ret != NULL) BIO_free(ret);
-        return(NULL);
-        }
-
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
-        {
-        BIO *ret;
-        SSL *ssl;
-
-        if ((ret=BIO_new(BIO_f_ssl())) == NULL)
-                return(NULL);
-        if ((ssl=SSL_new(ctx)) == NULL)
-                {
-                BIO_free(ret);
-                return(NULL);
-                }
-        if (client)
-                SSL_set_connect_state(ssl);
-        else
-                SSL_set_accept_state(ssl);
-                
-        BIO_set_ssl(ret,ssl,BIO_CLOSE);
-        return(ret);
-        }
-
-int BIO_ssl_copy_session_id(BIO *t, BIO *f)
-        {
-        t=BIO_find_type(t,BIO_TYPE_SSL);
-        f=BIO_find_type(f,BIO_TYPE_SSL);
-        if ((t == NULL) || (f == NULL))
-                return(0);
-        if (    (((BIO_SSL *)t->ptr)->ssl == NULL) || 
-                (((BIO_SSL *)f->ptr)->ssl == NULL))
-                return(0);
-        SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
-        return(1);
-        }
-
-void BIO_ssl_shutdown(BIO *b)
-        {
-        SSL *s;
-
-        while (b != NULL)
-                {
-                if (b->method->type == BIO_TYPE_SSL)
-                        {
-                        s=((BIO_SSL *)b->ptr)->ssl;
-                        SSL_shutdown(s);
-                        break;
-                        }
-                b=b->next_bio;
-                }
-        }
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index 4c1d595b0a..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,313 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME                    = .
-RANDFILE                = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file               = $ENV::HOME/.oid
-oid_section             = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions            = 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir             = ./demoCA              # Where everything is kept
-certs           = $dir/certs            # Where the issued certs are kept
-crl_dir         = $dir/crl              # Where the issued crl are kept
-database        = $dir/index.txt        # database index file.
-#unique_subject = no                    # Set to 'no' to allow creation of
-                                        # several ctificates with same subject.
-new_certs_dir   = $dir/newcerts         # default place for new certs.
-
-certificate     = $dir/cacert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-#crlnumber      = $dir/crlnumber        # the current crl number must be
-                                        # commented out to leave a V1 CRL
-crl             = $dir/crl.pem          # The current CRL
-private_key     = $dir/private/cakey.pem# The private key
-RANDFILE        = $dir/private/.rand    # private random number file
-
-x509_extensions = usr_cert              # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt        = ca_default            # Subject Name options
-cert_opt        = ca_default            # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions        = crl_ext
-
-default_days    = 365                   # how long to certify for
-default_crl_days= 30                    # how long before next CRL
-default_md      = md5                   # which md to use.
-preserve        = no                    # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy          = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-####################################################################
-[ req ]
-default_bits            = 1024
-default_keyfile         = privkey.pem
-distinguished_name      = req_distinguished_name
-attributes              = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix   : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_min                 = 2
-countryName_max                 = 2
-
-stateOrProvinceName             = State or Province Name (full name)
-stateOrProvinceName_default     = Some-State
-
-localityName                    = Locality Name (eg, city)
-
-0.organizationName              = Organization Name (eg, company)
-0.organizationName_default      = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName             = Second Organization Name (eg, company)
-#1.organizationName_default     = World Wide Web Pty Ltd
-
-organizationalUnitName          = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName                      = Common Name (eg, YOUR name)
-commonName_max                  = 64
-
-emailAddress                    = Email Address
-emailAddress_max                = 64
-
-# SET-ex3                       = SET extension number 3
-
-[ req_attributes ]
-challengePassword               = A challenge password
-challengePassword_min           = 4
-challengePassword_max           = 20
-
-unstructuredName                = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                       = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                       = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index 432a17b66c..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1235 +0,0 @@
-
-This is some preliminary documentation for OpenSSL.
-
-Contents:
-
- OpenSSL X509V3 extension configuration
- X509V3 Extension code: programmers guide
- PKCS#12 Library
-
-
-==============================================================================
-               OpenSSL X509V3 extension configuration
-==============================================================================
-
-OpenSSL X509V3 extension configuration: preliminary documentation.
-
-INTRODUCTION.
-
-For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
-possible to add and print out common X509 V3 certificate and CRL extensions.
-
-BEGINNERS NOTE
-
-For most simple applications you don't need to know too much about extensions:
-the default openssl.cnf values will usually do sensible things.
-
-If you want to know more you can initially quickly look through the sections
-describing how the standard OpenSSL utilities display and add extensions and
-then the list of supported extensions.
-
-For more technical information about the meaning of extensions see:
-
-http://www.imc.org/ietf-pkix/
-http://home.netscape.com/eng/security/certs.html
-
-PRINTING EXTENSIONS.
-
-Extension values are automatically printed out for supported extensions.
-
-openssl x509 -in cert.pem -text
-openssl crl -in crl.pem -text
-
-will give information in the extension printout, for example:
-
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
-            X509v3 Authority Key Identifier: 
-                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Subject Alternative Name: 
-                email:email@1.address, email:email@2.address
-
-CONFIGURATION FILES.
-
-The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
-which certificate extensions to include. In each case a line:
-
-x509_extensions = extension_section
-
-indicates which section contains the extensions. In the case of 'req' the
-extension section is used when the -x509 option is present to create a
-self signed root certificate.
-
-The 'x509' utility also supports extensions when it signs a certificate.
-The -extfile option is used to set the configuration file containing the
-extensions. In this case a line with:
-
-extensions = extension_section
-
-in the nameless (default) section is used. If no such line is included then
-it uses the default section.
-
-You can also add extensions to CRLs: a line
-
-crl_extensions = crl_extension_section
-
-will include extensions when the -gencrl option is used with the 'ca' utility.
-You can add any extension to a CRL but of the supported extensions only
-issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
-CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
-CRL entry extensions can be displayed.
-
-NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
-you should not include a crl_extensions line in the configuration file.
-
-As with all configuration files you can use the inbuilt environment expansion
-to allow the values to be passed in the environment. Therefore if you have
-several extension sections used for different purposes you can have a line:
-
-x509_extensions = $ENV::ENV_EXT
-
-and set the ENV_EXT environment variable before calling the relevant utility.
-
-EXTENSION SYNTAX.
-
-Extensions have the basic form:
-
-extension_name=[critical,] extension_options
-
-the use of the critical option makes the extension critical. Extreme caution
-should be made when using the critical flag. If an extension is marked
-as critical then any client that does not understand the extension should
-reject it as invalid. Some broken software will reject certificates which
-have *any* critical extensions (these violates PKIX but we have to live
-with it).
-
-There are three main types of extension: string extensions, multi-valued
-extensions, and raw extensions.
-
-String extensions simply have a string which contains either the value itself
-or how it is obtained.
-
-For example:
-
-nsComment="This is a Comment"
-
-Multi-valued extensions have a short form and a long form. The short form
-is a list of names and values:
-
-basicConstraints=critical,CA:true,pathlen:1
-
-The long form allows the values to be placed in a separate section:
-
-basicConstraints=critical,@bs_section
-
-[bs_section]
-
-CA=true
-pathlen=1
-
-Both forms are equivalent. However it should be noted that in some cases the
-same name can appear multiple times, for example,
-
-subjectAltName=email:steve@here,email:steve@there
-
-in this case an equivalent long form is:
-
-subjectAltName=@alt_section
-
-[alt_section]
-
-email.1=steve@here
-email.2=steve@there
-
-This is because the configuration file code cannot handle the same name
-occurring twice in the same section.
-
-The syntax of raw extensions is governed by the extension code: it can
-for example contain data in multiple sections. The correct syntax to
-use is defined by the extension code itself: check out the certificate
-policies extension for an example.
-
-In addition it is also possible to use the word DER to include arbitrary
-data in any extension.
-
-1.2.3.4=critical,DER:01:02:03:04
-1.2.3.4=DER:01020304
-
-The value following DER is a hex dump of the DER encoding of the extension
-Any extension can be placed in this form to override the default behaviour.
-For example:
-
-basicConstraints=critical,DER:00:01:02:03
-
-WARNING: DER should be used with caution. It is possible to create totally
-invalid extensions unless care is taken.
-
-CURRENTLY SUPPORTED EXTENSIONS.
-
-If you aren't sure about extensions then they can be largely ignored: its only
-when you want to do things like restrict certificate usage when you need to
-worry about them. 
-
-The only extension that a beginner might want to look at is Basic Constraints.
-If in addition you want to try Netscape object signing the you should also
-look at Netscape Certificate Type.
-
-Literal String extensions.
-
-In each case the 'value' of the extension is placed directly in the
-extension. Currently supported extensions in this category are: nsBaseUrl,
-nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
-nsSslServerName and nsComment.
-
-For example:
-
-nsComment="This is a test comment"
-
-Bit Strings.
-
-Bit string extensions just consist of a list of supported bits, currently
-two extensions are in this category: PKIX keyUsage and the Netscape specific
-nsCertType.
-
-nsCertType (netscape certificate type) takes the flags: client, server, email,
-objsign, reserved, sslCA, emailCA, objCA.
-
-keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
-keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
-encipherOnly, decipherOnly.
-
-For example:
-
-nsCertType=server
-
-keyUsage=digitalSignature, nonRepudiation
-
-Hints on Netscape Certificate Type.
-
-Other than Basic Constraints this is the only extension a beginner might
-want to use, if you want to try Netscape object signing, otherwise it can
-be ignored.
-
-If you want a certificate that can be used just for object signing then:
-
-nsCertType=objsign
-
-will do the job. If you want to use it as a normal end user and server
-certificate as well then
-
-nsCertType=objsign,email,server
-
-is more appropriate. You cannot use a self signed certificate for object
-signing (well Netscape signtool can but it cheats!) so you need to create
-a CA certificate and sign an end user certificate with it.
-
-Side note: If you want to conform to the Netscape specifications then you
-should really also set:
-
-nsCertType=objCA
-
-in the *CA* certificate for just an object signing CA and
-
-nsCertType=objCA,emailCA,sslCA
-
-for everything. Current Netscape software doesn't enforce this so it can
-be omitted.
-
-Basic Constraints.
-
-This is generally the only extension you need to worry about for simple
-applications. If you want your certificate to be usable as a CA certificate
-(in addition to an end user certificate) then you set this to:
-
-basicConstraints=CA:TRUE
-
-if you want to be certain the certificate cannot be used as a CA then do:
-
-basicConstraints=CA:FALSE
-
-The rest of this section describes more advanced usage.
-
-Basic constraints is a multi-valued extension that supports a CA and an
-optional pathlen option. The CA option takes the values true and false and
-pathlen takes an integer. Note if the CA option is false the pathlen option
-should be omitted. 
-
-The pathlen parameter indicates the maximum number of CAs that can appear
-below this one in a chain. So if you have a CA with a pathlen of zero it can
-only be used to sign end user certificates and not further CAs. This all
-assumes that the software correctly interprets this extension of course.
-
-Examples:
-
-basicConstraints=CA:TRUE
-basicConstraints=critical,CA:TRUE, pathlen:0
-
-NOTE: for a CA to be considered valid it must have the CA option set to
-TRUE. An end user certificate MUST NOT have the CA value set to true.
-According to PKIX recommendations it should exclude the extension entirely,
-however some software may require CA set to FALSE for end entity certificates.
-
-Extended Key Usage.
-
-This extensions consists of a list of usages.
-
-These can either be object short names of the dotted numerical form of OIDs.
-While any OID can be used only certain values make sense. In particular the
-following PKIX, NS and MS values are meaningful:
-
-Value                   Meaning
------                   -------
-serverAuth              SSL/TLS Web Server Authentication.
-clientAuth              SSL/TLS Web Client Authentication.
-codeSigning             Code signing.
-emailProtection         E-mail Protection (S/MIME).
-timeStamping            Trusted Timestamping
-msCodeInd               Microsoft Individual Code Signing (authenticode)
-msCodeCom               Microsoft Commercial Code Signing (authenticode)
-msCTLSign               Microsoft Trust List Signing
-msSGC                   Microsoft Server Gated Crypto
-msEFS                   Microsoft Encrypted File System
-nsSGC                   Netscape Server Gated Crypto
-
-For example, under IE5 a CA can be used for any purpose: by including a list
-of the above usages the CA can be restricted to only authorised uses.
-
-Note: software packages may place additional interpretations on certificate 
-use, in particular some usages may only work for selected CAs. Don't for example
-expect just including msSGC or nsSGC will automatically mean that a certificate
-can be used for SGC ("step up" encryption) otherwise anyone could use it.
-
-Examples:
-
-extendedKeyUsage=critical,codeSigning,1.2.3.4
-extendedKeyUsage=nsSGC,msSGC
-
-Subject Key Identifier.
-
-This is really a string extension and can take two possible values. Either
-a hex string giving details of the extension value to include or the word
-'hash' which then automatically follow PKIX guidelines in selecting and
-appropriate key identifier. The use of the hex string is strongly discouraged.
-
-Example: subjectKeyIdentifier=hash
-
-Authority Key Identifier.
-
-The authority key identifier extension permits two options. keyid and issuer:
-both can take the optional value "always".
-
-If the keyid option is present an attempt is made to copy the subject key
-identifier from the parent certificate. If the value "always" is present
-then an error is returned if the option fails.
-
-The issuer option copies the issuer and serial number from the issuer
-certificate. Normally this will only be done if the keyid option fails or
-is not included: the "always" flag will always include the value.
-
-Subject Alternative Name.
-
-The subject alternative name extension allows various literal values to be
-included in the configuration file. These include "email" (an email address)
-"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER) and IP (and IP address).
-
-Also the email option include a special 'copy' value. This will automatically
-include and email addresses contained in the certificate subject name in
-the extension.
-
-Examples:
-
-subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
-subjectAltName=email:my@other.address,RID:1.2.3.4
-
-Issuer Alternative Name.
-
-The issuer alternative name option supports all the literal options of
-subject alternative name. It does *not* support the email:copy option because
-that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer 
-certificate (if possible).
-
-Example:
-
-issuserAltName = issuer:copy
-
-Authority Info Access.
-
-The authority information access extension gives details about how to access
-certain information relating to the CA. Its syntax is accessOID;location
-where 'location' has the same syntax as subject alternative name (except
-that email:copy is not supported). accessOID can be any valid OID but only
-certain values are meaningful for example OCSP and caIssuers. OCSP gives the
-location of an OCSP responder: this is used by Netscape PSM and other software.
-
-Example:
-
-authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
-authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
-
-CRL distribution points.
-
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
-
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
-
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
-
-If you see this extension with <UNSUPPORTED> when you attempt to print it out
-or it doesn't appear to display correctly then let me know, including the
-certificate (mail me at steve@openssl.org) .
-
-Examples:
-
-crlDistributionPoints=URI:http://www.myhost.com/myca.crl
-crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
-
-Certificate Policies.
-
-This is a RAW extension. It attempts to display the contents of this extension:
-unfortunately this extension is often improperly encoded.
-
-The certificate policies extension will rarely be used in practice: few
-software packages interpret it correctly or at all. IE5 does partially
-support this extension: but it needs the 'ia5org' option because it will
-only correctly support a broken encoding. Of the options below only the
-policy OID, explicitText and CPS options are displayed with IE5.
-
-All the fields of this extension can be set by using the appropriate syntax.
-
-If you follow the PKIX recommendations of not including any qualifiers and just
-using only one OID then you just include the value of that OID. Multiple OIDs
-can be set separated by commas, for example:
-
-certificatePolicies= 1.2.4.5, 1.1.3.4
-
-If you wish to include qualifiers then the policy OID and qualifiers need to
-be specified in a separate section: this is done by using the @section syntax
-instead of a literal OID value.
-
-The section referred to must include the policy OID using the name
-policyIdentifier, cPSuri qualifiers can be included using the syntax:
-
-CPS.nnn=value
-
-userNotice qualifiers can be set using the syntax:
-
-userNotice.nnn=@notice
-
-The value of the userNotice qualifier is specified in the relevant section.
-This section can include explicitText, organization and noticeNumbers
-options. explicitText and organization are text strings, noticeNumbers is a
-comma separated list of numbers. The organization and noticeNumbers options
-(if included) must BOTH be present. If you use the userNotice option with IE5
-then you need the 'ia5org' option at the top level to modify the encoding:
-otherwise it will not be interpreted properly.
-
-Example:
-
-certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
-
-[polsect]
-
-policyIdentifier = 1.3.5.8
-CPS.1="http://my.host.name/"
-CPS.2="http://my.your.name/"
-userNotice.1=@notice
-
-[notice]
-
-explicitText="Explicit Text Here"
-organization="Organisation Name"
-noticeNumbers=1,2,3,4
-
-TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
-according to PKIX it should be of type DisplayText but Verisign uses an 
-IA5STRING and IE5 needs this too.
-
-Display only extensions.
-
-Some extensions are only partially supported and currently are only displayed
-but cannot be set. These include private key usage period, CRL number, and
-CRL reason.
-
-==============================================================================
-                X509V3 Extension code: programmers guide
-==============================================================================
-
-The purpose of the extension code is twofold. It allows an extension to be
-created from a string or structure describing its contents and it prints out an
-extension in a human or machine readable form.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed before calling the extension functions.
-You used to have to call X509V3_add_standard_extensions(); but this is no longer
-required and this function no longer does anything.
-
-void X509V3_EXT_cleanup(void);
-
-This function should be called to cleanup the extension code if any custom
-extensions have been added. If no custom extensions have been added then this
-call does nothing. After this call all custom extension code is freed up but
-you can still use the standard extensions.
-
-2. Printing and parsing extensions.
-
-The simplest way to print out extensions is via the standard X509 printing
-routines: if you use the standard X509_print() function, the supported
-extensions will be printed out automatically.
-
-The following functions allow finer control over extension display:
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-These two functions print out an individual extension to a BIO or FILE pointer.
-Currently the flag argument is unused and should be set to 0. The 'indent'
-argument is the number of spaces to indent each line.
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-
-This function parses an extension and returns its internal structure. The
-precise structure you get back depends on the extension being parsed. If the
-extension if basicConstraints you will get back a pointer to a
-BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
-details about the structures returned. The returned structure should be freed
-after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
-example.
-
-void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-These functions combine the operations of searching for extensions and
-parsing them. They search a certificate, a CRL a CRL entry or a stack
-of extensions respectively for extension whose NID is 'nid' and return
-the parsed result of NULL if an error occurred. For example:
-
-BASIC_CONSTRAINTS *bs;
-bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
-
-This will search for the basicConstraints extension and either return
-it value or NULL. NULL can mean either the extension was not found, it
-occurred more than once or it could not be parsed.
-
-If 'idx' is NULL then an extension is only parsed if it occurs precisely
-once. This is standard behaviour because extensions normally cannot occur
-more than once. If however more than one extension of the same type can
-occur it can be used to parse successive extensions for example:
-
-int i;
-void *ext;
-
-i = -1;
-for(;;) {
-        ext = X509_get_ext_d2i(x, nid, crit, &idx);
-        if(ext == NULL) break;
-         /* Do something with ext */
-}
-
-If 'crit' is not NULL and the extension was found then the int it points to
-is set to 1 for critical extensions and 0 for non critical. Therefore if the
-function returns NULL but 'crit' is set to 0 or 1 then the extension was
-found but it could not be parsed.
-
-The int pointed to by crit will be set to -1 if the extension was not found
-and -2 if the extension occurred more than once (this will only happen if
-idx is NULL). In both cases the function will return NULL.
-
-3. Generating extensions.
-
-An extension will typically be generated from a configuration file, or some
-other kind of configuration database.
-
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-                                                                 X509 *cert);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-                                                                 X509_CRL *crl);
-
-These functions add all the extensions in the given section to the given
-certificate or CRL. They will normally be called just before the certificate
-or CRL is due to be signed. Both return 0 on error on non zero for success.
-
-In each case 'conf' is the LHASH pointer of the configuration file to use
-and 'section' is the section containing the extension details.
-
-See the 'context functions' section for a description of the ctx parameter.
-
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
-                                                                 char *value);
-
-This function returns an extension based on a name and value pair, if the
-pair will not need to access other sections in a config file (or there is no
-config file) then the 'conf' parameter can be set to NULL.
-
-X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
-                                                                 char *value);
-
-This function creates an extension in the same way as X509V3_EXT_conf() but
-takes the NID of the extension rather than its name.
-
-For example to produce basicConstraints with the CA flag and a path length of
-10:
-
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-
-This function sets up an extension from its internal structure. The ext_nid
-parameter is the NID of the extension and 'crit' is the critical flag.
-
-4. Context functions.
-
-The following functions set and manipulate an extension context structure.
-The purpose of the extension context is to allow the extension code to
-access various structures relating to the "environment" of the certificate:
-for example the issuers certificate or the certificate request.
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-                                 X509_REQ *req, X509_CRL *crl, int flags);
-
-This function sets up an X509V3_CTX structure with details of the certificate
-environment: specifically the issuers certificate, the subject certificate,
-the certificate request and the CRL: if these are not relevant or not
-available then they can be set to NULL. The 'flags' parameter should be set
-to zero.
-
-X509V3_set_ctx_test(ctx)
-
-This macro is used to set the 'ctx' structure to a 'test' value: this is to
-allow the syntax of an extension (or configuration file) to be tested.
-
-X509V3_set_ctx_nodb(ctx)
-
-This macro is used when no configuration database is present.
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
-
-This function is used to set the configuration database when it is an LHASH
-structure: typically a configuration file.
-
-The following functions are used to access a configuration database: they
-should only be used in RAW extensions.
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-
-This function returns the value of the parameter "name" in "section", or NULL
-if there has been an error.
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-
-This function frees up the string returned by the above function.
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-
-This function returns a whole section as a STACK_OF(CONF_VALUE) .
-
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-
-This function frees up the STACK returned by the above function.
-
-Note: it is possible to use the extension code with a custom configuration
-database. To do this the "db_meth" element of the X509V3_CTX structure should
-be set to an X509V3_CTX_METHOD structure. This structure contains the following
-function pointers:
-
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-
-these will be called and passed the 'db' element in the X509V3_CTX structure
-to access the database. If a given function is not implemented or not required
-it can be set to NULL.
-
-5. String helper functions.
-
-There are several "i2s" and "s2i" functions that convert structures to and
-from ASCII strings. In all the "i2s" cases the returned string should be
-freed using Free() after use. Since some of these are part of other extension
-code they may take a 'method' parameter. Unless otherwise stated it can be
-safely set to NULL.
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
-
-This returns a hex string from an ASN1_OCTET_STRING.
-
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-
-These return a string decimal representations of an ASN1_INTEGER and an
-ASN1_ENUMERATED type, respectively.
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-                                                   X509V3_CTX *ctx, char *str);
-
-This converts an ASCII hex string to an ASN1_OCTET_STRING.
-
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-
-This converts a decimal ASCII string into an ASN1_INTEGER.
-
-6. Multi valued extension helper functions.
-
-The following functions can be used to manipulate STACKs of CONF_VALUE
-structures, as used by multi valued extensions.
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-
-This function expects a boolean value in 'value' and sets 'asn1_bool' to
-it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
-strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
-"false", "N", "n", "NO" or "no".
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-
-This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
-
-int X509V3_add_value(const char *name, const char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This simply adds a string name and value pair.
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-The same as above but for an unsigned character value.
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This is the same as above except it adds nothing if asn1_bool is FALSE.
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This function adds the value of the ASN1_INTEGER in decimal form.
-
-7. Other helper functions.
-
-<to be added>
-
-ADDING CUSTOM EXTENSIONS.
-
-Currently there are three types of supported extensions. 
-
-String extensions are simple strings where the value is placed directly in the
-extensions, and the string returned is printed out.
-
-Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
-or return a STACK_OF(CONF_VALUE).
-
-Raw extensions are just passed a BIO or a value and it is the extensions
-responsibility to handle all the necessary printing.
-
-There are two ways to add an extension. One is simply as an alias to an already
-existing extension. An alias is an extension that is identical in ASN1 structure
-to an existing extension but has a different OBJECT IDENTIFIER. This can be
-done by calling:
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-
-'nid_to' is the new extension NID and 'nid_from' is the already existing
-extension NID.
-
-Alternatively an extension can be written from scratch. This involves writing
-the ASN1 code to encode and decode the extension and functions to print out and
-generate the extension from strings. The relevant functions are then placed in
-a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-called.
-
-The X509V3_EXT_METHOD structure is described below.
-
-strut {
-int ext_nid;
-int ext_flags;
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-X509V3_EXT_R2I r2i;
-X509V3_EXT_I2R i2r;
-
-void *usr_data;
-};
-
-The elements have the following meanings.
-
-ext_nid         is the NID of the object identifier of the extension.
-
-ext_flags       is set of flags. Currently the only external flag is
-                X509V3_EXT_MULTILINE which means a multi valued extensions
-                should be printed on separate lines.
-
-usr_data        is an extension specific pointer to any relevant data. This
-                allows extensions to share identical code but have different
-                uses. An example of this is the bit string extension which uses
-                usr_data to contain a list of the bit names.
-
-All the remaining elements are function pointers.
-
-ext_new         is a pointer to a function that allocates memory for the
-                extension ASN1 structure: for example ASN1_OBJECT_new().
-
-ext_free        is a pointer to a function that free up memory of the extension
-                ASN1 structure: for example ASN1_OBJECT_free().
-
-d2i             is the standard ASN1 function that converts a DER buffer into
-                the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
-
-i2d             is the standard ASN1 function that converts the internal
-                structure into the DER representation: for example
-                i2d_ASN1_IA5STRING().
-
-The remaining functions are depend on the type of extension. One i2X and
-one X2i should be set and the rest set to NULL. The types set do not need
-to match up, for example the extension could be set using the multi valued
-v2i function and printed out using the raw i2r.
-
-All functions have the X509V3_EXT_METHOD passed to them in the 'method'
-parameter and an X509V3_CTX structure. Extension code can then access the
-parent structure via the 'method' parameter to for example make use of the value
-of usr_data. If the code needs to use detail relating to the request it can
-use the 'ctx' parameter.
-
-A note should be given here about the 'flags' member of the 'ctx' parameter.
-If it has the value CTX_TEST then the configuration syntax is being checked
-and no actual certificate or CRL exists. Therefore any attempt in the config
-file to access such information should silently succeed. If the syntax is OK
-then it should simply return a (possibly bogus) extension, otherwise it
-should return NULL.
-
-char *i2s(struct v3_ext_method *method, void *ext);
-
-This function takes the internal structure in the ext parameter and returns
-a Malloc'ed string representing its value.
-
-void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This function takes the string representation in the ext parameter and returns
-an allocated internal structure: ext_free() will be used on this internal
-structure after use.
-
-i2v and v2i handle a STACK_OF(CONF_VALUE):
-
-typedef struct
-{
-        char *section;
-        char *name;
-        char *value;
-} CONF_VALUE;
-
-Only the name and value members are currently used.
-
-STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
-
-This function is passed the internal structure in the ext parameter and
-returns a STACK of CONF_VALUE structures. The values of name, value,
-section and the structure itself will be freed up with Free after use.
-Several helper functions are available to add values to this STACK.
-
-void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
-                                                STACK_OF(CONF_VALUE) *values);
-
-This function takes a STACK_OF(CONF_VALUE) structures and should set the
-values of the external structure. This typically uses the name element to
-determine which structure element to set and the value element to determine
-what to set it to. Several helper functions are available for this
-purpose (see above).
-
-int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-
-This function is passed the internal extension structure in the ext parameter
-and sends out a human readable version of the extension to out. The 'indent'
-parameter should be noted to determine the necessary amount of indentation
-needed on the output.
-
-void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This is just passed the string representation of the extension. It is intended
-to be used for more elaborate extensions where the standard single and multi
-valued options are insufficient. They can use the 'ctx' parameter to parse the
-configuration database themselves. See the context functions section for details
-of how to do this.
-
-Note: although this type takes the same parameters as the "r2s" function there
-is a subtle difference. Whereas an "r2i" function can access a configuration
-database an "s2i" function MUST NOT. This is so the internal code can safely
-assume that an "s2i" function will work without a configuration database.
-
-==============================================================================
-                            PKCS#12 Library
-==============================================================================
-
-This section describes the internal PKCS#12 support. There are very few
-differences between the old external library and the new internal code at
-present. This may well change because the external library will not be updated
-much in future.
-
-This version now includes a couple of high level PKCS#12 functions which
-generally "do the right thing" and should make it much easier to handle PKCS#12
-structures.
-
-HIGH LEVEL FUNCTIONS.
-
-For most applications you only need concern yourself with the high level
-functions. They can parse and generate simple PKCS#12 files as produced by
-Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
-private key and certificate pair.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed for the internal PKCS#12 library: the 
-standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
-add all algorithms (you should at least add SHA1 though) then you can manually
-initialise the PKCS#12 library with:
-
-PKCS12_PBE_add();
-
-The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
-called or it can be directly freed with:
-
-EVP_PBE_cleanup();
-
-after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
-be called.
-
-2. I/O functions.
-
-i2d_PKCS12_bio(bp, p12)
-
-This writes out a PKCS12 structure to a BIO.
-
-i2d_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-d2i_PKCS12_bio(bp, p12)
-
-This reads in a PKCS12 structure from a BIO.
-
-d2i_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-3. High level functions.
-
-3.1 Parsing with PKCS12_parse().
-
-int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
-                                                                 STACK **ca);
-
-This function takes a PKCS12 structure and a password (ASCII, null terminated)
-and returns the private key, the corresponding certificate and any CA
-certificates. If any of these is not required it can be passed as a NULL.
-The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
-structure. Typically to read in a PKCS#12 file you might do:
-
-p12 = d2i_PKCS12_fp(fp, NULL);
-PKCS12_parse(p12, password, &pkey, &cert, NULL);        /* CAs not wanted */
-PKCS12_free(p12);
-
-3.2 PKCS#12 creation with PKCS12_create().
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                        STACK *ca, int nid_key, int nid_cert, int iter,
-                                                 int mac_iter, int keytype);
-
-This function will create a PKCS12 structure from a given password, name,
-private key, certificate and optional STACK of CA certificates. The remaining
-5 parameters can be set to 0 and sensible defaults will be used.
-
-The parameters nid_key and nid_cert are the key and certificate encryption
-algorithms, iter is the encryption iteration count, mac_iter is the MAC
-iteration count and keytype is the type of private key. If you really want
-to know what these last 5 parameters do then read the low level section.
-
-Typically to create a PKCS#12 file the following could be used:
-
-p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
-i2d_PKCS12_fp(fp, p12);
-PKCS12_free(p12);
-
-3.3 Changing a PKCS#12 structure password.
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-This changes the password of an already existing PKCS#12 structure. oldpass
-is the old password and newpass is the new one. An error occurs if the old
-password is incorrect.
-
-LOW LEVEL FUNCTIONS.
-
-In some cases the high level functions do not provide the necessary
-functionality. For example if you want to generate or parse more complex
-PKCS#12 files. The sample pkcs12 application uses the low level functions
-to display details about the internal structure of a PKCS#12 file.
-
-Introduction.
-
-This is a brief description of how a PKCS#12 file is represented internally:
-some knowledge of PKCS#12 is assumed.
-
-A PKCS#12 object contains several levels.
-
-At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
-CRL, a private key, encrypted or unencrypted, a set of safebags (so the
-structure can be nested) or other secrets (not documented at present). 
-A safebag can optionally have attributes, currently these are: a unicode
-friendlyName (a Unicode string) or a localKeyID (a string of bytes).
-
-At the next level is an authSafe which is a set of safebags collected into
-a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
-
-At the top level is the PKCS12 structure itself which contains a set of
-authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
-contains a MAC which is a kind of password protected digest to preserve
-integrity (so any unencrypted stuff below can't be tampered with).
-
-The reason for these levels is so various objects can be encrypted in various
-ways. For example you might want to encrypt a set of private keys with
-triple-DES and then include the related certificates either unencrypted or
-with lower encryption. Yes it's the dreaded crypto laws at work again which
-allow strong encryption on private keys and only weak encryption on other
-stuff.
-
-To build one of these things you turn all certificates and keys into safebags
-(with optional attributes). You collect the safebags into (one or more) STACKS
-and convert these into authsafes (encrypted or unencrypted).  The authsafes
-are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
-inserted.
-
-Pulling one apart is basically the reverse process. The MAC is verified against
-the given password. The authsafes are extracted and each authsafe split into
-a set of safebags (possibly involving decryption). Finally the safebags are
-decomposed into the original keys and certificates and the attributes used to
-match up private key and certificate pairs.
-
-Anyway here are the functions that do the dirty work.
-
-1. Construction functions.
-
-1.1 Safebag functions.
-
-M_PKCS12_x5092certbag(x509)
-
-This macro takes an X509 structure and returns a certificate bag. The
-X509 structure can be freed up after calling this function.
-
-M_PKCS12_x509crl2certbag(crl)
-
-As above but for a CRL.
-
-PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
-
-Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
-Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
-structure contains a private key data in plain text form it should be free'd
-up as soon as it has been encrypted for security reasons (freeing up the
-structure zeros out the sensitive data). This can be done with
-PKCS8_PRIV_KEY_INFO_free().
-
-PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-
-This sets the key type when a key is imported into MSIE or Outlook 98. Two
-values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
-key that can also be used for signing but its size is limited in the export
-versions of MS software to 512 bits, it is also the default. KEY_SIG is a
-signing only key but the keysize is unlimited (well 16K is supposed to work).
-If you are using the domestic version of MSIE then you can ignore this because
-KEY_EX is not limited and can be used for both.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS8 private key structure into a keybag. This routine embeds the
-p8 structure in the keybag so p8 should not be freed up or used after it is
-called.  The p8 structure will be freed up when the safebag is freed.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
-embedded and can be freed up after use.
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-
-Add a local key id or a friendlyname to a safebag.
-
-1.2 Authsafe functions.
-
-PKCS7 *PKCS12_pack_p7data(STACK *sk)
-Take a stack of safebags and convert them into an unencrypted authsafe. The
-stack of safebags can be freed up after calling this function.
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
-
-As above but encrypted.
-
-1.3 PKCS12 functions.
-
-PKCS12 *PKCS12_init(int mode)
-
-Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
-
-M_PKCS12_pack_authsafes(p12, safes)
-
-This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
-
-int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
-
-Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
-that SHA-1 should be used.
-
-2. Extraction Functions.
-
-2.1 Safebags.
-
-M_PKCS12_bag_type(bag)
-
-Return the type of "bag". Returns one of the following
-
-NID_keyBag
-NID_pkcs8ShroudedKeyBag                 7
-NID_certBag                             8
-NID_crlBag                              9
-NID_secretBag                           10
-NID_safeContentsBag                     11
-
-M_PKCS12_cert_bag_type(bag)
-
-Returns type of certificate bag, following are understood.
-
-NID_x509Certificate                     14
-NID_sdsiCertificate                     15
-
-M_PKCS12_crl_bag_type(bag)
-
-Returns crl bag type, currently only NID_crlBag is recognised.
-
-M_PKCS12_certbag2x509(bag)
-
-This macro extracts an X509 certificate from a certificate bag.
-
-M_PKCS12_certbag2x509crl(bag)
-
-As above but for a CRL.
-
-EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
-
-Extract a private key from a PKCS8 private key info structure.
-
-M_PKCS12_decrypt_skey(bag, pass, passlen) 
-
-Decrypt a shrouded key bag and return a PKCS8 private key info structure.
-Works with both RSA and DSA keys
-
-char *PKCS12_get_friendlyname(bag)
-
-Returns the friendlyName of a bag if present or NULL if none. The returned
-string is a null terminated ASCII string allocated with Malloc(). It should 
-thus be freed up with Free() after use.
-
-2.2 AuthSafe functions.
-
-M_PKCS12_unpack_p7data(p7)
-
-Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
-
-#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
-
-As above but for an encrypted content info.
-
-2.3 PKCS12 functions.
-
-M_PKCS12_unpack_authsafes(p12)
-
-Extract a STACK of authsafes from a PKCS12 structure.
-
-M_PKCS12_mac_present(p12)
-
-Check to see if a MAC is present.
-
-int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
-
-Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
-
-
-Notes.
-
-1. All the function return 0 or NULL on error.
-2. Encryption based functions take a common set of parameters. These are
-described below.
-
-pass, passlen
-ASCII password and length. The password on the MAC is called the "integrity
-password" the encryption password is called the "privacy password" in the
-PKCS#12 documentation. The passwords do not have to be the same. If -1 is
-passed for the length it is worked out by the function itself (currently
-this is sometimes done whatever is passed as the length but that may change).
-
-salt, saltlen
-A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
-default length is used.
-
-iter
-Iteration count. This is a measure of how many times an internal function is
-called to encrypt the data. The larger this value is the longer it takes, it
-makes dictionary attacks on passwords harder. NOTE: Some implementations do
-not support an iteration count on the MAC. If the password for the MAC and
-encryption is the same then there is no point in having a high iteration
-count for encryption if the MAC has no count. The MAC could be attacked
-and the password used for the main decryption.
-
-pbe_nid
-This is the NID of the password based encryption method used. The following are
-supported.
-NID_pbe_WithSHA1And128BitRC4
-NID_pbe_WithSHA1And40BitRC4
-NID_pbe_WithSHA1And3_Key_TripleDES_CBC
-NID_pbe_WithSHA1And2_Key_TripleDES_CBC
-NID_pbe_WithSHA1And128BitRC2_CBC
-NID_pbe_WithSHA1And40BitRC2_CBC
-
-Which you use depends on the implementation you are exporting to. "Export
-grade" (i.e. cryptographically challenged) products cannot support all
-algorithms. Typically you may be able to use any encryption on shrouded key
-bags but they must then be placed in an unencrypted authsafe. Other authsafes
-may only support 40bit encryption. Of course if you are using SSLeay
-throughout you can strongly encrypt everything and have high iteration counts
-on everything.
-
-3. For decryption routines only the password and length are needed.
-
-4. Unlike the external version the nid's of objects are the values of the
-constants: that is NID_certBag is the real nid, therefore there is no 
-PKCS12_obj_offset() function.  Note the object constants are not the same as
-those of the external version. If you use these constants then you will need
-to recompile your code.
-
-5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
-macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
-reused or freed up safely.
-
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index f6675b574b..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,261 +0,0 @@
-Standards related to OpenSSL
-============================
-
-[Please, this is currently a draft.  I made a first try at finding
- documents that describe parts of what OpenSSL implements.  There are
- big gaps, and I've most certainly done something wrong.  Please
- correct whatever is...  Also, this note should be removed when this
- file is reaching a somewhat correct state.        -- Richard Levitte]
-
-
-All pointers in here will be either URL's or blobs of text borrowed
-from miscellaneous indexes, like rfc-index.txt (index of RFCs),
-1id-index.txt (index of Internet drafts) and the like.
-
-To find the latest possible RFCs, it's recommended to either browse
-ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
-use the search mechanism found there.
-To find the latest possible Internet drafts, it's recommended to
-browse ftp://ftp.isi.edu/internet-drafts/.
-To find the latest possible PKCS, it's recommended to browse
-http://www.rsasecurity.com/rsalabs/pkcs/.
-
-
-Implemented:
-------------
-
-These are documents that describe things that are implemented (in
-whole or at least great parts) in OpenSSL.
-
-1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
-     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
-
-1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
-     TXT=32407 bytes) (Status: INFORMATIONAL)
-
-1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
-     TXT=35222 bytes) (Status: INFORMATIONAL)
-
-2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
-     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
-
-2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
-     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
-
-2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
-     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
-
-PKCS#8: Private-Key Information Syntax Standard
-
-PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
-
-2560 X.509 Internet Public Key Infrastructure Online Certificate
-     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
-     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
-     STANDARD)
-
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
-     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
-     (Status: PROPOSED STANDARD)
-
-2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
-     B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
-     INFORMATIONAL)
-
-2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
-     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
-     (Obsoletes RFC2314) (Status: INFORMATIONAL)
-
-3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
-     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
-
-3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
-     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
-     (Status: PROPOSED STANDARD)
-
-3279 Algorithms and Identifiers for the Internet X.509 Public Key
-     Infrastructure Certificate and Certificate Revocation List (CRL)
-     Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
-     TXT=53833 bytes) (Status: PROPOSED STANDARD)
-
-3280 Internet X.509 Public Key Infrastructure Certificate and
-     Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
-     Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
-     RFC2459) (Status: PROPOSED STANDARD)
-
-3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
-     Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
-     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
-     INFORMATIONAL)                                         
-
-3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
-     Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
-     June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
-
-
-Related:
---------
-
-These are documents that are close to OpenSSL, for example the
-STARTTLS documents.
-
-1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
-     Encryption and Authentication Procedures. J. Linn. February 1993.
-     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
-     STANDARD)
-
-1422 Privacy Enhancement for Internet Electronic Mail: Part II:
-     Certificate-Based Key Management. S. Kent. February 1993. (Format:
-     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
-
-1423 Privacy Enhancement for Internet Electronic Mail: Part III:
-     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
-     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
-     STANDARD)
-
-1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
-     Certification and Related Services. B. Kaliski. February 1993.
-     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
-
-2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
-     1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
-
-2510 Internet X.509 Public Key Infrastructure Certificate Management
-     Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
-     bytes) (Status: PROPOSED STANDARD)
-
-2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
-     Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
-     (Status: PROPOSED STANDARD)
-
-2527 Internet X.509 Public Key Infrastructure Certificate Policy and
-     Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
-     (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
-
-2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
-     3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
-     PROPOSED STANDARD)
-
-2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
-     D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
-     PROPOSED STANDARD)
-
-2559 Internet X.509 Public Key Infrastructure Operational Protocols -
-     LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
-     TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
-
-2585 Internet X.509 Public Key Infrastructure Operational Protocols:
-     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
-     bytes) (Status: PROPOSED STANDARD)
-
-2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
-     Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
-     (Status: PROPOSED STANDARD)
-
-2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
-     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
-
-2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
-     (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
-
-2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
-     1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
-
-2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
-     1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
-
-2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
-     February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
-     EXPERIMENTAL)
-
-2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
-     Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
-     PROPOSED STANDARD)
-
-2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
-     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
-     STANDARD)
-
-2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
-     (Status: INFORMATIONAL)
-
-2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
-     2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
-
-2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
-     October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
-
-2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
-     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
-     (Status: INFORMATIONAL)
-
-3029 Internet X.509 Public Key Infrastructure Data Validation and
-     Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
-     R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
-     EXPERIMENTAL)
-
-3039 Internet X.509 Public Key Infrastructure Qualified Certificates
-     Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
-     (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
-
-3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
-     Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
-     (Status: INFORMATIONAL)
-
-3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
-     (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
-     (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
-
-3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
-     October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
-
-3207 SMTP Service Extension for Secure SMTP over Transport Layer
-     Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
-     (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
-
-3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
-     (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
-
-3274 Compressed Data Content Type for Cryptographic Message Syntax
-     (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
-     PROPOSED STANDARD)
-
-3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
-     Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
-     Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
-     INFORMATIONAL)
-
-3281 An Internet Attribute Certificate Profile for Authorization. S.
-     Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
-     PROPOSED STANDARD)
-
-3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
-     (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
-     PROPOSED STANDARD)
-
-3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
-     2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
-     PROPOSED STANDARD)
-
-3377 Lightweight Directory Access Protocol (v3): Technical
-     Specification. J. Hodges, R. Morgan. September 2002. (Format:
-     TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
-     RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
-
-3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
-     R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
-     INFORMATIONAL)
-
-3436 Transport Layer Security over Stream Control Transmission
-     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
-     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
-
-  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
- 
-
-To be implemented:
-------------------
-
-These are documents that describe things that are planed to be
-implemented in the hopefully short future.
-
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index 86356731ea..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static SSL_METHOD *ssl23_get_client_method(int ver)
-        {
-#ifndef OPENSSL_NO_SSL2
-        if (ver == SSL2_VERSION)
-                return(SSLv2_client_method());
-#endif
-        if (ver == SSL3_VERSION)
-                return(SSLv3_client_method());
-        else if (ver == TLS1_VERSION)
-                return(TLSv1_client_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *SSLv23_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv23_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv23_client_data,
-                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                        SSLv23_client_data.ssl_connect=ssl23_connect;
-                        SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv23_client_data);
-        }
-
-int ssl23_connect(SSL *s)
-        {
-        BUF_MEM *buf=NULL;
-        unsigned long Time=(unsigned long)time(NULL);
-        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        int ret= -1;
-        int new_state,state;
-
-        RAND_add(&Time,sizeof(Time),0);
-        ERR_clear_error();
-        clear_sys_error();
-
-        if (s->info_callback != NULL)
-                cb=s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-                cb=s->ctx->info_callback;
-        
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-        for (;;)
-                {
-                state=s->state;
-
-                switch(s->state)
-                        {
-                case SSL_ST_BEFORE:
-                case SSL_ST_CONNECT:
-                case SSL_ST_BEFORE|SSL_ST_CONNECT:
-                case SSL_ST_OK|SSL_ST_CONNECT:
-
-                        if (s->session != NULL)
-                                {
-                                SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
-                                ret= -1;
-                                goto end;
-                                }
-                        s->server=0;
-                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-                        /* s->version=TLS1_VERSION; */
-                        s->type=SSL_ST_CONNECT;
-
-                        if (s->init_buf == NULL)
-                                {
-                                if ((buf=BUF_MEM_new()) == NULL)
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                s->init_buf=buf;
-                                buf=NULL;
-                                }
-
-                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
-                        ssl3_init_finished_mac(s);
-
-                        s->state=SSL23_ST_CW_CLNT_HELLO_A;
-                        s->ctx->stats.sess_connect++;
-                        s->init_num=0;
-                        break;
-
-                case SSL23_ST_CW_CLNT_HELLO_A:
-                case SSL23_ST_CW_CLNT_HELLO_B:
-
-                        s->shutdown=0;
-                        ret=ssl23_client_hello(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL23_ST_CR_SRVR_HELLO_A;
-                        s->init_num=0;
-
-                        break;
-
-                case SSL23_ST_CR_SRVR_HELLO_A:
-                case SSL23_ST_CR_SRVR_HELLO_B:
-                        ret=ssl23_get_server_hello(s);
-                        if (ret >= 0) cb=NULL;
-                        goto end;
-                        /* break; */
-
-                default:
-                        SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
-                        ret= -1;
-                        goto end;
-                        /* break; */
-                        }
-
-                if (s->debug) { (void)BIO_flush(s->wbio); }
-
-                if ((cb != NULL) && (s->state != state))
-                        {
-                        new_state=s->state;
-                        s->state=state;
-                        cb(s,SSL_CB_CONNECT_LOOP,1);
-                        s->state=new_state;
-                        }
-                }
-end:
-        s->in_handshake--;
-        if (buf != NULL)
-                BUF_MEM_free(buf);
-        if (cb != NULL)
-                cb(s,SSL_CB_CONNECT_EXIT,ret);
-        return(ret);
-        }
-
-
-static int ssl23_client_hello(SSL *s)
-        {
-        unsigned char *buf;
-        unsigned char *p,*d;
-        int i,j,ch_len;
-        unsigned long Time,l;
-        int ssl2_compat;
-        int version = 0, version_major, version_minor;
-        SSL_COMP *comp;
-        int ret;
-
-        ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
-        if (!(s->options & SSL_OP_NO_TLSv1))
-                {
-                version = TLS1_VERSION;
-                }
-        else if (!(s->options & SSL_OP_NO_SSLv3))
-                {
-                version = SSL3_VERSION;
-                }
-        else if (!(s->options & SSL_OP_NO_SSLv2))
-                {
-                version = SSL2_VERSION;
-                }
-
-        buf=(unsigned char *)s->init_buf->data;
-        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-                {
-#if 0
-                /* don't reuse session-id's */
-                if (!ssl_get_new_session(s,0))
-                        {
-                        return(-1);
-                        }
-#endif
-
-                p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
-                        return -1;
-
-                if (version == TLS1_VERSION)
-                        {
-                        version_major = TLS1_VERSION_MAJOR;
-                        version_minor = TLS1_VERSION_MINOR;
-                        }
-#ifdef OPENSSL_FIPS
-                else if(FIPS_mode())
-                        {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                        return -1;
-                        }
-#endif
-                else if (version == SSL3_VERSION)
-                        {
-                        version_major = SSL3_VERSION_MAJOR;
-                        version_minor = SSL3_VERSION_MINOR;
-                        }
-                else if (version == SSL2_VERSION)
-                        {
-                        version_major = SSL2_VERSION_MAJOR;
-                        version_minor = SSL2_VERSION_MINOR;
-                        }
-                else
-                        {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
-                        return(-1);
-                        }
-
-                s->client_version = version;
-
-                if (ssl2_compat)
-                        {
-                        /* create SSL 2.0 compatible Client Hello */
-
-                        /* two byte record header will be written last */
-                        d = &(buf[2]);
-                        p = d + 9; /* leave space for message type, version, individual length fields */
-
-                        *(d++) = SSL2_MT_CLIENT_HELLO;
-                        *(d++) = version_major;
-                        *(d++) = version_minor;
-                        
-                        /* Ciphers supported */
-                        i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
-                        if (i == 0)
-                                {
-                                /* no ciphers */
-                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-                                return -1;
-                                }
-                        s2n(i,d);
-                        p+=i;
-                        
-                        /* put in the session-id length (zero since there is no reuse) */
-#if 0
-                        s->session->session_id_length=0;
-#endif
-                        s2n(0,d);
-
-                        if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-                                ch_len=SSL2_CHALLENGE_LENGTH;
-                        else
-                                ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
-                        /* write out sslv2 challenge */
-                        if (SSL3_RANDOM_SIZE < ch_len)
-                                i=SSL3_RANDOM_SIZE;
-                        else
-                                i=ch_len;
-                        s2n(i,d);
-                        memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-                        if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
-                                return -1;
-
-                        memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-                        p+=i;
-
-                        i= p- &(buf[2]);
-                        buf[0]=((i>>8)&0xff)|0x80;
-                        buf[1]=(i&0xff);
-
-                        /* number of bytes to write */
-                        s->init_num=i+2;
-                        s->init_off=0;
-
-                        ssl3_finish_mac(s,&(buf[2]),i);
-                        }
-                else
-                        {
-                        /* create Client Hello in SSL 3.0/TLS 1.0 format */
-
-                        /* do the record header (5 bytes) and handshake message header (4 bytes) last */
-                        d = p = &(buf[9]);
-                        
-                        *(p++) = version_major;
-                        *(p++) = version_minor;
-
-                        /* Random stuff */
-                        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-                        p += SSL3_RANDOM_SIZE;
-
-                        /* Session ID (zero since there is no reuse) */
-                        *(p++) = 0;
-
-                        /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-                        i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
-                        if (i == 0)
-                                {
-                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-                                return -1;
-                                }
-                        s2n(i,p);
-                        p+=i;
-
-                        /* COMPRESSION */
-                        if (s->ctx->comp_methods == NULL)
-                                j=0;
-                        else
-                                j=sk_SSL_COMP_num(s->ctx->comp_methods);
-                        *(p++)=1+j;
-                        for (i=0; i<j; i++)
-                                {
-                                comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
-                                *(p++)=comp->id;
-                                }
-                        *(p++)=0; /* Add the NULL method */
-                        
-                        l = p-d;
-                        *p = 42;
-
-                        /* fill in 4-byte handshake header */
-                        d=&(buf[5]);
-                        *(d++)=SSL3_MT_CLIENT_HELLO;
-                        l2n3(l,d);
-
-                        l += 4;
-
-                        if (l > SSL3_RT_MAX_PLAIN_LENGTH)
-                                {
-                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
-                                return -1;
-                                }
-                        
-                        /* fill in 5-byte record header */
-                        d=buf;
-                        *(d++) = SSL3_RT_HANDSHAKE;
-                        *(d++) = version_major;
-                        *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
-                                                 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
-                        s2n((int)l,d);
-
-                        /* number of bytes to write */
-                        s->init_num=p-buf;
-                        s->init_off=0;
-
-                        ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
-                        }
-
-                s->state=SSL23_ST_CW_CLNT_HELLO_B;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        ret = ssl23_write_bytes(s);
-
-        if ((ret >= 2) && s->msg_callback)
-                {
-                /* Client Hello has been sent; tell msg_callback */
-
-                if (ssl2_compat)
-                        s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
-                else
-                        s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
-                }
-
-        return ret;
-        }
-
-static int ssl23_get_server_hello(SSL *s)
-        {
-        char buf[8];
-        unsigned char *p;
-        int i;
-        int n;
-
-        n=ssl23_read_bytes(s,7);
-
-        if (n != 7) return(n);
-        p=s->packet;
-
-        memcpy(buf,p,n);
-
-        if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
-                (p[5] == 0x00) && (p[6] == 0x02))
-                {
-#ifdef OPENSSL_NO_SSL2
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-                goto err;
-#else
-                /* we are talking sslv2 */
-                /* we need to clean up the SSLv3 setup and put in the
-                 * sslv2 stuff. */
-                int ch_len;
-
-                if (s->options & SSL_OP_NO_SSLv2)
-                        {
-                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-                        goto err;
-                        }
-                if (s->s2 == NULL)
-                        {
-                        if (!ssl2_new(s))
-                                goto err;
-                        }
-                else
-                        ssl2_clear(s);
-
-                if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-                        ch_len=SSL2_CHALLENGE_LENGTH;
-                else
-                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
-                /* write out sslv2 challenge */
-                i=(SSL3_RANDOM_SIZE < ch_len)
-                        ?SSL3_RANDOM_SIZE:ch_len;
-                s->s2->challenge_length=i;
-                memcpy(s->s2->challenge,
-                        &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-
-                if (s->s3 != NULL) ssl3_free(s);
-
-                if (!BUF_MEM_grow_clean(s->init_buf,
-                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-                        {
-                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
-                        goto err;
-                        }
-
-                s->state=SSL2_ST_GET_SERVER_HELLO_A;
-                if (!(s->client_version == SSL2_VERSION))
-                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
-                        s->s2->ssl2_rollback=1;
-
-                /* setup the 5 bytes we have read so we get them from
-                 * the sslv2 buffer */
-                s->rstate=SSL_ST_READ_HEADER;
-                s->packet_length=n;
-                s->packet= &(s->s2->rbuf[0]);
-                memcpy(s->packet,buf,n);
-                s->s2->rbuf_left=n;
-                s->s2->rbuf_offs=0;
-
-                /* we have already written one */
-                s->s2->write_sequence=1;
-
-                s->method=SSLv2_client_method();
-                s->handshake_func=s->method->ssl_connect;
-#endif
-                }
-        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-                 (p[1] == SSL3_VERSION_MAJOR) &&
-                 ((p[2] == SSL3_VERSION_MINOR) ||
-                  (p[2] == TLS1_VERSION_MINOR)) &&
-                 (p[5] == SSL3_MT_SERVER_HELLO))
-                {
-                /* we have sslv3 or tls1 */
-
-                if (!ssl_init_wbio_buffer(s,1)) goto err;
-
-                /* we are in this state */
-                s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
-                /* put the 5 bytes we have read into the input buffer
-                 * for SSLv3 */
-                s->rstate=SSL_ST_READ_HEADER;
-                s->packet_length=n;
-                s->packet= &(s->s3->rbuf.buf[0]);
-                memcpy(s->packet,buf,n);
-                s->s3->rbuf.left=n;
-                s->s3->rbuf.offset=0;
-
-                if ((p[2] == SSL3_VERSION_MINOR) &&
-                        !(s->options & SSL_OP_NO_SSLv3))
-                        {
-#ifdef OPENSSL_FIPS
-                        if(FIPS_mode())
-                                {
-                                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                                goto err;
-                                }
-#endif
-                        s->version=SSL3_VERSION;
-                        s->method=SSLv3_client_method();
-                        }
-                else if ((p[2] == TLS1_VERSION_MINOR) &&
-                        !(s->options & SSL_OP_NO_TLSv1))
-                        {
-                        s->version=TLS1_VERSION;
-                        s->method=TLSv1_client_method();
-                        }
-                else
-                        {
-                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-                        goto err;
-                        }
-                        
-                s->handshake_func=s->method->ssl_connect;
-                }
-        else if ((p[0] == SSL3_RT_ALERT) &&
-                 (p[1] == SSL3_VERSION_MAJOR) &&
-                 ((p[2] == SSL3_VERSION_MINOR) ||
-                  (p[2] == TLS1_VERSION_MINOR)) &&
-                 (p[3] == 0) &&
-                 (p[4] == 2))
-                {
-                void (*cb)(const SSL *ssl,int type,int val)=NULL;
-                int j;
-
-                /* An alert */
-                if (s->info_callback != NULL)
-                        cb=s->info_callback;
-                else if (s->ctx->info_callback != NULL)
-                        cb=s->ctx->info_callback;
- 
-                i=p[5];
-                if (cb != NULL)
-                        {
-                        j=(i<<8)|p[6];
-                        cb(s,SSL_CB_READ_ALERT,j);
-                        }
-
-                s->rwstate=SSL_NOTHING;
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
-                goto err;
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-                goto err;
-                }
-        s->init_num=0;
-
-        /* Since, if we are sending a ssl23 client hello, we are not
-         * reusing a session-id */
-        if (!ssl_get_new_session(s,0))
-                goto err;
-
-        s->first_packet=1;
-        return(SSL_connect(s));
-err:
-        return(-1);
-        }
-
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index 8d7dbcf569..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static int ssl23_num_ciphers(void );
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, void *buf, int len);
-static int ssl23_peek(SSL *s, void *buf, int len);
-static int ssl23_write(SSL *s, const void *buf, int len);
-static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
-
-static SSL_METHOD SSLv23_data= {
-        TLS1_VERSION,
-        tls1_new,
-        tls1_clear,
-        tls1_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl23_read,
-        ssl23_peek,
-        ssl23_write,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl_ok,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl23_get_cipher_by_char,
-        ssl23_put_cipher_by_char,
-        ssl_undefined_const_function,
-        ssl23_num_ciphers,
-        ssl23_get_cipher,
-        ssl_bad_method,
-        ssl23_default_timeout,
-        &ssl3_undef_enc_method,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long ssl23_default_timeout(void)
-        {
-        return(300);
-        }
-
-SSL_METHOD *sslv23_base_method(void)
-        {
-        return(&SSLv23_data);
-        }
-
-static int ssl23_num_ciphers(void)
-        {
-        return(ssl3_num_ciphers()
-#ifndef OPENSSL_NO_SSL2
-               + ssl2_num_ciphers()
-#endif
-            );
-        }
-
-static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
-        {
-        unsigned int uu=ssl3_num_ciphers();
-
-        if (u < uu)
-                return(ssl3_get_cipher(u));
-        else
-#ifndef OPENSSL_NO_SSL2
-                return(ssl2_get_cipher(u-uu));
-#else
-                return(NULL);
-#endif
-        }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
-        {
-        SSL_CIPHER c,*cp;
-        unsigned long id;
-        int n;
-
-        n=ssl3_num_ciphers();
-        id=0x03000000|((unsigned long)p[0]<<16L)|
-                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
-        c.id=id;
-        cp=ssl3_get_cipher_by_char(p);
-#ifndef OPENSSL_NO_SSL2
-        if (cp == NULL)
-                cp=ssl2_get_cipher_by_char(p);
-#endif
-        return(cp);
-        }
-
-static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-        {
-        long l;
-
-        /* We can write SSLv2 and SSLv3 ciphers */
-        if (p != NULL)
-                {
-                l=c->id;
-                p[0]=((unsigned char)(l>>16L))&0xFF;
-                p[1]=((unsigned char)(l>> 8L))&0xFF;
-                p[2]=((unsigned char)(l     ))&0xFF;
-                }
-        return(3);
-        }
-
-static int ssl23_read(SSL *s, void *buf, int len)
-        {
-        int n;
-
-        clear_sys_error();
-        if (SSL_in_init(s) && (!s->in_handshake))
-                {
-                n=s->handshake_func(s);
-                if (n < 0) return(n);
-                if (n == 0)
-                        {
-                        SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return(-1);
-                        }
-                return(SSL_read(s,buf,len));
-                }
-        else
-                {
-                ssl_undefined_function(s);
-                return(-1);
-                }
-        }
-
-static int ssl23_peek(SSL *s, void *buf, int len)
-        {
-        int n;
-
-        clear_sys_error();
-        if (SSL_in_init(s) && (!s->in_handshake))
-                {
-                n=s->handshake_func(s);
-                if (n < 0) return(n);
-                if (n == 0)
-                        {
-                        SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return(-1);
-                        }
-                return(SSL_peek(s,buf,len));
-                }
-        else
-                {
-                ssl_undefined_function(s);
-                return(-1);
-                }
-        }
-
-static int ssl23_write(SSL *s, const void *buf, int len)
-        {
-        int n;
-
-        clear_sys_error();
-        if (SSL_in_init(s) && (!s->in_handshake))
-                {
-                n=s->handshake_func(s);
-                if (n < 0) return(n);
-                if (n == 0)
-                        {
-                        SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return(-1);
-                        }
-                return(SSL_write(s,buf,len));
-                }
-        else
-                {
-                ssl_undefined_function(s);
-                return(-1);
-                }
-        }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-int ssl23_write_bytes(SSL *s)
-        {
-        int i,num,tot;
-        char *buf;
-
-        buf=s->init_buf->data;
-        tot=s->init_off;
-        num=s->init_num;
-        for (;;)
-                {
-                s->rwstate=SSL_WRITING;
-                i=BIO_write(s->wbio,&(buf[tot]),num);
-                if (i <= 0)
-                        {
-                        s->init_off=tot;
-                        s->init_num=num;
-                        return(i);
-                        }
-                s->rwstate=SSL_NOTHING;
-                if (i == num) return(tot+i);
-
-                num-=i;
-                tot+=i;
-                }
-        }
-
-/* return regularly only when we have read (at least) 'n' bytes */
-int ssl23_read_bytes(SSL *s, int n)
-        {
-        unsigned char *p;
-        int j;
-
-        if (s->packet_length < (unsigned int)n)
-                {
-                p=s->packet;
-
-                for (;;)
-                        {
-                        s->rwstate=SSL_READING;
-                        j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
-                                n-s->packet_length);
-                        if (j <= 0)
-                                return(j);
-                        s->rwstate=SSL_NOTHING;
-                        s->packet_length+=j;
-                        if (s->packet_length >= (unsigned int)n)
-                                return(s->packet_length);
-                        }
-                }
-        return(n);
-        }
-
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index b73abc448f..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,600 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static SSL_METHOD *ssl23_get_server_method(int ver)
-        {
-#ifndef OPENSSL_NO_SSL2
-        if (ver == SSL2_VERSION)
-                return(SSLv2_server_method());
-#endif
-        if (ver == SSL3_VERSION)
-                return(SSLv3_server_method());
-        else if (ver == TLS1_VERSION)
-                return(TLSv1_server_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *SSLv23_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv23_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv23_server_data,
-                                (char *)sslv23_base_method(),sizeof(SSL_METHOD));
-                        SSLv23_server_data.ssl_accept=ssl23_accept;
-                        SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv23_server_data);
-        }
-
-int ssl23_accept(SSL *s)
-        {
-        BUF_MEM *buf;
-        unsigned long Time=(unsigned long)time(NULL);
-        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        int ret= -1;
-        int new_state,state;
-
-        RAND_add(&Time,sizeof(Time),0);
-        ERR_clear_error();
-        clear_sys_error();
-
-        if (s->info_callback != NULL)
-                cb=s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-                cb=s->ctx->info_callback;
-        
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-        for (;;)
-                {
-                state=s->state;
-
-                switch(s->state)
-                        {
-                case SSL_ST_BEFORE:
-                case SSL_ST_ACCEPT:
-                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-                case SSL_ST_OK|SSL_ST_ACCEPT:
-
-                        s->server=1;
-                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-                        /* s->version=SSL3_VERSION; */
-                        s->type=SSL_ST_ACCEPT;
-
-                        if (s->init_buf == NULL)
-                                {
-                                if ((buf=BUF_MEM_new()) == NULL)
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                s->init_buf=buf;
-                                }
-
-                        ssl3_init_finished_mac(s);
-
-                        s->state=SSL23_ST_SR_CLNT_HELLO_A;
-                        s->ctx->stats.sess_accept++;
-                        s->init_num=0;
-                        break;
-
-                case SSL23_ST_SR_CLNT_HELLO_A:
-                case SSL23_ST_SR_CLNT_HELLO_B:
-
-                        s->shutdown=0;
-                        ret=ssl23_get_client_hello(s);
-                        if (ret >= 0) cb=NULL;
-                        goto end;
-                        /* break; */
-
-                default:
-                        SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
-                        ret= -1;
-                        goto end;
-                        /* break; */
-                        }
-
-                if ((cb != NULL) && (s->state != state))
-                        {
-                        new_state=s->state;
-                        s->state=state;
-                        cb(s,SSL_CB_ACCEPT_LOOP,1);
-                        s->state=new_state;
-                        }
-                }
-end:
-        s->in_handshake--;
-        if (cb != NULL)
-                cb(s,SSL_CB_ACCEPT_EXIT,ret);
-        return(ret);
-        }
-
-
-int ssl23_get_client_hello(SSL *s)
-        {
-        char buf_space[11]; /* Request this many bytes in initial read.
-                             * We can detect SSL 3.0/TLS 1.0 Client Hellos
-                             * ('type == 3') correctly only when the following
-                             * is in a single record, which is not guaranteed by
-                             * the protocol specification:
-                             * Byte  Content
-                             *  0     type            \
-                             *  1/2   version          > record header
-                             *  3/4   length          /
-                             *  5     msg_type        \
-                             *  6-8   length           > Client Hello message
-                             *  9/10  client_version  /
-                             */
-        char *buf= &(buf_space[0]);
-        unsigned char *p,*d,*d_len,*dd;
-        unsigned int i;
-        unsigned int csl,sil,cl;
-        int n=0,j;
-        int type=0;
-        int v[2];
-
-        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
-                {
-                /* read the initial header */
-                v[0]=v[1]=0;
-
-                if (!ssl3_setup_buffers(s)) goto err;
-
-                n=ssl23_read_bytes(s, sizeof buf_space);
-                if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
-                p=s->packet;
-
-                memcpy(buf,p,n);
-
-                if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
-                        {
-                        /*
-                         * SSLv2 header
-                         */
-                        if ((p[3] == 0x00) && (p[4] == 0x02))
-                                {
-                                v[0]=p[3]; v[1]=p[4];
-                                /* SSLv2 */
-                                if (!(s->options & SSL_OP_NO_SSLv2))
-                                        type=1;
-                                }
-                        else if (p[3] == SSL3_VERSION_MAJOR)
-                                {
-                                v[0]=p[3]; v[1]=p[4];
-                                /* SSLv3/TLSv1 */
-                                if (p[4] >= TLS1_VERSION_MINOR)
-                                        {
-                                        if (!(s->options & SSL_OP_NO_TLSv1))
-                                                {
-                                                s->version=TLS1_VERSION;
-                                                /* type=2; */ /* done later to survive restarts */
-                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
-                                                }
-                                        else if (!(s->options & SSL_OP_NO_SSLv3))
-                                                {
-                                                s->version=SSL3_VERSION;
-                                                /* type=2; */
-                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
-                                                }
-                                        else if (!(s->options & SSL_OP_NO_SSLv2))
-                                                {
-                                                type=1;
-                                                }
-                                        }
-                                else if (!(s->options & SSL_OP_NO_SSLv3))
-                                        {
-                                        s->version=SSL3_VERSION;
-                                        /* type=2; */
-                                        s->state=SSL23_ST_SR_CLNT_HELLO_B;
-                                        }
-                                else if (!(s->options & SSL_OP_NO_SSLv2))
-                                        type=1;
-
-                                }
-                        }
-                else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-                         (p[1] == SSL3_VERSION_MAJOR) &&
-                         (p[5] == SSL3_MT_CLIENT_HELLO) &&
-                         ((p[3] == 0 && p[4] < 5 /* silly record length? */)
-                                || (p[9] == p[1])))
-                        {
-                        /*
-                         * SSLv3 or tls1 header
-                         */
-                        
-                        v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
-                        /* We must look at client_version inside the Client Hello message
-                         * to get the correct minor version.
-                         * However if we have only a pathologically small fragment of the
-                         * Client Hello message, this would be difficult, and we'd have
-                         * to read more records to find out.
-                         * No known SSL 3.0 client fragments ClientHello like this,
-                         * so we simply assume TLS 1.0 to avoid protocol version downgrade
-                         * attacks. */
-                        if (p[3] == 0 && p[4] < 6)
-                                {
-#if 0
-                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
-                                goto err;
-#else
-                                v[1] = TLS1_VERSION_MINOR;
-#endif
-                                }
-                        else
-                                v[1]=p[10]; /* minor version according to client_version */
-                        if (v[1] >= TLS1_VERSION_MINOR)
-                                {
-                                if (!(s->options & SSL_OP_NO_TLSv1))
-                                        {
-                                        s->version=TLS1_VERSION;
-                                        type=3;
-                                        }
-                                else if (!(s->options & SSL_OP_NO_SSLv3))
-                                        {
-                                        s->version=SSL3_VERSION;
-                                        type=3;
-                                        }
-                                }
-                        else
-                                {
-                                /* client requests SSL 3.0 */
-                                if (!(s->options & SSL_OP_NO_SSLv3))
-                                        {
-                                        s->version=SSL3_VERSION;
-                                        type=3;
-                                        }
-                                else if (!(s->options & SSL_OP_NO_TLSv1))
-                                        {
-                                        /* we won't be able to use TLS of course,
-                                         * but this will send an appropriate alert */
-                                        s->version=TLS1_VERSION;
-                                        type=3;
-                                        }
-                                }
-                        }
-                else if ((strncmp("GET ", (char *)p,4) == 0) ||
-                         (strncmp("POST ",(char *)p,5) == 0) ||
-                         (strncmp("HEAD ",(char *)p,5) == 0) ||
-                         (strncmp("PUT ", (char *)p,4) == 0))
-                        {
-                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
-                        goto err;
-                        }
-                else if (strncmp("CONNECT",(char *)p,7) == 0)
-                        {
-                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
-                        goto err;
-                        }
-                }
-
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (s->version < TLS1_VERSION))
-                {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-                }
-#endif
-
-        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
-                {
-                /* we have SSLv3/TLSv1 in an SSLv2 header
-                 * (other cases skip this state) */
-
-                type=2;
-                p=s->packet;
-                v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
-                v[1] = p[4];
-
-                n=((p[0]&0x7f)<<8)|p[1];
-                if (n > (1024*4))
-                        {
-                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-                        goto err;
-                        }
-
-                j=ssl23_read_bytes(s,n+2);
-                if (j <= 0) return(j);
-
-                ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
-                if (s->msg_callback)
-                        s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
-
-                p=s->packet;
-                p+=5;
-                n2s(p,csl);
-                n2s(p,sil);
-                n2s(p,cl);
-                d=(unsigned char *)s->init_buf->data;
-                if ((csl+sil+cl+11) != s->packet_length)
-                        {
-                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
-                        goto err;
-                        }
-
-                /* record header: msg_type ... */
-                *(d++) = SSL3_MT_CLIENT_HELLO;
-                /* ... and length (actual value will be written later) */
-                d_len = d;
-                d += 3;
-
-                /* client_version */
-                *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
-                *(d++) = v[1];
-
-                /* lets populate the random area */
-                /* get the challenge_length */
-                i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
-                memset(d,0,SSL3_RANDOM_SIZE);
-                memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
-                d+=SSL3_RANDOM_SIZE;
-
-                /* no session-id reuse */
-                *(d++)=0;
-
-                /* ciphers */
-                j=0;
-                dd=d;
-                d+=2;
-                for (i=0; i<csl; i+=3)
-                        {
-                        if (p[i] != 0) continue;
-                        *(d++)=p[i+1];
-                        *(d++)=p[i+2];
-                        j+=2;
-                        }
-                s2n(j,dd);
-
-                /* COMPRESSION */
-                *(d++)=1;
-                *(d++)=0;
-                
-                i = (d-(unsigned char *)s->init_buf->data) - 4;
-                l2n3((long)i, d_len);
-
-                /* get the data reused from the init_buf */
-                s->s3->tmp.reuse_message=1;
-                s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
-                s->s3->tmp.message_size=i;
-                }
-
-        /* imaginary new state (for program structure): */
-        /* s->state = SSL23_SR_CLNT_HELLO_C */
-
-        if (type == 1)
-                {
-#ifdef OPENSSL_NO_SSL2
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-                goto err;
-#else
-                /* we are talking sslv2 */
-                /* we need to clean up the SSLv3/TLSv1 setup and put in the
-                 * sslv2 stuff. */
-
-                if (s->s2 == NULL)
-                        {
-                        if (!ssl2_new(s))
-                                goto err;
-                        }
-                else
-                        ssl2_clear(s);
-
-                if (s->s3 != NULL) ssl3_free(s);
-
-                if (!BUF_MEM_grow_clean(s->init_buf,
-                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-                        {
-                        goto err;
-                        }
-
-                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-                if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-                        s->s2->ssl2_rollback=0;
-                else
-                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
-                        s->s2->ssl2_rollback=1;
-
-                /* setup the n bytes we have read so we get them from
-                 * the sslv2 buffer */
-                s->rstate=SSL_ST_READ_HEADER;
-                s->packet_length=n;
-                s->packet= &(s->s2->rbuf[0]);
-                memcpy(s->packet,buf,n);
-                s->s2->rbuf_left=n;
-                s->s2->rbuf_offs=0;
-
-                s->method=SSLv2_server_method();
-                s->handshake_func=s->method->ssl_accept;
-#endif
-                }
-
-        if ((type == 2) || (type == 3))
-                {
-                /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
-
-                if (!ssl_init_wbio_buffer(s,1)) goto err;
-
-                /* we are in this state */
-                s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
-                if (type == 3)
-                        {
-                        /* put the 'n' bytes we have read into the input buffer
-                         * for SSLv3 */
-                        s->rstate=SSL_ST_READ_HEADER;
-                        s->packet_length=n;
-                        s->packet= &(s->s3->rbuf.buf[0]);
-                        memcpy(s->packet,buf,n);
-                        s->s3->rbuf.left=n;
-                        s->s3->rbuf.offset=0;
-                        }
-                else
-                        {
-                        s->packet_length=0;
-                        s->s3->rbuf.left=0;
-                        s->s3->rbuf.offset=0;
-                        }
-
-                if (s->version == TLS1_VERSION)
-                        s->method = TLSv1_server_method();
-                else
-                        s->method = SSLv3_server_method();
-#if 0 /* ssl3_get_client_hello does this */
-                s->client_version=(v[0]<<8)|v[1];
-#endif
-                s->handshake_func=s->method->ssl_accept;
-                }
-        
-        if ((type < 1) || (type > 3))
-                {
-                /* bad, very bad */
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-                goto err;
-                }
-        s->init_num=0;
-
-        if (buf != buf_space) OPENSSL_free(buf);
-        s->first_packet=1;
-        return(SSL_accept(s));
-err:
-        if (buf != buf_space) OPENSSL_free(buf);
-        return(-1);
-        }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index 64d317b7ac..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,635 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int ssl3_do_write(SSL *s, int type)
-        {
-        int ret;
-
-        ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
-                             s->init_num);
-        if (ret < 0) return(-1);
-        if (type == SSL3_RT_HANDSHAKE)
-                /* should not be done for 'Hello Request's, but in that case
-                 * we'll ignore the result anyway */
-                ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
-        
-        if (ret == s->init_num)
-                {
-                if (s->msg_callback)
-                        s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
-                return(1);
-                }
-        s->init_off+=ret;
-        s->init_num-=ret;
-        return(0);
-        }
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-        {
-        unsigned char *p,*d;
-        int i;
-        unsigned long l;
-
-        if (s->state == a)
-                {
-                d=(unsigned char *)s->init_buf->data;
-                p= &(d[4]);
-
-                i=s->method->ssl3_enc->final_finish_mac(s,
-                        &(s->s3->finish_dgst1),
-                        &(s->s3->finish_dgst2),
-                        sender,slen,s->s3->tmp.finish_md);
-                s->s3->tmp.finish_md_len = i;
-                memcpy(p, s->s3->tmp.finish_md, i);
-                p+=i;
-                l=i;
-
-#ifdef OPENSSL_SYS_WIN16
-                /* MSVC 1.5 does not clear the top bytes of the word unless
-                 * I do this.
-                 */
-                l&=0xffff;
-#endif
-
-                *(d++)=SSL3_MT_FINISHED;
-                l2n3(l,d);
-                s->init_num=(int)l+4;
-                s->init_off=0;
-
-                s->state=b;
-                }
-
-        /* SSL3_ST_SEND_xxxxxx_HELLO_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
-
-int ssl3_get_finished(SSL *s, int a, int b)
-        {
-        int al,i,ok;
-        long n;
-        unsigned char *p;
-
-        /* the mac has already been generated when we received the
-         * change cipher spec message and is in s->s3->tmp.peer_finish_md
-         */ 
-
-        n=ssl3_get_message(s,
-                a,
-                b,
-                SSL3_MT_FINISHED,
-                64, /* should actually be 36+4 :-) */
-                &ok);
-
-        if (!ok) return((int)n);
-
-        /* If this occurs, we have missed a message */
-        if (!s->s3->change_cipher_spec)
-                {
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-                goto f_err;
-                }
-        s->s3->change_cipher_spec=0;
-
-        p = (unsigned char *)s->init_msg;
-        i = s->s3->tmp.peer_finish_md_len;
-
-        if (i != n)
-                {
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
-                goto f_err;
-                }
-
-        if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
-                {
-                al=SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
-                goto f_err;
-                }
-
-        return(1);
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-        return(0);
-        }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
- * ssl->s3->read_mac_secret             re-init
- * ssl->session->read_sym_enc           assign
- * ssl->session->read_compression       assign
- * ssl->session->read_hash              assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
-        { 
-        unsigned char *p;
-
-        if (s->state == a)
-                {
-                p=(unsigned char *)s->init_buf->data;
-                *p=SSL3_MT_CCS;
-                s->init_num=1;
-                s->init_off=0;
-
-                s->state=b;
-                }
-
-        /* SSL3_ST_CW_CHANGE_B */
-        return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
-        }
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
-        {
-        unsigned char *p;
-        int n,i;
-        unsigned long l=7;
-        BUF_MEM *buf;
-        X509_STORE_CTX xs_ctx;
-        X509_OBJECT obj;
-
-        int no_chain;
-
-        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
-                no_chain = 1;
-        else
-                no_chain = 0;
-
-        /* TLSv1 sends a chain with nothing in it, instead of an alert */
-        buf=s->init_buf;
-        if (!BUF_MEM_grow_clean(buf,10))
-                {
-                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-                return(0);
-                }
-        if (x != NULL)
-                {
-                if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
-                        {
-                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-                        return(0);
-                        }
-
-                for (;;)
-                        {
-                        n=i2d_X509(x,NULL);
-                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
-                                {
-                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-                                return(0);
-                                }
-                        p=(unsigned char *)&(buf->data[l]);
-                        l2n3(n,p);
-                        i2d_X509(x,&p);
-                        l+=n+3;
-
-                        if (no_chain)
-                                break;
-
-                        if (X509_NAME_cmp(X509_get_subject_name(x),
-                                X509_get_issuer_name(x)) == 0) break;
-
-                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
-                                X509_get_issuer_name(x),&obj);
-                        if (i <= 0) break;
-                        x=obj.data.x509;
-                        /* Count is one too high since the X509_STORE_get uped the
-                         * ref count */
-                        X509_free(x);
-                        }
-                if (!no_chain)
-                        X509_STORE_CTX_cleanup(&xs_ctx);
-                }
-
-        /* Thawte special :-) */
-        if (s->ctx->extra_certs != NULL)
-        for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
-                {
-                x=sk_X509_value(s->ctx->extra_certs,i);
-                n=i2d_X509(x,NULL);
-                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
-                        {
-                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-                        return(0);
-                        }
-                p=(unsigned char *)&(buf->data[l]);
-                l2n3(n,p);
-                i2d_X509(x,&p);
-                l+=n+3;
-                }
-
-        l-=7;
-        p=(unsigned char *)&(buf->data[4]);
-        l2n3(l,p);
-        l+=3;
-        p=(unsigned char *)&(buf->data[0]);
-        *(p++)=SSL3_MT_CERTIFICATE;
-        l2n3(l,p);
-        l+=4;
-        return(l);
-        }
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-        {
-        unsigned char *p;
-        unsigned long l;
-        long n;
-        int i,al;
-
-        if (s->s3->tmp.reuse_message)
-                {
-                s->s3->tmp.reuse_message=0;
-                if ((mt >= 0) && (s->s3->tmp.message_type != mt))
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
-                        goto f_err;
-                        }
-                *ok=1;
-                s->init_msg = s->init_buf->data + 4;
-                s->init_num = (int)s->s3->tmp.message_size;
-                return s->init_num;
-                }
-
-        p=(unsigned char *)s->init_buf->data;
-
-        if (s->state == st1) /* s->init_num < 4 */
-                {
-                int skip_message;
-
-                do
-                        {
-                        while (s->init_num < 4)
-                                {
-                                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
-                                        4 - s->init_num, 0);
-                                if (i <= 0)
-                                        {
-                                        s->rwstate=SSL_READING;
-                                        *ok = 0;
-                                        return i;
-                                        }
-                                s->init_num+=i;
-                                }
-                        
-                        skip_message = 0;
-                        if (!s->server)
-                                if (p[0] == SSL3_MT_HELLO_REQUEST)
-                                        /* The server may always send 'Hello Request' messages --
-                                         * we are doing a handshake anyway now, so ignore them
-                                         * if their format is correct. Does not count for
-                                         * 'Finished' MAC. */
-                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
-                                                {
-                                                s->init_num = 0;
-                                                skip_message = 1;
-
-                                                if (s->msg_callback)
-                                                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
-                                                }
-                        }
-                while (skip_message);
-
-                /* s->init_num == 4 */
-
-                if ((mt >= 0) && (*p != mt))
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
-                        goto f_err;
-                        }
-                if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
-                                        (st1 == SSL3_ST_SR_CERT_A) &&
-                                        (stn == SSL3_ST_SR_CERT_B))
-                        {
-                        /* At this point we have got an MS SGC second client
-                         * hello (maybe we should always allow the client to
-                         * start a new handshake?). We need to restart the mac.
-                         * Don't increment {num,total}_renegotiations because
-                         * we have not completed the handshake. */
-                        ssl3_init_finished_mac(s);
-                        }
-
-                s->s3->tmp.message_type= *(p++);
-
-                n2l3(p,l);
-                if (l > (unsigned long)max)
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                        goto f_err;
-                        }
-                if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                        goto f_err;
-                        }
-                if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
-                        goto err;
-                        }
-                s->s3->tmp.message_size=l;
-                s->state=stn;
-
-                s->init_msg = s->init_buf->data + 4;
-                s->init_num = 0;
-                }
-
-        /* next state (stn) */
-        p = s->init_msg;
-        n = s->s3->tmp.message_size - s->init_num;
-        while (n > 0)
-                {
-                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
-                if (i <= 0)
-                        {
-                        s->rwstate=SSL_READING;
-                        *ok = 0;
-                        return i;
-                        }
-                s->init_num += i;
-                n -= i;
-                }
-        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-        if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
-        *ok=1;
-        return s->init_num;
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        *ok=0;
-        return(-1);
-        }
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
-        {
-        EVP_PKEY *pk;
-        int ret= -1,i,j;
-
-        if (pkey == NULL)
-                pk=X509_get_pubkey(x);
-        else
-                pk=pkey;
-        if (pk == NULL) goto err;
-
-        i=pk->type;
-        if (i == EVP_PKEY_RSA)
-                {
-                ret=SSL_PKEY_RSA_ENC;
-                if (x != NULL)
-                        {
-                        j=X509_get_ext_count(x);
-                        /* check to see if this is a signing only certificate */
-                        /* EAY EAY EAY EAY */
-                        }
-                }
-        else if (i == EVP_PKEY_DSA)
-                {
-                ret=SSL_PKEY_DSA_SIGN;
-                }
-        else if (i == EVP_PKEY_DH)
-                {
-                /* if we just have a key, we needs to be guess */
-
-                if (x == NULL)
-                        ret=SSL_PKEY_DH_DSA;
-                else
-                        {
-                        j=X509_get_signature_type(x);
-                        if (j == EVP_PKEY_RSA)
-                                ret=SSL_PKEY_DH_RSA;
-                        else if (j== EVP_PKEY_DSA)
-                                ret=SSL_PKEY_DH_DSA;
-                        else ret= -1;
-                        }
-                }
-        else
-                ret= -1;
-
-err:
-        if(!pkey) EVP_PKEY_free(pk);
-        return(ret);
-        }
-
-int ssl_verify_alarm_type(long type)
-        {
-        int al;
-
-        switch(type)
-                {
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-        case X509_V_ERR_UNABLE_TO_GET_CRL:
-        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-                al=SSL_AD_UNKNOWN_CA;
-                break;
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-        case X509_V_ERR_CRL_NOT_YET_VALID:
-        case X509_V_ERR_CERT_UNTRUSTED:
-        case X509_V_ERR_CERT_REJECTED:
-                al=SSL_AD_BAD_CERTIFICATE;
-                break;
-        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-                al=SSL_AD_DECRYPT_ERROR;
-                break;
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-        case X509_V_ERR_CRL_HAS_EXPIRED:
-                al=SSL_AD_CERTIFICATE_EXPIRED;
-                break;
-        case X509_V_ERR_CERT_REVOKED:
-                al=SSL_AD_CERTIFICATE_REVOKED;
-                break;
-        case X509_V_ERR_OUT_OF_MEM:
-                al=SSL_AD_INTERNAL_ERROR;
-                break;
-        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        case X509_V_ERR_INVALID_CA:
-                al=SSL_AD_UNKNOWN_CA;
-                break;
-        case X509_V_ERR_APPLICATION_VERIFICATION:
-                al=SSL_AD_HANDSHAKE_FAILURE;
-                break;
-        case X509_V_ERR_INVALID_PURPOSE:
-                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
-                break;
-        default:
-                al=SSL_AD_CERTIFICATE_UNKNOWN;
-                break;
-                }
-        return(al);
-        }
-
-int ssl3_setup_buffers(SSL *s)
-        {
-        unsigned char *p;
-        unsigned int extra;
-        size_t len;
-
-        if (s->s3->rbuf.buf == NULL)
-                {
-                if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-                        extra=SSL3_RT_MAX_EXTRA;
-                else
-                        extra=0;
-                len = SSL3_RT_MAX_PACKET_SIZE + extra;
-                if ((p=OPENSSL_malloc(len)) == NULL)
-                        goto err;
-                s->s3->rbuf.buf = p;
-                s->s3->rbuf.len = len;
-                }
-
-        if (s->s3->wbuf.buf == NULL)
-                {
-                len = SSL3_RT_MAX_PACKET_SIZE;
-                len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
-                if ((p=OPENSSL_malloc(len)) == NULL)
-                        goto err;
-                s->s3->wbuf.buf = p;
-                s->s3->wbuf.len = len;
-                }
-        s->packet= &(s->s3->rbuf.buf[0]);
-        return(1);
-err:
-        SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
-        return(0);
-        }
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index 4163d97944..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,1985 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/fips.h>
-
-static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ssl3_client_hello(SSL *s);
-static int ssl3_get_server_hello(SSL *s);
-static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-static int ssl3_get_server_done(SSL *s);
-static int ssl3_send_client_verify(SSL *s);
-static int ssl3_send_client_certificate(SSL *s);
-static int ssl3_send_client_key_exchange(SSL *s);
-static int ssl3_get_key_exchange(SSL *s);
-static int ssl3_get_server_certificate(SSL *s);
-static int ssl3_check_cert_and_algorithm(SSL *s);
-static SSL_METHOD *ssl3_get_client_method(int ver)
-        {
-        if (ver == SSL3_VERSION)
-                return(SSLv3_client_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *SSLv3_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv3_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-                                sizeof(SSL_METHOD));
-                        SSLv3_client_data.ssl_connect=ssl3_connect;
-                        SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv3_client_data);
-        }
-
-int ssl3_connect(SSL *s)
-        {
-        BUF_MEM *buf=NULL;
-        unsigned long Time=(unsigned long)time(NULL),l;
-        long num1;
-        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        int ret= -1;
-        int new_state,state,skip=0;
-
-        RAND_add(&Time,sizeof(Time),0);
-        ERR_clear_error();
-        clear_sys_error();
-
-        if (s->info_callback != NULL)
-                cb=s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-                cb=s->ctx->info_callback;
-        
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-        for (;;)
-                {
-                state=s->state;
-
-                switch(s->state)
-                        {
-                case SSL_ST_RENEGOTIATE:
-                        s->new_session=1;
-                        s->state=SSL_ST_CONNECT;
-                        s->ctx->stats.sess_connect_renegotiate++;
-                        /* break */
-                case SSL_ST_BEFORE:
-                case SSL_ST_CONNECT:
-                case SSL_ST_BEFORE|SSL_ST_CONNECT:
-                case SSL_ST_OK|SSL_ST_CONNECT:
-
-                        s->server=0;
-                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-                        if ((s->version & 0xff00 ) != 0x0300)
-                                {
-                                SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
-                                ret = -1;
-                                goto end;
-                                }
-                                
-                        /* s->version=SSL3_VERSION; */
-                        s->type=SSL_ST_CONNECT;
-
-                        if (s->init_buf == NULL)
-                                {
-                                if ((buf=BUF_MEM_new()) == NULL)
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                s->init_buf=buf;
-                                buf=NULL;
-                                }
-
-                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
-                        /* setup buffing BIO */
-                        if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
-                        /* don't push the buffering BIO quite yet */
-
-                        ssl3_init_finished_mac(s);
-
-                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
-                        s->ctx->stats.sess_connect++;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CW_CLNT_HELLO_A:
-                case SSL3_ST_CW_CLNT_HELLO_B:
-
-                        s->shutdown=0;
-                        ret=ssl3_client_hello(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CR_SRVR_HELLO_A;
-                        s->init_num=0;
-
-                        /* turn on buffering for the next lot of output */
-                        if (s->bbio != s->wbio)
-                                s->wbio=BIO_push(s->bbio,s->wbio);
-
-                        break;
-
-                case SSL3_ST_CR_SRVR_HELLO_A:
-                case SSL3_ST_CR_SRVR_HELLO_B:
-                        ret=ssl3_get_server_hello(s);
-                        if (ret <= 0) goto end;
-                        if (s->hit)
-                                s->state=SSL3_ST_CR_FINISHED_A;
-                        else
-                                s->state=SSL3_ST_CR_CERT_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CR_CERT_A:
-                case SSL3_ST_CR_CERT_B:
-                        /* Check if it is anon DH */
-                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
-                                {
-                                ret=ssl3_get_server_certificate(s);
-                                if (ret <= 0) goto end;
-                                }
-                        else
-                                skip=1;
-                        s->state=SSL3_ST_CR_KEY_EXCH_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CR_KEY_EXCH_A:
-                case SSL3_ST_CR_KEY_EXCH_B:
-                        ret=ssl3_get_key_exchange(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CR_CERT_REQ_A;
-                        s->init_num=0;
-
-                        /* at this point we check that we have the
-                         * required stuff from the server */
-                        if (!ssl3_check_cert_and_algorithm(s))
-                                {
-                                ret= -1;
-                                goto end;
-                                }
-                        break;
-
-                case SSL3_ST_CR_CERT_REQ_A:
-                case SSL3_ST_CR_CERT_REQ_B:
-                        ret=ssl3_get_certificate_request(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CR_SRVR_DONE_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CR_SRVR_DONE_A:
-                case SSL3_ST_CR_SRVR_DONE_B:
-                        ret=ssl3_get_server_done(s);
-                        if (ret <= 0) goto end;
-                        if (s->s3->tmp.cert_req)
-                                s->state=SSL3_ST_CW_CERT_A;
-                        else
-                                s->state=SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num=0;
-
-                        break;
-
-                case SSL3_ST_CW_CERT_A:
-                case SSL3_ST_CW_CERT_B:
-                case SSL3_ST_CW_CERT_C:
-                case SSL3_ST_CW_CERT_D:
-                        ret=ssl3_send_client_certificate(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CW_KEY_EXCH_A:
-                case SSL3_ST_CW_KEY_EXCH_B:
-                        ret=ssl3_send_client_key_exchange(s);
-                        if (ret <= 0) goto end;
-                        l=s->s3->tmp.new_cipher->algorithms;
-                        /* EAY EAY EAY need to check for DH fix cert
-                         * sent back */
-                        /* For TLS, cert_req is set to 2, so a cert chain
-                         * of nothing is sent, but no verify packet is sent */
-                        if (s->s3->tmp.cert_req == 1)
-                                {
-                                s->state=SSL3_ST_CW_CERT_VRFY_A;
-                                }
-                        else
-                                {
-                                s->state=SSL3_ST_CW_CHANGE_A;
-                                s->s3->change_cipher_spec=0;
-                                }
-
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CW_CERT_VRFY_A:
-                case SSL3_ST_CW_CERT_VRFY_B:
-                        ret=ssl3_send_client_verify(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CW_CHANGE_A;
-                        s->init_num=0;
-                        s->s3->change_cipher_spec=0;
-                        break;
-
-                case SSL3_ST_CW_CHANGE_A:
-                case SSL3_ST_CW_CHANGE_B:
-                        ret=ssl3_send_change_cipher_spec(s,
-                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CW_FINISHED_A;
-                        s->init_num=0;
-
-                        s->session->cipher=s->s3->tmp.new_cipher;
-                        if (s->s3->tmp.new_compression == NULL)
-                                s->session->compress_meth=0;
-                        else
-                                s->session->compress_meth=
-                                        s->s3->tmp.new_compression->id;
-                        if (!s->method->ssl3_enc->setup_key_block(s))
-                                {
-                                ret= -1;
-                                goto end;
-                                }
-
-                        if (!s->method->ssl3_enc->change_cipher_state(s,
-                                SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-                                {
-                                ret= -1;
-                                goto end;
-                                }
-
-                        break;
-
-                case SSL3_ST_CW_FINISHED_A:
-                case SSL3_ST_CW_FINISHED_B:
-                        ret=ssl3_send_finished(s,
-                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
-                                s->method->ssl3_enc->client_finished_label,
-                                s->method->ssl3_enc->client_finished_label_len);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_CW_FLUSH;
-
-                        /* clear flags */
-                        s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-                        if (s->hit)
-                                {
-                                s->s3->tmp.next_state=SSL_ST_OK;
-                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-                                        {
-                                        s->state=SSL_ST_OK;
-                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-                                        s->s3->delay_buf_pop_ret=0;
-                                        }
-                                }
-                        else
-                                {
-                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-                                }
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CR_FINISHED_A:
-                case SSL3_ST_CR_FINISHED_B:
-
-                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
-                                SSL3_ST_CR_FINISHED_B);
-                        if (ret <= 0) goto end;
-
-                        if (s->hit)
-                                s->state=SSL3_ST_CW_CHANGE_A;
-                        else
-                                s->state=SSL_ST_OK;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_CW_FLUSH:
-                        /* number of bytes to be flushed */
-                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                        if (num1 > 0)
-                                {
-                                s->rwstate=SSL_WRITING;
-                                num1=BIO_flush(s->wbio);
-                                if (num1 <= 0) { ret= -1; goto end; }
-                                s->rwstate=SSL_NOTHING;
-                                }
-
-                        s->state=s->s3->tmp.next_state;
-                        break;
-
-                case SSL_ST_OK:
-                        /* clean a few things up */
-                        ssl3_cleanup_key_block(s);
-
-                        if (s->init_buf != NULL)
-                                {
-                                BUF_MEM_free(s->init_buf);
-                                s->init_buf=NULL;
-                                }
-
-                        /* If we are not 'joining' the last two packets,
-                         * remove the buffering now */
-                        if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                                ssl_free_wbio_buffer(s);
-                        /* else do it later in ssl3_write */
-
-                        s->init_num=0;
-                        s->new_session=0;
-
-                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-                        if (s->hit) s->ctx->stats.sess_hit++;
-
-                        ret=1;
-                        /* s->server=0; */
-                        s->handshake_func=ssl3_connect;
-                        s->ctx->stats.sess_connect_good++;
-
-                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
-                        goto end;
-                        /* break; */
-                        
-                default:
-                        SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
-                        ret= -1;
-                        goto end;
-                        /* break; */
-                        }
-
-                /* did we do anything */
-                if (!s->s3->tmp.reuse_message && !skip)
-                        {
-                        if (s->debug)
-                                {
-                                if ((ret=BIO_flush(s->wbio)) <= 0)
-                                        goto end;
-                                }
-
-                        if ((cb != NULL) && (s->state != state))
-                                {
-                                new_state=s->state;
-                                s->state=state;
-                                cb(s,SSL_CB_CONNECT_LOOP,1);
-                                s->state=new_state;
-                                }
-                        }
-                skip=0;
-                }
-end:
-        s->in_handshake--;
-        if (buf != NULL)
-                BUF_MEM_free(buf);
-        if (cb != NULL)
-                cb(s,SSL_CB_CONNECT_EXIT,ret);
-        return(ret);
-        }
-
-
-static int ssl3_client_hello(SSL *s)
-        {
-        unsigned char *buf;
-        unsigned char *p,*d;
-        int i,j;
-        unsigned long Time,l;
-        SSL_COMP *comp;
-
-        buf=(unsigned char *)s->init_buf->data;
-        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
-                {
-                if ((s->session == NULL) ||
-                        (s->session->ssl_version != s->version) ||
-                        (s->session->not_resumable))
-                        {
-                        if (!ssl_get_new_session(s,0))
-                                goto err;
-                        }
-                /* else use the pre-loaded session */
-
-                p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
-                    goto err;
-
-                /* Do the message type and length last */
-                d=p= &(buf[4]);
-
-                *(p++)=s->version>>8;
-                *(p++)=s->version&0xff;
-                s->client_version=s->version;
-
-                /* Random stuff */
-                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-
-                /* Session ID */
-                if (s->new_session)
-                        i=0;
-                else
-                        i=s->session->session_id_length;
-                *(p++)=i;
-                if (i != 0)
-                        {
-                        if (i > sizeof s->session->session_id)
-                                {
-                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        memcpy(p,s->session->session_id,i);
-                        p+=i;
-                        }
-                
-                /* Ciphers supported */
-                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
-                if (i == 0)
-                        {
-                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-                        goto err;
-                        }
-                s2n(i,p);
-                p+=i;
-
-                /* COMPRESSION */
-                if (s->ctx->comp_methods == NULL)
-                        j=0;
-                else
-                        j=sk_SSL_COMP_num(s->ctx->comp_methods);
-                *(p++)=1+j;
-                for (i=0; i<j; i++)
-                        {
-                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
-                        *(p++)=comp->id;
-                        }
-                *(p++)=0; /* Add the NULL method */
-                
-                l=(p-d);
-                d=buf;
-                *(d++)=SSL3_MT_CLIENT_HELLO;
-                l2n3(l,d);
-
-                s->state=SSL3_ST_CW_CLNT_HELLO_B;
-                /* number of bytes to write */
-                s->init_num=p-buf;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-        return(-1);
-        }
-
-static int ssl3_get_server_hello(SSL *s)
-        {
-        STACK_OF(SSL_CIPHER) *sk;
-        SSL_CIPHER *c;
-        unsigned char *p,*d;
-        int i,al,ok;
-        unsigned int j;
-        long n;
-        SSL_COMP *comp;
-
-        n=ssl3_get_message(s,
-                SSL3_ST_CR_SRVR_HELLO_A,
-                SSL3_ST_CR_SRVR_HELLO_B,
-                SSL3_MT_SERVER_HELLO,
-                300, /* ?? */
-                &ok);
-
-        if (!ok) return((int)n);
-        d=p=(unsigned char *)s->init_msg;
-
-        if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
-                {
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
-                s->version=(s->version&0xff00)|p[1];
-                al=SSL_AD_PROTOCOL_VERSION;
-                goto f_err;
-                }
-        p+=2;
-
-        /* load the server hello data */
-        /* load the server random */
-        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-
-        /* get the session-id */
-        j= *(p++);
-
-        if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
-                {
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
-                goto f_err;
-                }
-
-        if (j != 0 && j == s->session->session_id_length
-            && memcmp(p,s->session->session_id,j) == 0)
-            {
-            if(s->sid_ctx_length != s->session->sid_ctx_length
-               || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
-                {
-                /* actually a client application bug */
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-                goto f_err;
-                }
-            s->hit=1;
-            }
-        else    /* a miss or crap from the other end */
-                {
-                /* If we were trying for session-id reuse, make a new
-                 * SSL_SESSION so we don't stuff up other people */
-                s->hit=0;
-                if (s->session->session_id_length > 0)
-                        {
-                        if (!ssl_get_new_session(s,0))
-                                {
-                                al=SSL_AD_INTERNAL_ERROR;
-                                goto f_err;
-                                }
-                        }
-                s->session->session_id_length=j;
-                memcpy(s->session->session_id,p,j); /* j could be 0 */
-                }
-        p+=j;
-        c=ssl_get_cipher_by_char(s,p);
-        if (c == NULL)
-                {
-                /* unknown cipher */
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
-                goto f_err;
-                }
-        p+=ssl_put_cipher_by_char(s,NULL,NULL);
-
-        sk=ssl_get_ciphers_by_id(s);
-        i=sk_SSL_CIPHER_find(sk,c);
-        if (i < 0)
-                {
-                /* we did not say we would use this cipher */
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
-                goto f_err;
-                }
-
-        /* Depending on the session caching (internal/external), the cipher
-           and/or cipher_id values may not be set. Make sure that
-           cipher_id is set and use it for comparison. */
-        if (s->session->cipher)
-                s->session->cipher_id = s->session->cipher->id;
-        if (s->hit && (s->session->cipher_id != c->id))
-                {
-                if (!(s->options &
-                        SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
-                        goto f_err;
-                        }
-                }
-        s->s3->tmp.new_cipher=c;
-
-        /* lets get the compression algorithm */
-        /* COMPRESSION */
-        j= *(p++);
-        if (j == 0)
-                comp=NULL;
-        else
-                comp=ssl3_comp_find(s->ctx->comp_methods,j);
-        
-        if ((j != 0) && (comp == NULL))
-                {
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-                goto f_err;
-                }
-        else
-                {
-                s->s3->tmp.new_compression=comp;
-                }
-
-        if (p != (d+n))
-                {
-                /* wrong packet length */
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
-                goto err;
-                }
-
-        return(1);
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        return(-1);
-        }
-
-static int ssl3_get_server_certificate(SSL *s)
-        {
-        int al,i,ok,ret= -1;
-        unsigned long n,nc,llen,l;
-        X509 *x=NULL;
-        unsigned char *p,*d,*q;
-        STACK_OF(X509) *sk=NULL;
-        SESS_CERT *sc;
-        EVP_PKEY *pkey=NULL;
-        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
-
-        n=ssl3_get_message(s,
-                SSL3_ST_CR_CERT_A,
-                SSL3_ST_CR_CERT_B,
-                -1,
-                s->max_cert_list,
-                &ok);
-
-        if (!ok) return((int)n);
-
-        if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
-                {
-                s->s3->tmp.reuse_message=1;
-                return(1);
-                }
-
-        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
-                {
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
-                goto f_err;
-                }
-        d=p=(unsigned char *)s->init_msg;
-
-        if ((sk=sk_X509_new_null()) == NULL)
-                {
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        n2l3(p,llen);
-        if (llen+3 != n)
-                {
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
-                goto f_err;
-                }
-        for (nc=0; nc<llen; )
-                {
-                n2l3(p,l);
-                if ((l+nc+3) > llen)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
-
-                q=p;
-                x=d2i_X509(NULL,&q,l);
-                if (x == NULL)
-                        {
-                        al=SSL_AD_BAD_CERTIFICATE;
-                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
-                        goto f_err;
-                        }
-                if (q != (p+l))
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
-                if (!sk_X509_push(sk,x))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                x=NULL;
-                nc+=l+3;
-                p=q;
-                }
-
-        i=ssl_verify_cert_chain(s,sk);
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
-#ifndef OPENSSL_NO_KRB5
-                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                != (SSL_aKRB5|SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
-                )
-                {
-                al=ssl_verify_alarm_type(s->verify_result);
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
-                goto f_err; 
-                }
-        ERR_clear_error(); /* but we keep s->verify_result */
-
-        sc=ssl_sess_cert_new();
-        if (sc == NULL) goto err;
-
-        if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
-        s->session->sess_cert=sc;
-
-        sc->cert_chain=sk;
-        /* Inconsistency alert: cert_chain does include the peer's
-         * certificate, which we don't include in s3_srvr.c */
-        x=sk_X509_value(sk,0);
-        sk=NULL;
-        /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
-
-        pkey=X509_get_pubkey(x);
-
-        /* VRS: allow null cert if auth == KRB5 */
-        need_cert =     ((s->s3->tmp.new_cipher->algorithms
-                        & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                        == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
-
-#ifdef KSSL_DEBUG
-        printf("pkey,x = %p, %p\n", pkey,x);
-        printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
-        printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
-                s->s3->tmp.new_cipher->algorithms, need_cert);
-#endif    /* KSSL_DEBUG */
-
-        if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
-                {
-                x=NULL;
-                al=SSL3_AL_FATAL;
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                        SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
-                goto f_err;
-                }
-
-        i=ssl_cert_type(x,pkey);
-        if (need_cert && i < 0)
-                {
-                x=NULL;
-                al=SSL3_AL_FATAL;
-                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                        SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                goto f_err;
-                }
-
-        if (need_cert)
-                {
-                sc->peer_cert_type=i;
-                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-                /* Why would the following ever happen?
-                 * We just created sc a couple of lines ago. */
-                if (sc->peer_pkeys[i].x509 != NULL)
-                        X509_free(sc->peer_pkeys[i].x509);
-                sc->peer_pkeys[i].x509=x;
-                sc->peer_key= &(sc->peer_pkeys[i]);
-
-                if (s->session->peer != NULL)
-                        X509_free(s->session->peer);
-                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-                s->session->peer=x;
-                }
-        else
-                {
-                sc->peer_cert_type=i;
-                sc->peer_key= NULL;
-
-                if (s->session->peer != NULL)
-                        X509_free(s->session->peer);
-                s->session->peer=NULL;
-                }
-        s->session->verify_result = s->verify_result;
-
-        x=NULL;
-        ret=1;
-
-        if (0)
-                {
-f_err:
-                ssl3_send_alert(s,SSL3_AL_FATAL,al);
-                }
-err:
-        EVP_PKEY_free(pkey);
-        X509_free(x);
-        sk_X509_pop_free(sk,X509_free);
-        return(ret);
-        }
-
-static int ssl3_get_key_exchange(SSL *s)
-        {
-#ifndef OPENSSL_NO_RSA
-        unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
-        EVP_MD_CTX md_ctx;
-        unsigned char *param,*p;
-        int al,i,j,param_len,ok;
-        long n,alg;
-        EVP_PKEY *pkey=NULL;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-        DH *dh=NULL;
-#endif
-
-        /* use same message size as in ssl3_get_certificate_request()
-         * as ServerKeyExchange message may be skipped */
-        n=ssl3_get_message(s,
-                SSL3_ST_CR_KEY_EXCH_A,
-                SSL3_ST_CR_KEY_EXCH_B,
-                -1,
-                s->max_cert_list,
-                &ok);
-
-        if (!ok) return((int)n);
-
-        if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
-                {
-                s->s3->tmp.reuse_message=1;
-                return(1);
-                }
-
-        param=p=(unsigned char *)s->init_msg;
-
-        if (s->session->sess_cert != NULL)
-                {
-#ifndef OPENSSL_NO_RSA
-                if (s->session->sess_cert->peer_rsa_tmp != NULL)
-                        {
-                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
-                        s->session->sess_cert->peer_rsa_tmp=NULL;
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-                if (s->session->sess_cert->peer_dh_tmp)
-                        {
-                        DH_free(s->session->sess_cert->peer_dh_tmp);
-                        s->session->sess_cert->peer_dh_tmp=NULL;
-                        }
-#endif
-                }
-        else
-                {
-                s->session->sess_cert=ssl_sess_cert_new();
-                }
-
-        param_len=0;
-        alg=s->s3->tmp.new_cipher->algorithms;
-        EVP_MD_CTX_init(&md_ctx);
-
-#ifndef OPENSSL_NO_RSA
-        if (alg & SSL_kRSA)
-                {
-                if ((rsa=RSA_new()) == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                n2s(p,i);
-                param_len=i+2;
-                if (param_len > n)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
-                        goto f_err;
-                        }
-                if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-                        goto err;
-                        }
-                p+=i;
-
-                n2s(p,i);
-                param_len+=i+2;
-                if (param_len > n)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
-                        goto f_err;
-                        }
-                if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-                        goto err;
-                        }
-                p+=i;
-                n-=param_len;
-
-                /* this should be because we are using an export cipher */
-                if (alg & SSL_aRSA)
-                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-                else
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                s->session->sess_cert->peer_rsa_tmp=rsa;
-                rsa=NULL;
-                }
-#else /* OPENSSL_NO_RSA */
-        if (0)
-                ;
-#endif
-#ifndef OPENSSL_NO_DH
-        else if (alg & SSL_kEDH)
-                {
-                if ((dh=DH_new()) == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
-                        goto err;
-                        }
-                n2s(p,i);
-                param_len=i+2;
-                if (param_len > n)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
-                        goto f_err;
-                        }
-                if (!(dh->p=BN_bin2bn(p,i,NULL)))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-                        goto err;
-                        }
-                p+=i;
-
-                n2s(p,i);
-                param_len+=i+2;
-                if (param_len > n)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
-                        goto f_err;
-                        }
-                if (!(dh->g=BN_bin2bn(p,i,NULL)))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-                        goto err;
-                        }
-                p+=i;
-
-                n2s(p,i);
-                param_len+=i+2;
-                if (param_len > n)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
-                        goto f_err;
-                        }
-                if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-                        goto err;
-                        }
-                p+=i;
-                n-=param_len;
-
-#ifndef OPENSSL_NO_RSA
-                if (alg & SSL_aRSA)
-                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-                if (0)
-                        ;
-#endif
-#ifndef OPENSSL_NO_DSA
-                else if (alg & SSL_aDSS)
-                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
-                /* else anonymous DH, so no certificate or pkey. */
-
-                s->session->sess_cert->peer_dh_tmp=dh;
-                dh=NULL;
-                }
-        else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
-                {
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-                goto f_err;
-                }
-#endif /* !OPENSSL_NO_DH */
-        if (alg & SSL_aFZA)
-                {
-                al=SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-                goto f_err;
-                }
-
-
-        /* p points to the next byte, there are 'n' bytes left */
-
-
-        /* if it was signed, check the signature */
-        if (pkey != NULL)
-                {
-                n2s(p,i);
-                n-=2;
-                j=EVP_PKEY_size(pkey);
-
-                if ((i != n) || (n > j) || (n <= 0))
-                        {
-                        /* wrong packet length */
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
-                        goto f_err;
-                        }
-
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        int num;
-
-                        j=0;
-                        q=md_buf;
-                        for (num=2; num > 0; num--)
-                                {
-                                EVP_MD_CTX_set_flags(&md_ctx,
-                                        EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                                EVP_DigestInit_ex(&md_ctx,(num == 2)
-                                        ?s->ctx->md5:s->ctx->sha1, NULL);
-                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                                EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                                EVP_DigestUpdate(&md_ctx,param,param_len);
-                                
-                                EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
-                                q+=i;
-                                j+=i;
-                                }
-                        i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
-                                                                pkey->pkey.rsa);
-                        if (i < 0)
-                                {
-                                al=SSL_AD_DECRYPT_ERROR;
-                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
-                                goto f_err;
-                                }
-                        if (i == 0)
-                                {
-                                /* bad signature */
-                                al=SSL_AD_DECRYPT_ERROR;
-                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
-                                goto f_err;
-                                }
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                        if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        /* lets do DSS */
-                        EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
-                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                        EVP_VerifyUpdate(&md_ctx,param,param_len);
-                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
-                                {
-                                /* bad signature */
-                                al=SSL_AD_DECRYPT_ERROR;
-                                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
-                                goto f_err;
-                                }
-                        }
-                else
-#endif
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                }
-        else
-                {
-                /* still data left over */
-                if (!(alg & SSL_aNULL))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                if (n != 0)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
-                        goto f_err;
-                        }
-                }
-        EVP_PKEY_free(pkey);
-        EVP_MD_CTX_cleanup(&md_ctx);
-        return(1);
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
-        if (rsa != NULL)
-                RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
-        if (dh != NULL)
-                DH_free(dh);
-#endif
-        EVP_MD_CTX_cleanup(&md_ctx);
-        return(-1);
-        }
-
-static int ssl3_get_certificate_request(SSL *s)
-        {
-        int ok,ret=0;
-        unsigned long n,nc,l;
-        unsigned int llen,ctype_num,i;
-        X509_NAME *xn=NULL;
-        unsigned char *p,*d,*q;
-        STACK_OF(X509_NAME) *ca_sk=NULL;
-
-        n=ssl3_get_message(s,
-                SSL3_ST_CR_CERT_REQ_A,
-                SSL3_ST_CR_CERT_REQ_B,
-                -1,
-                s->max_cert_list,
-                &ok);
-
-        if (!ok) return((int)n);
-
-        s->s3->tmp.cert_req=0;
-
-        if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
-                {
-                s->s3->tmp.reuse_message=1;
-                return(1);
-                }
-
-        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
-                {
-                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
-                goto err;
-                }
-
-        /* TLS does not like anon-DH with client cert */
-        if (s->version > SSL3_VERSION)
-                {
-                l=s->s3->tmp.new_cipher->algorithms;
-                if (l & SSL_aNULL)
-                        {
-                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
-                        goto err;
-                        }
-                }
-
-        d=p=(unsigned char *)s->init_msg;
-
-        if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
-                {
-                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        /* get the certificate types */
-        ctype_num= *(p++);
-        if (ctype_num > SSL3_CT_NUMBER)
-                ctype_num=SSL3_CT_NUMBER;
-        for (i=0; i<ctype_num; i++)
-                s->s3->tmp.ctype[i]= p[i];
-        p+=ctype_num;
-
-        /* get the CA RDNs */
-        n2s(p,llen);
-#if 0
-{
-FILE *out;
-out=fopen("/tmp/vsign.der","w");
-fwrite(p,1,llen,out);
-fclose(out);
-}
-#endif
-
-        if ((llen+ctype_num+2+1) != n)
-                {
-                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
-                goto err;
-                }
-
-        for (nc=0; nc<llen; )
-                {
-                n2s(p,l);
-                if ((l+nc+2) > llen)
-                        {
-                        if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-                                goto cont; /* netscape bugs */
-                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
-                        goto err;
-                        }
-
-                q=p;
-
-                if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
-                        {
-                        /* If netscape tolerance is on, ignore errors */
-                        if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-                                goto cont;
-                        else
-                                {
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-                                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
-                                goto err;
-                                }
-                        }
-
-                if (q != (p+l))
-                        {
-                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
-                        goto err;
-                        }
-                if (!sk_X509_NAME_push(ca_sk,xn))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-
-                p+=l;
-                nc+=l+2;
-                }
-
-        if (0)
-                {
-cont:
-                ERR_clear_error();
-                }
-
-        /* we should setup a certificate to return.... */
-        s->s3->tmp.cert_req=1;
-        s->s3->tmp.ctype_num=ctype_num;
-        if (s->s3->tmp.ca_names != NULL)
-                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-        s->s3->tmp.ca_names=ca_sk;
-        ca_sk=NULL;
-
-        ret=1;
-err:
-        if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
-        return(ret);
-        }
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-        {
-        return(X509_NAME_cmp(*a,*b));
-        }
-
-static int ssl3_get_server_done(SSL *s)
-        {
-        int ok,ret=0;
-        long n;
-
-        n=ssl3_get_message(s,
-                SSL3_ST_CR_SRVR_DONE_A,
-                SSL3_ST_CR_SRVR_DONE_B,
-                SSL3_MT_SERVER_DONE,
-                30, /* should be very small, like 0 :-) */
-                &ok);
-
-        if (!ok) return((int)n);
-        if (n > 0)
-                {
-                /* should contain no data */
-                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-                SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
-                return -1;
-                }
-        ret=1;
-        return(ret);
-        }
-
-static int ssl3_send_client_key_exchange(SSL *s)
-        {
-        unsigned char *p,*d;
-        int n;
-        unsigned long l;
-#ifndef OPENSSL_NO_RSA
-        unsigned char *q;
-        EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
-        if (s->state == SSL3_ST_CW_KEY_EXCH_A)
-                {
-                d=(unsigned char *)s->init_buf->data;
-                p= &(d[4]);
-
-                l=s->s3->tmp.new_cipher->algorithms;
-
-                /* Fool emacs indentation */
-                if (0) {}
-#ifndef OPENSSL_NO_RSA
-                else if (l & SSL_kRSA)
-                        {
-                        RSA *rsa;
-                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
-                                rsa=s->session->sess_cert->peer_rsa_tmp;
-                        else
-                                {
-                                pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-                                if ((pkey == NULL) ||
-                                        (pkey->type != EVP_PKEY_RSA) ||
-                                        (pkey->pkey.rsa == NULL))
-                                        {
-                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                                        goto err;
-                                        }
-                                rsa=pkey->pkey.rsa;
-                                EVP_PKEY_free(pkey);
-                                }
-                                
-                        tmp_buf[0]=s->client_version>>8;
-                        tmp_buf[1]=s->client_version&0xff;
-                        if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
-                                        goto err;
-
-                        s->session->master_key_length=sizeof tmp_buf;
-
-                        q=p;
-                        /* Fix buf for TLS and beyond */
-                        if (s->version > SSL3_VERSION)
-                                p+=2;
-                        n=RSA_public_encrypt(sizeof tmp_buf,
-                                tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
-                        if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
-                        if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
-                        if (n <= 0)
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
-                                goto err;
-                                }
-
-                        /* Fix buf for TLS and beyond */
-                        if (s->version > SSL3_VERSION)
-                                {
-                                s2n(n,q);
-                                n+=2;
-                                }
-
-                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
-                                        s->session->master_key,
-                                        tmp_buf,sizeof tmp_buf);
-                        OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
-                        }
-#endif
-#ifndef OPENSSL_NO_KRB5
-                else if (l & SSL_kKRB5)
-                        {
-                        krb5_error_code krb5rc;
-                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
-                        /*  krb5_data   krb5_ap_req;  */
-                        krb5_data       *enc_ticket;
-                        krb5_data       authenticator, *authp = NULL;
-                        EVP_CIPHER_CTX  ciph_ctx;
-                        EVP_CIPHER      *enc = NULL;
-                        unsigned char   iv[EVP_MAX_IV_LENGTH];
-                        unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-                        unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
-                                                + EVP_MAX_IV_LENGTH];
-                        int             padl, outl = sizeof(epms);
-
-                        EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
-                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                                l, SSL_kKRB5);
-#endif  /* KSSL_DEBUG */
-
-                        authp = NULL;
-#ifdef KRB5SENDAUTH
-                        if (KRB5SENDAUTH)  authp = &authenticator;
-#endif  /* KRB5SENDAUTH */
-
-                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
-                                &kssl_err);
-                        enc = kssl_map_enc(kssl_ctx->enctype);
-                        if (enc == NULL)
-                            goto err;
-#ifdef KSSL_DEBUG
-                        {
-                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
-                        if (krb5rc && kssl_err.text)
-                          printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-                        }
-#endif  /* KSSL_DEBUG */
-
-                        if (krb5rc)
-                                {
-                                ssl3_send_alert(s,SSL3_AL_FATAL,
-                                                SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                                kssl_err.reason);
-                                goto err;
-                                }
-
-                        /*  20010406 VRS - Earlier versions used KRB5 AP_REQ
-                        **  in place of RFC 2712 KerberosWrapper, as in:
-                        **
-                        **  Send ticket (copy to *p, set n = length)
-                        **  n = krb5_ap_req.length;
-                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-                        **  if (krb5_ap_req.data)  
-                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-                        **
-                        **  Now using real RFC 2712 KerberosWrapper
-                        **  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
-                        **  Note: 2712 "opaque" types are here replaced
-                        **  with a 2-byte length followed by the value.
-                        **  Example:
-                        **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-                        **  Where "xx xx" = length bytes.  Shown here with
-                        **  optional authenticator omitted.
-                        */
-
-                        /*  KerberosWrapper.Ticket              */
-                        s2n(enc_ticket->length,p);
-                        memcpy(p, enc_ticket->data, enc_ticket->length);
-                        p+= enc_ticket->length;
-                        n = enc_ticket->length + 2;
-
-                        /*  KerberosWrapper.Authenticator       */
-                        if (authp  &&  authp->length)  
-                                {
-                                s2n(authp->length,p);
-                                memcpy(p, authp->data, authp->length);
-                                p+= authp->length;
-                                n+= authp->length + 2;
-                                
-                                free(authp->data);
-                                authp->data = NULL;
-                                authp->length = 0;
-                                }
-                        else
-                                {
-                                s2n(0,p);/*  null authenticator length  */
-                                n+=2;
-                                }
- 
-                        if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
-                            goto err;
-
-                        /*  20010420 VRS.  Tried it this way; failed.
-                        **      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-                        **      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-                        **                              kssl_ctx->length);
-                        **      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-                        */
-
-                        memset(iv, 0, sizeof iv);  /* per RFC 1510 */
-                        EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
-                                kssl_ctx->key,iv);
-                        EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
-                                sizeof tmp_buf);
-                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
-                        outl += padl;
-                        if (outl > sizeof epms)
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-                        /*  KerberosWrapper.EncryptedPreMasterSecret    */
-                        s2n(outl,p);
-                        memcpy(p, epms, outl);
-                        p+=outl;
-                        n+=outl + 2;
-
-                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
-                                        s->session->master_key,
-                                        tmp_buf, sizeof tmp_buf);
-
-                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-                        OPENSSL_cleanse(epms, outl);
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-                else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                        {
-                        DH *dh_srvr,*dh_clnt;
-
-                        if (s->session->sess_cert->peer_dh_tmp != NULL)
-                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
-                        else
-                                {
-                                /* we get them from the cert */
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-                                goto err;
-                                }
-                        
-                        /* generate a new random key */
-                        if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-                                goto err;
-                                }
-                        if (!DH_generate_key(dh_clnt))
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-                                goto err;
-                                }
-
-                        /* use the 'p' output buffer for the DH key, but
-                         * make sure to clear it out afterwards */
-
-                        n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
-                        if (n <= 0)
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-                                goto err;
-                                }
-
-                        /* generate master key from the result */
-                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
-                                        s->session->master_key,p,n);
-                        /* clean up */
-                        memset(p,0,n);
-
-                        /* send off the data */
-                        n=BN_num_bytes(dh_clnt->pub_key);
-                        s2n(n,p);
-                        BN_bn2bin(dh_clnt->pub_key,p);
-                        n+=2;
-
-                        DH_free(dh_clnt);
-
-                        /* perhaps clean things up a bit EAY EAY EAY EAY*/
-                        }
-#endif
-                else
-                        {
-                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                
-                *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-                l2n3(n,d);
-
-                s->state=SSL3_ST_CW_KEY_EXCH_B;
-                /* number of bytes to write */
-                s->init_num=n+4;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_CW_KEY_EXCH_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-        return(-1);
-        }
-
-static int ssl3_send_client_verify(SSL *s)
-        {
-        unsigned char *p,*d;
-        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-        EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
-        unsigned u=0;
-#endif
-        unsigned long n;
-#ifndef OPENSSL_NO_DSA
-        int j;
-#endif
-
-        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
-                {
-                d=(unsigned char *)s->init_buf->data;
-                p= &(d[4]);
-                pkey=s->cert->key->privatekey;
-
-                s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
-                        &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst1),&(data[0]));
-                        if (RSA_sign(NID_md5_sha1, data,
-                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
-                                goto err;
-                                }
-                        s2n(u,p);
-                        n=u+2;
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                        if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        if (!DSA_sign(pkey->save_type,
-                                &(data[MD5_DIGEST_LENGTH]),
-                                SHA_DIGEST_LENGTH,&(p[2]),
-                                (unsigned int *)&j,pkey->pkey.dsa))
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
-                                goto err;
-                                }
-                        s2n(j,p);
-                        n=j+2;
-                        }
-                else
-#endif
-                        {
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
-                        goto err;
-                        }
-                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
-                l2n3(n,d);
-
-                s->state=SSL3_ST_CW_CERT_VRFY_B;
-                s->init_num=(int)n+4;
-                s->init_off=0;
-                }
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-        return(-1);
-        }
-
-static int ssl3_send_client_certificate(SSL *s)
-        {
-        X509 *x509=NULL;
-        EVP_PKEY *pkey=NULL;
-        int i;
-        unsigned long l;
-
-        if (s->state == SSL3_ST_CW_CERT_A)
-                {
-                if ((s->cert == NULL) ||
-                        (s->cert->key->x509 == NULL) ||
-                        (s->cert->key->privatekey == NULL))
-                        s->state=SSL3_ST_CW_CERT_B;
-                else
-                        s->state=SSL3_ST_CW_CERT_C;
-                }
-
-        /* We need to get a client cert */
-        if (s->state == SSL3_ST_CW_CERT_B)
-                {
-                /* If we get an error, we need to
-                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
-                 * We then get retied later */
-                i=0;
-                if (s->ctx->client_cert_cb != NULL)
-                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
-                if (i < 0)
-                        {
-                        s->rwstate=SSL_X509_LOOKUP;
-                        return(-1);
-                        }
-                s->rwstate=SSL_NOTHING;
-                if ((i == 1) && (pkey != NULL) && (x509 != NULL))
-                        {
-                        s->state=SSL3_ST_CW_CERT_B;
-                        if (    !SSL_use_certificate(s,x509) ||
-                                !SSL_use_PrivateKey(s,pkey))
-                                i=0;
-                        }
-                else if (i == 1)
-                        {
-                        i=0;
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-                        }
-
-                if (x509 != NULL) X509_free(x509);
-                if (pkey != NULL) EVP_PKEY_free(pkey);
-                if (i == 0)
-                        {
-                        if (s->version == SSL3_VERSION)
-                                {
-                                s->s3->tmp.cert_req=0;
-                                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
-                                return(1);
-                                }
-                        else
-                                {
-                                s->s3->tmp.cert_req=2;
-                                }
-                        }
-
-                /* Ok, we have a cert */
-                s->state=SSL3_ST_CW_CERT_C;
-                }
-
-        if (s->state == SSL3_ST_CW_CERT_C)
-                {
-                s->state=SSL3_ST_CW_CERT_D;
-                l=ssl3_output_cert_chain(s,
-                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
-                s->init_num=(int)l;
-                s->init_off=0;
-                }
-        /* SSL3_ST_CW_CERT_D */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
-
-#define has_bits(i,m)   (((i)&(m)) == (m))
-
-static int ssl3_check_cert_and_algorithm(SSL *s)
-        {
-        int i,idx;
-        long algs;
-        EVP_PKEY *pkey=NULL;
-        SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
-        DH *dh;
-#endif
-
-        sc=s->session->sess_cert;
-
-        if (sc == NULL)
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-
-        algs=s->s3->tmp.new_cipher->algorithms;
-
-        /* we don't have a certificate */
-        if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
-                return(1);
-
-#ifndef OPENSSL_NO_RSA
-        rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
-        dh=s->session->sess_cert->peer_dh_tmp;
-#endif
-
-        /* This is the passed certificate */
-
-        idx=sc->peer_cert_type;
-        pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
-        i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
-        EVP_PKEY_free(pkey);
-
-        
-        /* Check that we have a certificate if we require one */
-        if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
-                goto f_err;
-                }
-#ifndef OPENSSL_NO_DSA
-        else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
-                goto f_err;
-                }
-#endif
-#ifndef OPENSSL_NO_RSA
-        if ((algs & SSL_kRSA) &&
-                !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-                goto f_err;
-                }
-#endif
-#ifndef OPENSSL_NO_DH
-        if ((algs & SSL_kEDH) &&
-                !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
-                goto f_err;
-                }
-        else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
-                goto f_err;
-                }
-#ifndef OPENSSL_NO_DSA
-        else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
-                {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
-                goto f_err;
-                }
-#endif
-#endif
-
-        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
-                {
-#ifndef OPENSSL_NO_RSA
-                if (algs & SSL_kRSA)
-                        {
-                        if (rsa == NULL
-                            || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
-                                {
-                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-                                goto f_err;
-                                }
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DH
-                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                            {
-                            if (dh == NULL
-                                || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
-                                {
-                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-                                goto f_err;
-                                }
-                        }
-                else
-#endif
-                        {
-                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-                        goto f_err;
-                        }
-                }
-        return(1);
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-err:
-        return(0);
-        }
-
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index a77588e725..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,1799 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/md5.h>
-
-const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-static long ssl3_default_timeout(void );
-
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
-/* The RSA ciphers */
-/* Cipher 01 */
-        {
-        1,
-        SSL3_TXT_RSA_NULL_MD5,
-        SSL3_CK_RSA_NULL_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_STRONG_NONE,
-        0,
-        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 02 */
-        {
-        1,
-        SSL3_TXT_RSA_NULL_SHA,
-        SSL3_CK_RSA_NULL_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-        0,
-        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* anon DH */
-/* Cipher 17 */
-        {
-        1,
-        SSL3_TXT_ADH_RC4_40_MD5,
-        SSL3_CK_ADH_RC4_40_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 18 */
-        {
-        1,
-        SSL3_TXT_ADH_RC4_128_MD5,
-        SSL3_CK_ADH_RC4_128_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 19 */
-        {
-        1,
-        SSL3_TXT_ADH_DES_40_CBC_SHA,
-        SSL3_CK_ADH_DES_40_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 1A */
-        {
-        1,
-        SSL3_TXT_ADH_DES_64_CBC_SHA,
-        SSL3_CK_ADH_DES_64_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 1B */
-        {
-        1,
-        SSL3_TXT_ADH_DES_192_CBC_SHA,
-        SSL3_CK_ADH_DES_192_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* RSA again */
-/* Cipher 03 */
-        {
-        1,
-        SSL3_TXT_RSA_RC4_40_MD5,
-        SSL3_CK_RSA_RC4_40_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 04 */
-        {
-        1,
-        SSL3_TXT_RSA_RC4_128_MD5,
-        SSL3_CK_RSA_RC4_128_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 05 */
-        {
-        1,
-        SSL3_TXT_RSA_RC4_128_SHA,
-        SSL3_CK_RSA_RC4_128_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 06 */
-        {
-        1,
-        SSL3_TXT_RSA_RC2_40_MD5,
-        SSL3_CK_RSA_RC2_40_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
-        {
-        1,
-        SSL3_TXT_RSA_IDEA_128_SHA,
-        SSL3_CK_RSA_IDEA_128_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-#endif
-/* Cipher 08 */
-        {
-        1,
-        SSL3_TXT_RSA_DES_40_CBC_SHA,
-        SSL3_CK_RSA_DES_40_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 09 */
-        {
-        1,
-        SSL3_TXT_RSA_DES_64_CBC_SHA,
-        SSL3_CK_RSA_DES_64_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 0A */
-        {
-        1,
-        SSL3_TXT_RSA_DES_192_CBC3_SHA,
-        SSL3_CK_RSA_DES_192_CBC3_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/*  The DH ciphers */
-/* Cipher 0B */
-        {
-        0,
-        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
-        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-        SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 0C */
-        {
-        0,
-        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
-        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 0D */
-        {
-        0,
-        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
-        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 0E */
-        {
-        0,
-        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
-        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 0F */
-        {
-        0,
-        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
-        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 10 */
-        {
-        0,
-        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
-        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
-        {
-        1,
-        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
-        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 12 */
-        {
-        1,
-        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 13 */
-        {
-        1,
-        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 14 */
-        {
-        1,
-        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
-        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 15 */
-        {
-        1,
-        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
-        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-/* Cipher 16 */
-        {
-        1,
-        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        168,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Fortezza */
-/* Cipher 1C */
-        {
-        0,
-        SSL3_TXT_FZA_DMS_NULL_SHA,
-        SSL3_CK_FZA_DMS_NULL_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_STRONG_NONE,
-        0,
-        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 1D */
-        {
-        0,
-        SSL3_TXT_FZA_DMS_FZA_SHA,
-        SSL3_CK_FZA_DMS_FZA_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_STRONG_NONE,
-        0,
-        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-#if 0
-/* Cipher 1E */
-        {
-        0,
-        SSL3_TXT_FZA_DMS_RC4_SHA,
-        SSL3_CK_FZA_DMS_RC4_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers
-** 20000107 VRS: And the first shall be last,
-** in hopes of avoiding the lynx ssl renegotiation problem.
-*/
-/* Cipher 1E VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_64_CBC_SHA,
-        SSL3_CK_KRB5_DES_64_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 1F VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
-        112,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 20 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC4_128_SHA,
-        SSL3_CK_KRB5_RC4_128_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 21 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
-        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 22 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_64_CBC_MD5,
-        SSL3_CK_KRB5_DES_64_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW,
-        0,
-        56,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 23 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH,
-        0,
-        112,
-        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 24 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC4_128_MD5,
-        SSL3_CK_KRB5_RC4_128_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 25 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
-        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 26 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_40_CBC_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40|SSL_FIPS,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 27 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
-        SSL3_CK_KRB5_RC2_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 28 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC4_40_SHA,
-        SSL3_CK_KRB5_RC4_40_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 29 VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_DES_40_CBC_MD5,
-        SSL3_CK_KRB5_DES_40_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 2A VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
-        SSL3_CK_KRB5_RC2_40_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        40,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-
-/* Cipher 2B VRS */
-        {
-        1,
-        SSL3_TXT_KRB5_RC4_40_MD5,
-        SSL3_CK_KRB5_RC4_40_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
-        0,
-        128,
-        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
-        },
-#endif  /* OPENSSL_NO_KRB5 */
-
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-        /* New TLS Export CipherSuites */
-        /* Cipher 60 */
-            {
-            1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56,
-            0,
-            56,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 61 */
-            {
-            1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-            SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56,
-            0,
-            56,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 62 */
-            {
-            1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
-            0,
-            56,
-            56,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 63 */
-            {
-            1,
-            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-            TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56|SSL_FIPS,
-            0,
-            56,
-            56,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 64 */
-            {
-            1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56,
-            0,
-            56,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 65 */
-            {
-            1,
-            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-            TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_EXPORT|SSL_EXP56,
-            0,
-            56,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 66 */
-            {
-            1,
-            TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-            TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_MEDIUM,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS
-            },
-#endif
-        /* New AES ciphersuites */
-
-        /* Cipher 2F */
-            {
-            1,
-            TLS1_TXT_RSA_WITH_AES_128_SHA,
-            TLS1_CK_RSA_WITH_AES_128_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 30 */
-            {
-            0,
-            TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-            TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 31 */
-            {
-            0,
-            TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-            TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 32 */
-            {
-            1,
-            TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-            TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 33 */
-            {
-            1,
-            TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-            TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 34 */
-            {
-            1,
-            TLS1_TXT_ADH_WITH_AES_128_SHA,
-            TLS1_CK_ADH_WITH_AES_128_SHA,
-            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            128,
-            128,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-
-        /* Cipher 35 */
-            {
-            1,
-            TLS1_TXT_RSA_WITH_AES_256_SHA,
-            TLS1_CK_RSA_WITH_AES_256_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 36 */
-            {
-            0,
-            TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-            TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-            SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 37 */
-            {
-            0,
-            TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-            TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-            SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 38 */
-            {
-            1,
-            TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-            TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 39 */
-            {
-            1,
-            TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-            TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-        /* Cipher 3A */
-            {
-            1,
-            TLS1_TXT_ADH_WITH_AES_256_SHA,
-            TLS1_CK_ADH_WITH_AES_256_SHA,
-            SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
-            SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-            0,
-            256,
-            256,
-            SSL_ALL_CIPHERS,
-            SSL_ALL_STRENGTHS,
-            },
-
-/* end of list */
-        };
-
-static SSL3_ENC_METHOD SSLv3_enc_data={
-        ssl3_enc,
-        ssl3_mac,
-        ssl3_setup_key_block,
-        ssl3_generate_master_secret,
-        ssl3_change_cipher_state,
-        ssl3_final_finish_mac,
-        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-        ssl3_cert_verify_mac,
-        SSL3_MD_CLIENT_FINISHED_CONST,4,
-        SSL3_MD_SERVER_FINISHED_CONST,4,
-        ssl3_alert_code,
-        };
-
-static SSL_METHOD SSLv3_data= {
-        SSL3_VERSION,
-        ssl3_new,
-        ssl3_clear,
-        ssl3_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl3_read,
-        ssl3_peek,
-        ssl3_write,
-        ssl3_shutdown,
-        ssl3_renegotiate,
-        ssl3_renegotiate_check,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl3_get_cipher_by_char,
-        ssl3_put_cipher_by_char,
-        ssl3_pending,
-        ssl3_num_ciphers,
-        ssl3_get_cipher,
-        ssl_bad_method,
-        ssl3_default_timeout,
-        &SSLv3_enc_data,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long ssl3_default_timeout(void)
-        {
-        /* 2 hours, the 24 hours mentioned in the SSLv3 spec
-         * is way too long for http, the cache would over fill */
-        return(60*60*2);
-        }
-
-SSL_METHOD *sslv3_base_method(void)
-        {
-        return(&SSLv3_data);
-        }
-
-int ssl3_num_ciphers(void)
-        {
-        return(SSL3_NUM_CIPHERS);
-        }
-
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
-        {
-        if (u < SSL3_NUM_CIPHERS)
-                return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
-        else
-                return(NULL);
-        }
-
-int ssl3_pending(const SSL *s)
-        {
-        if (s->rstate == SSL_ST_READ_BODY)
-                return 0;
-        
-        return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-        }
-
-int ssl3_new(SSL *s)
-        {
-        SSL3_STATE *s3;
-
-        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
-        memset(s3,0,sizeof *s3);
-        EVP_MD_CTX_init(&s3->finish_dgst1);
-        EVP_MD_CTX_init(&s3->finish_dgst2);
-
-        s->s3=s3;
-
-        s->method->ssl_clear(s);
-        return(1);
-err:
-        return(0);
-        }
-
-void ssl3_free(SSL *s)
-        {
-        if(s == NULL)
-            return;
-
-        ssl3_cleanup_key_block(s);
-        if (s->s3->rbuf.buf != NULL)
-                OPENSSL_free(s->s3->rbuf.buf);
-        if (s->s3->wbuf.buf != NULL)
-                OPENSSL_free(s->s3->wbuf.buf);
-        if (s->s3->rrec.comp != NULL)
-                OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
-        if (s->s3->tmp.dh != NULL)
-                DH_free(s->s3->tmp.dh);
-#endif
-        if (s->s3->tmp.ca_names != NULL)
-                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-        OPENSSL_cleanse(s->s3,sizeof *s->s3);
-        OPENSSL_free(s->s3);
-        s->s3=NULL;
-        }
-
-void ssl3_clear(SSL *s)
-        {
-        unsigned char *rp,*wp;
-        size_t rlen, wlen;
-
-        ssl3_cleanup_key_block(s);
-        if (s->s3->tmp.ca_names != NULL)
-                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
-        if (s->s3->rrec.comp != NULL)
-                {
-                OPENSSL_free(s->s3->rrec.comp);
-                s->s3->rrec.comp=NULL;
-                }
-#ifndef OPENSSL_NO_DH
-        if (s->s3->tmp.dh != NULL)
-                DH_free(s->s3->tmp.dh);
-#endif
-
-        rp = s->s3->rbuf.buf;
-        wp = s->s3->wbuf.buf;
-        rlen = s->s3->rbuf.len;
-        wlen = s->s3->wbuf.len;
-
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-
-        memset(s->s3,0,sizeof *s->s3);
-        s->s3->rbuf.buf = rp;
-        s->s3->wbuf.buf = wp;
-        s->s3->rbuf.len = rlen;
-        s->s3->wbuf.len = wlen;
-
-        ssl_free_wbio_buffer(s);
-
-        s->packet_length=0;
-        s->s3->renegotiate=0;
-        s->s3->total_renegotiations=0;
-        s->s3->num_renegotiations=0;
-        s->s3->in_read_app_data=0;
-        s->version=SSL3_VERSION;
-        }
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
-        {
-        int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-        if (
-#ifndef OPENSSL_NO_RSA
-            cmd == SSL_CTRL_SET_TMP_RSA ||
-            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-            cmd == SSL_CTRL_SET_TMP_DH ||
-            cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-                0)
-                {
-                if (!ssl_cert_inst(&s->cert))
-                        {
-                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                }
-#endif
-
-        switch (cmd)
-                {
-        case SSL_CTRL_GET_SESSION_REUSED:
-                ret=s->hit;
-                break;
-        case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
-                break;
-        case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
-                ret=s->s3->num_renegotiations;
-                break;
-        case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
-                ret=s->s3->num_renegotiations;
-                s->s3->num_renegotiations=0;
-                break;
-        case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
-                ret=s->s3->total_renegotiations;
-                break;
-        case SSL_CTRL_GET_FLAGS:
-                ret=(int)(s->s3->flags);
-                break;
-#ifndef OPENSSL_NO_RSA
-        case SSL_CTRL_NEED_TMP_RSA:
-                if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
-                    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-                     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
-                        ret = 1;
-                break;
-        case SSL_CTRL_SET_TMP_RSA:
-                {
-                        RSA *rsa = (RSA *)parg;
-                        if (rsa == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                                return(ret);
-                                }
-                        if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
-                                return(ret);
-                                }
-                        if (s->cert->rsa_tmp != NULL)
-                                RSA_free(s->cert->rsa_tmp);
-                        s->cert->rsa_tmp = rsa;
-                        ret = 1;
-                }
-                break;
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return(ret);
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case SSL_CTRL_SET_TMP_DH:
-                {
-                        DH *dh = (DH *)parg;
-                        if (dh == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                                return(ret);
-                                }
-                        if ((dh = DHparams_dup(dh)) == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                                return(ret);
-                                }
-                        if (!(s->options & SSL_OP_SINGLE_DH_USE))
-                                {
-                                if (!DH_generate_key(dh))
-                                        {
-                                        DH_free(dh);
-                                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                                        return(ret);
-                                        }
-                                }
-                        if (s->cert->dh_tmp != NULL)
-                                DH_free(s->cert->dh_tmp);
-                        s->cert->dh_tmp = dh;
-                        ret = 1;
-                }
-                break;
-        case SSL_CTRL_SET_TMP_DH_CB:
-                {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return(ret);
-                }
-                break;
-#endif
-        default:
-                break;
-                }
-        return(ret);
-        }
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
-        {
-        int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-        if (
-#ifndef OPENSSL_NO_RSA
-            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-            cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-                0)
-                {
-                if (!ssl_cert_inst(&s->cert))
-                        {
-                        SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                }
-#endif
-
-        switch (cmd)
-                {
-#ifndef OPENSSL_NO_RSA
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
-                s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case SSL_CTRL_SET_TMP_DH_CB:
-                {
-                s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                }
-                break;
-#endif
-        default:
-                break;
-                }
-        return(ret);
-        }
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-        {
-        CERT *cert;
-
-        cert=ctx->cert;
-
-        switch (cmd)
-                {
-#ifndef OPENSSL_NO_RSA
-        case SSL_CTRL_NEED_TMP_RSA:
-                if (    (cert->rsa_tmp == NULL) &&
-                        ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-                         (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
-                        )
-                        return(1);
-                else
-                        return(0);
-                /* break; */
-        case SSL_CTRL_SET_TMP_RSA:
-                {
-                RSA *rsa;
-                int i;
-
-                rsa=(RSA *)parg;
-                i=1;
-                if (rsa == NULL)
-                        i=0;
-                else
-                        {
-                        if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
-                                i=0;
-                        }
-                if (!i)
-                        {
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
-                        return(0);
-                        }
-                else
-                        {
-                        if (cert->rsa_tmp != NULL)
-                                RSA_free(cert->rsa_tmp);
-                        cert->rsa_tmp=rsa;
-                        return(1);
-                        }
-                }
-                /* break; */
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return(0);
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case SSL_CTRL_SET_TMP_DH:
-                {
-                DH *new=NULL,*dh;
-
-                dh=(DH *)parg;
-                if ((new=DHparams_dup(dh)) == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
-                        return 0;
-                        }
-                if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
-                        {
-                        if (!DH_generate_key(new))
-                                {
-                                SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
-                                DH_free(new);
-                                return 0;
-                                }
-                        }
-                if (cert->dh_tmp != NULL)
-                        DH_free(cert->dh_tmp);
-                cert->dh_tmp=new;
-                return 1;
-                }
-                /*break; */
-        case SSL_CTRL_SET_TMP_DH_CB:
-                {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return(0);
-                }
-                break;
-#endif
-        /* A Thawte special :-) */
-        case SSL_CTRL_EXTRA_CHAIN_CERT:
-                if (ctx->extra_certs == NULL)
-                        {
-                        if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
-                                return(0);
-                        }
-                sk_X509_push(ctx->extra_certs,(X509 *)parg);
-                break;
-
-        default:
-                return(0);
-                }
-        return(1);
-        }
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
-        {
-        CERT *cert;
-
-        cert=ctx->cert;
-
-        switch (cmd)
-                {
-#ifndef OPENSSL_NO_RSA
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
-                cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case SSL_CTRL_SET_TMP_DH_CB:
-                {
-                cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                }
-                break;
-#endif
-        default:
-                return(0);
-                }
-        return(1);
-        }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
-        {
-        static int init=1;
-        static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
-        SSL_CIPHER c,*cp= &c,**cpp;
-        unsigned long id;
-        int i;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
-                if (init)
-                        {
-                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
-                                sorted[i]= &(ssl3_ciphers[i]);
-
-                        qsort(sorted,
-                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                                FP_ICC ssl_cipher_ptr_id_cmp);
-
-                        init=0;
-                        }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                }
-
-        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
-        c.id=id;
-        cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
-                (char *)sorted,
-                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                FP_ICC ssl_cipher_ptr_id_cmp);
-        if ((cpp == NULL) || !(*cpp)->valid)
-                return(NULL);
-        else
-                return(*cpp);
-        }
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-        {
-        long l;
-
-        if (p != NULL)
-                {
-                l=c->id;
-                if ((l & 0xff000000) != 0x03000000) return(0);
-                p[0]=((unsigned char)(l>> 8L))&0xFF;
-                p[1]=((unsigned char)(l     ))&0xFF;
-                }
-        return(2);
-        }
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-             STACK_OF(SSL_CIPHER) *srvr)
-        {
-        SSL_CIPHER *c,*ret=NULL;
-        STACK_OF(SSL_CIPHER) *prio, *allow;
-        int i,j,ok;
-        CERT *cert;
-        unsigned long alg,mask,emask;
-
-        /* Let's see which ciphers we can support */
-        cert=s->cert;
-
-#if 0
-        /* Do not set the compare functions, because this may lead to a
-         * reordering by "id". We want to keep the original ordering.
-         * We may pay a price in performance during sk_SSL_CIPHER_find(),
-         * but would have to pay with the price of sk_SSL_CIPHER_dup().
-         */
-        sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
-        sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
-
-#ifdef CIPHER_DEBUG
-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
-        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
-            {
-            c=sk_SSL_CIPHER_value(srvr,i);
-            printf("%p:%s\n",c,c->name);
-            }
-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
-        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
-            {
-            c=sk_SSL_CIPHER_value(clnt,i);
-            printf("%p:%s\n",c,c->name);
-            }
-#endif
-
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-            {
-            prio = srvr;
-            allow = clnt;
-            }
-        else
-            {
-            prio = clnt;
-            allow = srvr;
-            }
-
-        for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
-                {
-                c=sk_SSL_CIPHER_value(prio,i);
-
-                ssl_set_cert_masks(cert,c);
-                mask=cert->mask;
-                emask=cert->export_mask;
-                        
-#ifdef KSSL_DEBUG
-                printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
-#endif    /* KSSL_DEBUG */
-
-                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-#ifndef OPENSSL_NO_KRB5
-                if (alg & SSL_KRB5) 
-                        {
-                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
-                            continue;
-                        }
-#endif /* OPENSSL_NO_KRB5 */
-                if (SSL_C_IS_EXPORT(c))
-                        {
-                        ok=((alg & emask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
-                               c,c->name);
-#endif
-                        }
-                else
-                        {
-                        ok=((alg & mask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
-                               c->name);
-#endif
-                        }
-
-                if (!ok) continue;
-        
-                j=sk_SSL_CIPHER_find(allow,c);
-                if (j >= 0)
-                        {
-                        ret=sk_SSL_CIPHER_value(allow,j);
-                        break;
-                        }
-                }
-        return(ret);
-        }
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
-        {
-        int ret=0;
-        unsigned long alg;
-
-        alg=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_DH
-        if (alg & (SSL_kDHr|SSL_kEDH))
-                {
-#  ifndef OPENSSL_NO_RSA
-                p[ret++]=SSL3_CT_RSA_FIXED_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-                p[ret++]=SSL3_CT_DSS_FIXED_DH;
-#  endif
-                }
-        if ((s->version == SSL3_VERSION) &&
-                (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
-                {
-#  ifndef OPENSSL_NO_RSA
-                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-                p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-#  endif
-                }
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
-        p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
-        p[ret++]=SSL3_CT_DSS_SIGN;
-#endif
-        return(ret);
-        }
-
-int ssl3_shutdown(SSL *s)
-        {
-
-        /* Don't do anything much if we have not done the handshake or
-         * we don't want to send messages :-) */
-        if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
-                {
-                s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-                return(1);
-                }
-
-        if (!(s->shutdown & SSL_SENT_SHUTDOWN))
-                {
-                s->shutdown|=SSL_SENT_SHUTDOWN;
-#if 1
-                ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
-#endif
-                /* our shutdown alert has been sent now, and if it still needs
-                 * to be written, s->s3->alert_dispatch will be true */
-                }
-        else if (s->s3->alert_dispatch)
-                {
-                /* resend it if not sent */
-#if 1
-                ssl3_dispatch_alert(s);
-#endif
-                }
-        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
-                {
-                /* If we are waiting for a close from our peer, we are closed */
-                ssl3_read_bytes(s,0,NULL,0,0);
-                }
-
-        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
-                !s->s3->alert_dispatch)
-                return(1);
-        else
-                return(0);
-        }
-
-int ssl3_write(SSL *s, const void *buf, int len)
-        {
-        int ret,n;
-
-#if 0
-        if (s->shutdown & SSL_SEND_SHUTDOWN)
-                {
-                s->rwstate=SSL_NOTHING;
-                return(0);
-                }
-#endif
-        clear_sys_error();
-        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-
-        /* This is an experimental flag that sends the
-         * last handshake message in the same packet as the first
-         * use data - used to see if it helps the TCP protocol during
-         * session-id reuse */
-        /* The second test is because the buffer may have been removed */
-        if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-                {
-                /* First time through, we write into the buffer */
-                if (s->s3->delay_buf_pop_ret == 0)
-                        {
-                        ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-                                             buf,len);
-                        if (ret <= 0) return(ret);
-
-                        s->s3->delay_buf_pop_ret=ret;
-                        }
-
-                s->rwstate=SSL_WRITING;
-                n=BIO_flush(s->wbio);
-                if (n <= 0) return(n);
-                s->rwstate=SSL_NOTHING;
-
-                /* We have flushed the buffer, so remove it */
-                ssl_free_wbio_buffer(s);
-                s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
-                ret=s->s3->delay_buf_pop_ret;
-                s->s3->delay_buf_pop_ret=0;
-                }
-        else
-                {
-                ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-                                     buf,len);
-                if (ret <= 0) return(ret);
-                }
-
-        return(ret);
-        }
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
-        {
-        int ret;
-        
-        clear_sys_error();
-        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-        s->s3->in_read_app_data=1;
-        ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-        if ((ret == -1) && (s->s3->in_read_app_data == 2))
-                {
-                /* ssl3_read_bytes decided to call s->handshake_func, which
-                 * called ssl3_read_bytes to read handshake data.
-                 * However, ssl3_read_bytes actually found application data
-                 * and thinks that application data makes sense here; so disable
-                 * handshake processing and try to read application data again. */
-                s->in_handshake++;
-                ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-                s->in_handshake--;
-                }
-        else
-                s->s3->in_read_app_data=0;
-
-        return(ret);
-        }
-
-int ssl3_read(SSL *s, void *buf, int len)
-        {
-        return ssl3_read_internal(s, buf, len, 0);
-        }
-
-int ssl3_peek(SSL *s, void *buf, int len)
-        {
-        return ssl3_read_internal(s, buf, len, 1);
-        }
-
-int ssl3_renegotiate(SSL *s)
-        {
-        if (s->handshake_func == NULL)
-                return(1);
-
-        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-                return(0);
-
-        s->s3->renegotiate=1;
-        return(1);
-        }
-
-int ssl3_renegotiate_check(SSL *s)
-        {
-        int ret=0;
-
-        if (s->s3->renegotiate)
-                {
-                if (    (s->s3->rbuf.left == 0) &&
-                        (s->s3->wbuf.left == 0) &&
-                        !SSL_in_init(s))
-                        {
-/*
-if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
-*/
-                        /* SSL_ST_ACCEPT */
-                        s->state=SSL_ST_RENEGOTIATE;
-                        s->s3->renegotiate=0;
-                        s->s3->num_renegotiations++;
-                        s->s3->total_renegotiations++;
-                        ret=1;
-                        }
-                }
-        return(ret);
-        }
-
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index cb0b12b400..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-                         unsigned int len, int create_empty_fragment);
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len);
-static int ssl3_get_record(SSL *s);
-static int do_compress(SSL *ssl);
-static int do_uncompress(SSL *ssl);
-static int do_change_cipher_spec(SSL *ssl);
-
-/* used only by ssl3_get_record */
-static int ssl3_read_n(SSL *s, int n, int max, int extend)
-        {
-        /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
-         * packet by another n bytes.
-         * The packet will be in the sub-array of s->s3->rbuf.buf specified
-         * by s->packet and s->packet_length.
-         * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
-         * [plus s->packet_length bytes if extend == 1].)
-         */
-        int i,off,newb;
-
-        if (!extend)
-                {
-                /* start with empty packet ... */
-                if (s->s3->rbuf.left == 0)
-                        s->s3->rbuf.offset = 0;
-                s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
-                s->packet_length = 0;
-                /* ... now we can act as if 'extend' was set */
-                }
-
-        /* if there is enough in the buffer from a previous read, take some */
-        if (s->s3->rbuf.left >= (int)n)
-                {
-                s->packet_length+=n;
-                s->s3->rbuf.left-=n;
-                s->s3->rbuf.offset+=n;
-                return(n);
-                }
-
-        /* else we need to read more data */
-        if (!s->read_ahead)
-                max=n;
-
-        {
-                /* avoid buffer overflow */
-                int max_max = s->s3->rbuf.len - s->packet_length;
-                if (max > max_max)
-                        max = max_max;
-        }
-        if (n > max) /* does not happen */
-                {
-                SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
-                return -1;
-                }
-
-        off = s->packet_length;
-        newb = s->s3->rbuf.left;
-        /* Move any available bytes to front of buffer:
-         * 'off' bytes already pointed to by 'packet',
-         * 'newb' extra ones at the end */
-        if (s->packet != s->s3->rbuf.buf)
-                {
-                /*  off > 0 */
-                memmove(s->s3->rbuf.buf, s->packet, off+newb);
-                s->packet = s->s3->rbuf.buf;
-                }
-
-        while (newb < n)
-                {
-                /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
-                 * to read in more until we have off+n (up to off+max if possible) */
-
-                clear_sys_error();
-                if (s->rbio != NULL)
-                        {
-                        s->rwstate=SSL_READING;
-                        i=BIO_read(s->rbio,     &(s->s3->rbuf.buf[off+newb]), max-newb);
-                        }
-                else
-                        {
-                        SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
-                        i = -1;
-                        }
-
-                if (i <= 0)
-                        {
-                        s->s3->rbuf.left = newb;
-                        return(i);
-                        }
-                newb+=i;
-                }
-
-        /* done reading, now the book-keeping */
-        s->s3->rbuf.offset = off + n;
-        s->s3->rbuf.left = newb - n;
-        s->packet_length += n;
-        s->rwstate=SSL_NOTHING;
-        return(n);
-        }
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
-        {
-        int ssl_major,ssl_minor,al;
-        int enc_err,n,i,ret= -1;
-        SSL3_RECORD *rr;
-        SSL_SESSION *sess;
-        unsigned char *p;
-        unsigned char md[EVP_MAX_MD_SIZE];
-        short version;
-        unsigned int mac_size;
-        int clear=0;
-        size_t extra;
-        int decryption_failed_or_bad_record_mac = 0;
-        unsigned char *mac = NULL;
-
-        rr= &(s->s3->rrec);
-        sess=s->session;
-
-        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-                extra=SSL3_RT_MAX_EXTRA;
-        else
-                extra=0;
-        if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
-                {
-                /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
-                 * set after ssl3_setup_buffers() was done */
-                SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
-                return -1;
-                }
-
-again:
-        /* check if we have the header */
-        if (    (s->rstate != SSL_ST_READ_BODY) ||
-                (s->packet_length < SSL3_RT_HEADER_LENGTH)) 
-                {
-                n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-                if (n <= 0) return(n); /* error or non-blocking */
-                s->rstate=SSL_ST_READ_BODY;
-
-                p=s->packet;
-
-                /* Pull apart the header into the SSL3_RECORD */
-                rr->type= *(p++);
-                ssl_major= *(p++);
-                ssl_minor= *(p++);
-                version=(ssl_major<<8)|ssl_minor;
-                n2s(p,rr->length);
-
-                /* Lets check version */
-                if (s->first_packet)
-                        {
-                        s->first_packet=0;
-                        }
-                else
-                        {
-                        if (version != s->version)
-                                {
-                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                /* Send back error using their
-                                 * version number :-) */
-                                s->version=version;
-                                al=SSL_AD_PROTOCOL_VERSION;
-                                goto f_err;
-                                }
-                        }
-
-                if ((version>>8) != SSL3_VERSION_MAJOR)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                        goto err;
-                        }
-
-                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
-                        {
-                        al=SSL_AD_RECORD_OVERFLOW;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
-                        goto f_err;
-                        }
-
-                /* now s->rstate == SSL_ST_READ_BODY */
-                }
-
-        /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-        if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
-                {
-                /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
-                i=rr->length;
-                n=ssl3_read_n(s,i,i,1);
-                if (n <= 0) return(n); /* error or non-blocking io */
-                /* now n == rr->length,
-                 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
-                }
-
-        s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
-        /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-         * and we have that many bytes in s->packet
-         */
-        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
-        /* ok, we can now read from 's->packet' data into 'rr'
-         * rr->input points at rr->length bytes, which
-         * need to be copied into rr->data by either
-         * the decryption or by the decompression
-         * When the data is 'copied' into the rr->data buffer,
-         * rr->input will be pointed at the new buffer */ 
-
-        /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
-         * rr->length bytes of encrypted compressed stuff. */
-
-        /* check is not needed I believe */
-        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
-                {
-                al=SSL_AD_RECORD_OVERFLOW;
-                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-                goto f_err;
-                }
-
-        /* decrypt in place in 'rr->input' */
-        rr->data=rr->input;
-
-        enc_err = s->method->ssl3_enc->enc(s,0);
-        if (enc_err <= 0)
-                {
-                if (enc_err == 0)
-                        /* SSLerr() and ssl3_send_alert() have been called */
-                        goto err;
-
-                /* Otherwise enc_err == -1, which indicates bad padding
-                 * (rec->length has not been changed in this case).
-                 * To minimize information leaked via timing, we will perform
-                 * the MAC computation anyway. */
-                decryption_failed_or_bad_record_mac = 1;
-                }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
-        /* r->length is now the compressed data plus mac */
-        if (    (sess == NULL) ||
-                (s->enc_read_ctx == NULL) ||
-                (s->read_hash == NULL))
-                clear=1;
-
-        if (!clear)
-                {
-                mac_size=EVP_MD_size(s->read_hash);
-
-                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
-                        {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
-                        al=SSL_AD_RECORD_OVERFLOW;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
-                        goto f_err;
-#else
-                        decryption_failed_or_bad_record_mac = 1;
-#endif                  
-                        }
-                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-                if (rr->length >= mac_size)
-                        {
-                        rr->length -= mac_size;
-                        mac = &rr->data[rr->length];
-                        }
-                else
-                        {
-                        /* record (minus padding) is too short to contain a MAC */
-#if 0 /* OK only for stream ciphers */
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
-                        goto f_err;
-#else
-                        decryption_failed_or_bad_record_mac = 1;
-                        rr->length = 0;
-#endif
-                        }
-                i=s->method->ssl3_enc->mac(s,md,0);
-                if (mac == NULL || memcmp(md, mac, mac_size) != 0)
-                        {
-                        decryption_failed_or_bad_record_mac = 1;
-                        }
-                }
-
-        if (decryption_failed_or_bad_record_mac)
-                {
-                /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
-                 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-                 * failure is directly visible from the ciphertext anyway,
-                 * we should not reveal which kind of error occured -- this
-                 * might become visible to an attacker (e.g. via a logfile) */
-                al=SSL_AD_BAD_RECORD_MAC;
-                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-                goto f_err;
-                }
-
-        /* r->length is now just compressed */
-        if (s->expand != NULL)
-                {
-                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
-                        {
-                        al=SSL_AD_RECORD_OVERFLOW;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-                        goto f_err;
-                        }
-                if (!do_uncompress(s))
-                        {
-                        al=SSL_AD_DECOMPRESSION_FAILURE;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
-                        goto f_err;
-                        }
-                }
-
-        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
-                {
-                al=SSL_AD_RECORD_OVERFLOW;
-                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
-                goto f_err;
-                }
-
-        rr->off=0;
-        /* So at this point the following is true
-         * ssl->s3->rrec.type   is the type of record
-         * ssl->s3->rrec.length == number of bytes in record
-         * ssl->s3->rrec.off    == offset to first valid byte
-         * ssl->s3->rrec.data   == where to take bytes from, increment
-         *                         after use :-).
-         */
-
-        /* we have pulled in a full packet so zero things */
-        s->packet_length=0;
-
-        /* just read a 0 length packet */
-        if (rr->length == 0) goto again;
-
-        return(1);
-
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        return(ret);
-        }
-
-static int do_uncompress(SSL *ssl)
-        {
-        int i;
-        SSL3_RECORD *rr;
-
-        rr= &(ssl->s3->rrec);
-        i=COMP_expand_block(ssl->expand,rr->comp,
-                SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
-        if (i < 0)
-                return(0);
-        else
-                rr->length=i;
-        rr->data=rr->comp;
-
-        return(1);
-        }
-
-static int do_compress(SSL *ssl)
-        {
-        int i;
-        SSL3_RECORD *wr;
-
-        wr= &(ssl->s3->wrec);
-        i=COMP_compress_block(ssl->compress,wr->data,
-                SSL3_RT_MAX_COMPRESSED_LENGTH,
-                wr->input,(int)wr->length);
-        if (i < 0)
-                return(0);
-        else
-                wr->length=i;
-
-        wr->input=wr->data;
-        return(1);
-        }
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
-        {
-        const unsigned char *buf=buf_;
-        unsigned int tot,n,nw;
-        int i;
-
-        s->rwstate=SSL_NOTHING;
-        tot=s->s3->wnum;
-        s->s3->wnum=0;
-
-        if (SSL_in_init(s) && !s->in_handshake)
-                {
-                i=s->handshake_func(s);
-                if (i < 0) return(i);
-                if (i == 0)
-                        {
-                        SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return -1;
-                        }
-                }
-
-        n=(len-tot);
-        for (;;)
-                {
-                if (n > SSL3_RT_MAX_PLAIN_LENGTH)
-                        nw=SSL3_RT_MAX_PLAIN_LENGTH;
-                else
-                        nw=n;
-
-                i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
-                if (i <= 0)
-                        {
-                        s->s3->wnum=tot;
-                        return i;
-                        }
-
-                if ((i == (int)n) ||
-                        (type == SSL3_RT_APPLICATION_DATA &&
-                         (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
-                        {
-                        /* next chunk of data should get another prepended empty fragment
-                         * in ciphersuites with known-IV weakness: */
-                        s->s3->empty_fragment_done = 0;
-                        
-                        return tot+i;
-                        }
-
-                n-=i;
-                tot+=i;
-                }
-        }
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-                         unsigned int len, int create_empty_fragment)
-        {
-        unsigned char *p,*plen;
-        int i,mac_size,clear=0;
-        int prefix_len = 0;
-        SSL3_RECORD *wr;
-        SSL3_BUFFER *wb;
-        SSL_SESSION *sess;
-
-        /* first check if there is a SSL3_BUFFER still being written
-         * out.  This will happen with non blocking IO */
-        if (s->s3->wbuf.left != 0)
-                return(ssl3_write_pending(s,type,buf,len));
-
-        /* If we have an alert to send, lets send it */
-        if (s->s3->alert_dispatch)
-                {
-                i=ssl3_dispatch_alert(s);
-                if (i <= 0)
-                        return(i);
-                /* if it went, fall through and send more stuff */
-                }
-
-        if (len == 0 && !create_empty_fragment)
-                return 0;
-
-        wr= &(s->s3->wrec);
-        wb= &(s->s3->wbuf);
-        sess=s->session;
-
-        if (    (sess == NULL) ||
-                (s->enc_write_ctx == NULL) ||
-                (s->write_hash == NULL))
-                clear=1;
-
-        if (clear)
-                mac_size=0;
-        else
-                mac_size=EVP_MD_size(s->write_hash);
-
-        /* 'create_empty_fragment' is true only when this function calls itself */
-        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
-                {
-                /* countermeasure against known-IV weakness in CBC ciphersuites
-                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-
-                if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
-                        {
-                        /* recursive function call with 'create_empty_fragment' set;
-                         * this prepares and buffers the data for an empty fragment
-                         * (these 'prefix_len' bytes are sent out later
-                         * together with the actual payload) */
-                        prefix_len = do_ssl3_write(s, type, buf, 0, 1);
-                        if (prefix_len <= 0)
-                                goto err;
-
-                        if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
-                                {
-                                /* insufficient space */
-                                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        }
-                
-                s->s3->empty_fragment_done = 1;
-                }
-
-        p = wb->buf + prefix_len;
-
-        /* write the header */
-
-        *(p++)=type&0xff;
-        wr->type=type;
-
-        *(p++)=(s->version>>8);
-        *(p++)=s->version&0xff;
-
-        /* field where we are to write out packet length */
-        plen=p; 
-        p+=2;
-
-        /* lets setup the record stuff. */
-        wr->data=p;
-        wr->length=(int)len;
-        wr->input=(unsigned char *)buf;
-
-        /* we now 'read' from wr->input, wr->length bytes into
-         * wr->data */
-
-        /* first we compress */
-        if (s->compress != NULL)
-                {
-                if (!do_compress(s))
-                        {
-                        SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
-                        goto err;
-                        }
-                }
-        else
-                {
-                memcpy(wr->data,wr->input,wr->length);
-                wr->input=wr->data;
-                }
-
-        /* we should still have the output to wr->data and the input
-         * from wr->input.  Length should be wr->length.
-         * wr->data still points in the wb->buf */
-
-        if (mac_size != 0)
-                {
-                s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
-                wr->length+=mac_size;
-                wr->input=p;
-                wr->data=p;
-                }
-
-        /* ssl3_enc can only have an error on read */
-        s->method->ssl3_enc->enc(s,1);
-
-        /* record length after mac and block padding */
-        s2n(wr->length,plen);
-
-        /* we should now have
-         * wr->data pointing to the encrypted data, which is
-         * wr->length long */
-        wr->type=type; /* not needed but helps for debugging */
-        wr->length+=SSL3_RT_HEADER_LENGTH;
-
-        if (create_empty_fragment)
-                {
-                /* we are in a recursive call;
-                 * just return the length, don't write out anything here
-                 */
-                return wr->length;
-                }
-
-        /* now let's set up wb */
-        wb->left = prefix_len + wr->length;
-        wb->offset = 0;
-
-        /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
-        s->s3->wpend_tot=len;
-        s->s3->wpend_buf=buf;
-        s->s3->wpend_type=type;
-        s->s3->wpend_ret=len;
-
-        /* we now just need to write the buffer */
-        return ssl3_write_pending(s,type,buf,len);
-err:
-        return -1;
-        }
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                              unsigned int len)
-        {
-        int i;
-
-/* XXXX */
-        if ((s->s3->wpend_tot > (int)len)
-                || ((s->s3->wpend_buf != buf) &&
-                        !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
-                || (s->s3->wpend_type != type))
-                {
-                SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
-                return(-1);
-                }
-
-        for (;;)
-                {
-                clear_sys_error();
-                if (s->wbio != NULL)
-                        {
-                        s->rwstate=SSL_WRITING;
-                        i=BIO_write(s->wbio,
-                                (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
-                                (unsigned int)s->s3->wbuf.left);
-                        }
-                else
-                        {
-                        SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
-                        i= -1;
-                        }
-                if (i == s->s3->wbuf.left)
-                        {
-                        s->s3->wbuf.left=0;
-                        s->rwstate=SSL_NOTHING;
-                        return(s->s3->wpend_ret);
-                        }
-                else if (i <= 0)
-                        return(i);
-                s->s3->wbuf.offset+=i;
-                s->s3->wbuf.left-=i;
-                }
-        }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-        {
-        int al,i,j,ret;
-        unsigned int n;
-        SSL3_RECORD *rr;
-        void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
-        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-                if (!ssl3_setup_buffers(s))
-                        return(-1);
-
-        if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
-            (peek && (type != SSL3_RT_APPLICATION_DATA)))
-                {
-                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
-                return -1;
-                }
-
-        if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
-                /* (partially) satisfy request from storage */
-                {
-                unsigned char *src = s->s3->handshake_fragment;
-                unsigned char *dst = buf;
-                unsigned int k;
-
-                /* peek == 0 */
-                n = 0;
-                while ((len > 0) && (s->s3->handshake_fragment_len > 0))
-                        {
-                        *dst++ = *src++;
-                        len--; s->s3->handshake_fragment_len--;
-                        n++;
-                        }
-                /* move any remaining fragment bytes: */
-                for (k = 0; k < s->s3->handshake_fragment_len; k++)
-                        s->s3->handshake_fragment[k] = *src++;
-                return n;
-        }
-
-        /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
-        if (!s->in_handshake && SSL_in_init(s))
-                {
-                /* type == SSL3_RT_APPLICATION_DATA */
-                i=s->handshake_func(s);
-                if (i < 0) return(i);
-                if (i == 0)
-                        {
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return(-1);
-                        }
-                }
-start:
-        s->rwstate=SSL_NOTHING;
-
-        /* s->s3->rrec.type         - is the type of record
-         * s->s3->rrec.data,    - data
-         * s->s3->rrec.off,     - offset into 'data' for next read
-         * s->s3->rrec.length,  - number of bytes. */
-        rr = &(s->s3->rrec);
-
-        /* get new packet if necessary */
-        if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
-                {
-                ret=ssl3_get_record(s);
-                if (ret <= 0) return(ret);
-                }
-
-        /* we now have a packet which can be read and processed */
-
-        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-                                       * reset by ssl3_get_finished */
-                && (rr->type != SSL3_RT_HANDSHAKE))
-                {
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-                goto f_err;
-                }
-
-        /* If the other end has shut down, throw anything we read away
-         * (even in 'peek' mode) */
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-                {
-                rr->length=0;
-                s->rwstate=SSL_NOTHING;
-                return(0);
-                }
-
-
-        if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-                {
-                /* make sure that we are not getting application data when we
-                 * are doing a handshake for the first time */
-                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-                        (s->enc_read_ctx == NULL))
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
-                        goto f_err;
-                        }
-
-                if (len <= 0) return(len);
-
-                if ((unsigned int)len > rr->length)
-                        n = rr->length;
-                else
-                        n = (unsigned int)len;
-
-                memcpy(buf,&(rr->data[rr->off]),n);
-                if (!peek)
-                        {
-                        rr->length-=n;
-                        rr->off+=n;
-                        if (rr->length == 0)
-                                {
-                                s->rstate=SSL_ST_READ_HEADER;
-                                rr->off=0;
-                                }
-                        }
-                return(n);
-                }
-
-
-        /* If we get here, then type != rr->type; if we have a handshake
-         * message, then it was unexpected (Hello Request or Client Hello). */
-
-        /* In case of record types for which we have 'fragment' storage,
-         * fill that so that we can process the data at a fixed place.
-         */
-                {
-                unsigned int dest_maxlen = 0;
-                unsigned char *dest = NULL;
-                unsigned int *dest_len = NULL;
-
-                if (rr->type == SSL3_RT_HANDSHAKE)
-                        {
-                        dest_maxlen = sizeof s->s3->handshake_fragment;
-                        dest = s->s3->handshake_fragment;
-                        dest_len = &s->s3->handshake_fragment_len;
-                        }
-                else if (rr->type == SSL3_RT_ALERT)
-                        {
-                        dest_maxlen = sizeof s->s3->alert_fragment;
-                        dest = s->s3->alert_fragment;
-                        dest_len = &s->s3->alert_fragment_len;
-                        }
-
-                if (dest_maxlen > 0)
-                        {
-                        n = dest_maxlen - *dest_len; /* available space in 'dest' */
-                        if (rr->length < n)
-                                n = rr->length; /* available bytes */
-
-                        /* now move 'n' bytes: */
-                        while (n-- > 0)
-                                {
-                                dest[(*dest_len)++] = rr->data[rr->off++];
-                                rr->length--;
-                                }
-
-                        if (*dest_len < dest_maxlen)
-                                goto start; /* fragment was too small */
-                        }
-                }
-
-        /* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
-         * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
-         * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
-        /* If we are a client, check for an incoming 'Hello Request': */
-        if ((!s->server) &&
-                (s->s3->handshake_fragment_len >= 4) &&
-                (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-                (s->session != NULL) && (s->session->cipher != NULL))
-                {
-                s->s3->handshake_fragment_len = 0;
-
-                if ((s->s3->handshake_fragment[1] != 0) ||
-                        (s->s3->handshake_fragment[2] != 0) ||
-                        (s->s3->handshake_fragment[3] != 0))
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
-                        goto f_err;
-                        }
-
-                if (s->msg_callback)
-                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
-
-                if (SSL_is_init_finished(s) &&
-                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-                        !s->s3->renegotiate)
-                        {
-                        ssl3_renegotiate(s);
-                        if (ssl3_renegotiate_check(s))
-                                {
-                                i=s->handshake_func(s);
-                                if (i < 0) return(i);
-                                if (i == 0)
-                                        {
-                                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-                                        return(-1);
-                                        }
-
-                                if (!(s->mode & SSL_MODE_AUTO_RETRY))
-                                        {
-                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-                                                {
-                                                BIO *bio;
-                                                /* In the case where we try to read application data,
-                                                 * but we trigger an SSL handshake, we return -1 with
-                                                 * the retry option set.  Otherwise renegotiation may
-                                                 * cause nasty problems in the blocking world */
-                                                s->rwstate=SSL_READING;
-                                                bio=SSL_get_rbio(s);
-                                                BIO_clear_retry_flags(bio);
-                                                BIO_set_retry_read(bio);
-                                                return(-1);
-                                                }
-                                        }
-                                }
-                        }
-                /* we either finished a handshake or ignored the request,
-                 * now try again to obtain the (application) data we were asked for */
-                goto start;
-                }
-
-        if (s->s3->alert_fragment_len >= 2)
-                {
-                int alert_level = s->s3->alert_fragment[0];
-                int alert_descr = s->s3->alert_fragment[1];
-
-                s->s3->alert_fragment_len = 0;
-
-                if (s->msg_callback)
-                        s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
-
-                if (s->info_callback != NULL)
-                        cb=s->info_callback;
-                else if (s->ctx->info_callback != NULL)
-                        cb=s->ctx->info_callback;
-
-                if (cb != NULL)
-                        {
-                        j = (alert_level << 8) | alert_descr;
-                        cb(s, SSL_CB_READ_ALERT, j);
-                        }
-
-                if (alert_level == 1) /* warning */
-                        {
-                        s->s3->warn_alert = alert_descr;
-                        if (alert_descr == SSL_AD_CLOSE_NOTIFY)
-                                {
-                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                                return(0);
-                                }
-                        }
-                else if (alert_level == 2) /* fatal */
-                        {
-                        char tmp[16];
-
-                        s->rwstate=SSL_NOTHING;
-                        s->s3->fatal_alert = alert_descr;
-                        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
-                        ERR_add_error_data(2,"SSL alert number ",tmp);
-                        s->shutdown|=SSL_RECEIVED_SHUTDOWN;
-                        SSL_CTX_remove_session(s->ctx,s->session);
-                        return(0);
-                        }
-                else
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
-                        goto f_err;
-                        }
-
-                goto start;
-                }
-
-        if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
-                {
-                s->rwstate=SSL_NOTHING;
-                rr->length=0;
-                return(0);
-                }
-
-        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
-                {
-                /* 'Change Cipher Spec' is just a single byte, so we know
-                 * exactly what the record payload has to look like */
-                if (    (rr->length != 1) || (rr->off != 0) ||
-                        (rr->data[0] != SSL3_MT_CCS))
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                        goto f_err;
-                        }
-
-                /* Check we have a cipher to change to */
-                if (s->s3->tmp.new_cipher == NULL)
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-                        goto f_err;
-                        }
-
-                rr->length=0;
-
-                if (s->msg_callback)
-                        s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
-
-                s->s3->change_cipher_spec=1;
-                if (!do_change_cipher_spec(s))
-                        goto err;
-                else
-                        goto start;
-                }
-
-        /* Unexpected handshake message (Client Hello, or protocol violation) */
-        if ((s->s3->handshake_fragment_len >= 4) &&     !s->in_handshake)
-                {
-                if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
-                        {
-#if 0 /* worked only because C operator preferences are not as expected (and
-       * because this is not really needed for clients except for detecting
-       * protocol violations): */
-                        s->state=SSL_ST_BEFORE|(s->server)
-                                ?SSL_ST_ACCEPT
-                                :SSL_ST_CONNECT;
-#else
-                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-                        s->new_session=1;
-                        }
-                i=s->handshake_func(s);
-                if (i < 0) return(i);
-                if (i == 0)
-                        {
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return(-1);
-                        }
-
-                if (!(s->mode & SSL_MODE_AUTO_RETRY))
-                        {
-                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-                                {
-                                BIO *bio;
-                                /* In the case where we try to read application data,
-                                 * but we trigger an SSL handshake, we return -1 with
-                                 * the retry option set.  Otherwise renegotiation may
-                                 * cause nasty problems in the blocking world */
-                                s->rwstate=SSL_READING;
-                                bio=SSL_get_rbio(s);
-                                BIO_clear_retry_flags(bio);
-                                BIO_set_retry_read(bio);
-                                return(-1);
-                                }
-                        }
-                goto start;
-                }
-
-        switch (rr->type)
-                {
-        default:
-#ifndef OPENSSL_NO_TLS
-                /* TLS just ignores unknown message types */
-                if (s->version == TLS1_VERSION)
-                        {
-                        rr->length = 0;
-                        goto start;
-                        }
-#endif
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-                goto f_err;
-        case SSL3_RT_CHANGE_CIPHER_SPEC:
-        case SSL3_RT_ALERT:
-        case SSL3_RT_HANDSHAKE:
-                /* we already handled all of these, with the possible exception
-                 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
-                 * should not happen when type != rr->type */
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
-                goto f_err;
-        case SSL3_RT_APPLICATION_DATA:
-                /* At this point, we were expecting handshake data,
-                 * but have application data.  If the library was
-                 * running inside ssl3_read() (i.e. in_read_app_data
-                 * is set) and it makes sense to read application data
-                 * at this point (session renegotiation not yet started),
-                 * we will indulge it.
-                 */
-                if (s->s3->in_read_app_data &&
-                        (s->s3->total_renegotiations != 0) &&
-                        ((
-                                (s->state & SSL_ST_CONNECT) &&
-                                (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-                                (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-                                ) || (
-                                        (s->state & SSL_ST_ACCEPT) &&
-                                        (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                                        (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-                                        )
-                                ))
-                        {
-                        s->s3->in_read_app_data=2;
-                        return(-1);
-                        }
-                else
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-                        goto f_err;
-                        }
-                }
-        /* not reached */
-
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        return(-1);
-        }
-
-static int do_change_cipher_spec(SSL *s)
-        {
-        int i;
-        const char *sender;
-        int slen;
-
-        if (s->state & SSL_ST_ACCEPT)
-                i=SSL3_CHANGE_CIPHER_SERVER_READ;
-        else
-                i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
-        if (s->s3->tmp.key_block == NULL)
-                {
-                s->session->cipher=s->s3->tmp.new_cipher;
-                if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
-                }
-
-        if (!s->method->ssl3_enc->change_cipher_state(s,i))
-                return(0);
-
-        /* we have to record the message digest at
-         * this point so we can get it before we read
-         * the finished message */
-        if (s->state & SSL_ST_CONNECT)
-                {
-                sender=s->method->ssl3_enc->server_finished_label;
-                slen=s->method->ssl3_enc->server_finished_label_len;
-                }
-        else
-                {
-                sender=s->method->ssl3_enc->client_finished_label;
-                slen=s->method->ssl3_enc->client_finished_label_len;
-                }
-
-        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-                &(s->s3->finish_dgst1),
-                &(s->s3->finish_dgst2),
-                sender,slen,s->s3->tmp.peer_finish_md);
-
-        return(1);
-        }
-
-void ssl3_send_alert(SSL *s, int level, int desc)
-        {
-        /* Map tls/ssl alert value to correct one */
-        desc=s->method->ssl3_enc->alert_value(desc);
-        if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
-                desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
-        if (desc < 0) return;
-        /* If a fatal one, remove from cache */
-        if ((level == 2) && (s->session != NULL))
-                SSL_CTX_remove_session(s->ctx,s->session);
-
-        s->s3->alert_dispatch=1;
-        s->s3->send_alert[0]=level;
-        s->s3->send_alert[1]=desc;
-        if (s->s3->wbuf.left == 0) /* data still being written out? */
-                ssl3_dispatch_alert(s);
-        /* else data is still being written out, we will get written
-         * some time in the future */
-        }
-
-int ssl3_dispatch_alert(SSL *s)
-        {
-        int i,j;
-        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-
-        s->s3->alert_dispatch=0;
-        i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
-        if (i <= 0)
-                {
-                s->s3->alert_dispatch=1;
-                }
-        else
-                {
-                /* Alert sent to BIO.  If it is important, flush it now.
-                 * If the message does not get sent due to non-blocking IO,
-                 * we will not worry too much. */
-                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-                        (void)BIO_flush(s->wbio);
-
-                if (s->msg_callback)
-                        s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
-
-                if (s->info_callback != NULL)
-                        cb=s->info_callback;
-                else if (s->ctx->info_callback != NULL)
-                        cb=s->ctx->info_callback;
-
-                if (cb != NULL)
-                        {
-                        j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
-                        cb(s,SSL_CB_WRITE_ALERT,j);
-                        }
-                }
-        return(i);
-        }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 36fc39d7f8..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,2082 +0,0 @@
-/* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-#include <openssl/fips.h>
-
-static SSL_METHOD *ssl3_get_server_method(int ver);
-static int ssl3_get_client_hello(SSL *s);
-static int ssl3_check_client_hello(SSL *s);
-static int ssl3_send_server_hello(SSL *s);
-static int ssl3_send_server_key_exchange(SSL *s);
-static int ssl3_send_certificate_request(SSL *s);
-static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_client_key_exchange(SSL *s);
-static int ssl3_get_client_certificate(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
-static int ssl3_send_hello_request(SSL *s);
-
-static SSL_METHOD *ssl3_get_server_method(int ver)
-        {
-        if (ver == SSL3_VERSION)
-                return(SSLv3_server_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *SSLv3_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD SSLv3_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-                                sizeof(SSL_METHOD));
-                        SSLv3_server_data.ssl_accept=ssl3_accept;
-                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                        init=0;
-                        }
-                        
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&SSLv3_server_data);
-        }
-
-int ssl3_accept(SSL *s)
-        {
-        BUF_MEM *buf;
-        unsigned long l,Time=(unsigned long)time(NULL);
-        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        long num1;
-        int ret= -1;
-        int new_state,state,skip=0;
-
-        RAND_add(&Time,sizeof(Time),0);
-        ERR_clear_error();
-        clear_sys_error();
-
-        if (s->info_callback != NULL)
-                cb=s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-                cb=s->ctx->info_callback;
-
-        /* init things to blank */
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
-        if (s->cert == NULL)
-                {
-                SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-                return(-1);
-                }
-
-        for (;;)
-                {
-                state=s->state;
-
-                switch (s->state)
-                        {
-                case SSL_ST_RENEGOTIATE:
-                        s->new_session=1;
-                        /* s->state=SSL_ST_ACCEPT; */
-
-                case SSL_ST_BEFORE:
-                case SSL_ST_ACCEPT:
-                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-                case SSL_ST_OK|SSL_ST_ACCEPT:
-
-                        s->server=1;
-                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-                        if ((s->version>>8) != 3)
-                                {
-                                SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-                                return -1;
-                                }
-                        s->type=SSL_ST_ACCEPT;
-
-                        if (s->init_buf == NULL)
-                                {
-                                if ((buf=BUF_MEM_new()) == NULL)
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-                                        {
-                                        ret= -1;
-                                        goto end;
-                                        }
-                                s->init_buf=buf;
-                                }
-
-                        if (!ssl3_setup_buffers(s))
-                                {
-                                ret= -1;
-                                goto end;
-                                }
-
-                        s->init_num=0;
-
-                        if (s->state != SSL_ST_RENEGOTIATE)
-                                {
-                                /* Ok, we now need to push on a buffering BIO so that
-                                 * the output is sent in a way that TCP likes :-)
-                                 */
-                                if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-                                
-                                ssl3_init_finished_mac(s);
-                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
-                                s->ctx->stats.sess_accept++;
-                                }
-                        else
-                                {
-                                /* s->state == SSL_ST_RENEGOTIATE,
-                                 * we will just send a HelloRequest */
-                                s->ctx->stats.sess_accept_renegotiate++;
-                                s->state=SSL3_ST_SW_HELLO_REQ_A;
-                                }
-                        break;
-
-                case SSL3_ST_SW_HELLO_REQ_A:
-                case SSL3_ST_SW_HELLO_REQ_B:
-
-                        s->shutdown=0;
-                        ret=ssl3_send_hello_request(s);
-                        if (ret <= 0) goto end;
-                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
-                        s->state=SSL3_ST_SW_FLUSH;
-                        s->init_num=0;
-
-                        ssl3_init_finished_mac(s);
-                        break;
-
-                case SSL3_ST_SW_HELLO_REQ_C:
-                        s->state=SSL_ST_OK;
-                        break;
-
-                case SSL3_ST_SR_CLNT_HELLO_A:
-                case SSL3_ST_SR_CLNT_HELLO_B:
-                case SSL3_ST_SR_CLNT_HELLO_C:
-
-                        s->shutdown=0;
-                        ret=ssl3_get_client_hello(s);
-                        if (ret <= 0) goto end;
-                        s->new_session = 2;
-                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SW_SRVR_HELLO_A:
-                case SSL3_ST_SW_SRVR_HELLO_B:
-                        ret=ssl3_send_server_hello(s);
-                        if (ret <= 0) goto end;
-
-                        if (s->hit)
-                                s->state=SSL3_ST_SW_CHANGE_A;
-                        else
-                                s->state=SSL3_ST_SW_CERT_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SW_CERT_A:
-                case SSL3_ST_SW_CERT_B:
-                        /* Check if it is anon DH */
-                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
-                                {
-                                ret=ssl3_send_server_certificate(s);
-                                if (ret <= 0) goto end;
-                                }
-                        else
-                                skip=1;
-                        s->state=SSL3_ST_SW_KEY_EXCH_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SW_KEY_EXCH_A:
-                case SSL3_ST_SW_KEY_EXCH_B:
-                        l=s->s3->tmp.new_cipher->algorithms;
-
-                        /* clear this, it may get reset by
-                         * send_server_key_exchange */
-                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
-                                && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
-                                )
-                                /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
-                                 * even when forbidden by protocol specs
-                                 * (handshake may fail as clients are not required to
-                                 * be able to handle this) */
-                                s->s3->tmp.use_rsa_tmp=1;
-                        else
-                                s->s3->tmp.use_rsa_tmp=0;
-
-                        /* only send if a DH key exchange, fortezza or
-                         * RSA but we have a sign only certificate */
-                        if (s->s3->tmp.use_rsa_tmp
-                            || (l & (SSL_DH|SSL_kFZA))
-                            || ((l & SSL_kRSA)
-                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                                        )
-                                    )
-                                )
-                            )
-                                {
-                                ret=ssl3_send_server_key_exchange(s);
-                                if (ret <= 0) goto end;
-                                }
-                        else
-                                skip=1;
-
-                        s->state=SSL3_ST_SW_CERT_REQ_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SW_CERT_REQ_A:
-                case SSL3_ST_SW_CERT_REQ_B:
-                        if (/* don't request cert unless asked for it: */
-                                !(s->verify_mode & SSL_VERIFY_PEER) ||
-                                /* if SSL_VERIFY_CLIENT_ONCE is set,
-                                 * don't request cert during re-negotiation: */
-                                ((s->session->peer != NULL) &&
-                                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                                /* never request cert in anonymous ciphersuites
-                                 * (see section "Certificate request" in SSL 3 drafts
-                                 * and in RFC 2246): */
-                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
-                                 /* ... except when the application insists on verification
-                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                                 /* never request cert in Kerberos ciphersuites */
-                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
-                                {
-                                /* no cert request */
-                                skip=1;
-                                s->s3->tmp.cert_request=0;
-                                s->state=SSL3_ST_SW_SRVR_DONE_A;
-                                }
-                        else
-                                {
-                                s->s3->tmp.cert_request=1;
-                                ret=ssl3_send_certificate_request(s);
-                                if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
-                                s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
-                                s->state=SSL3_ST_SW_FLUSH;
-                                s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
-                                s->init_num=0;
-                                }
-                        break;
-
-                case SSL3_ST_SW_SRVR_DONE_A:
-                case SSL3_ST_SW_SRVR_DONE_B:
-                        ret=ssl3_send_server_done(s);
-                        if (ret <= 0) goto end;
-                        s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-                        s->state=SSL3_ST_SW_FLUSH;
-                        s->init_num=0;
-                        break;
-                
-                case SSL3_ST_SW_FLUSH:
-                        /* number of bytes to be flushed */
-                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                        if (num1 > 0)
-                                {
-                                s->rwstate=SSL_WRITING;
-                                num1=BIO_flush(s->wbio);
-                                if (num1 <= 0) { ret= -1; goto end; }
-                                s->rwstate=SSL_NOTHING;
-                                }
-
-                        s->state=s->s3->tmp.next_state;
-                        break;
-
-                case SSL3_ST_SR_CERT_A:
-                case SSL3_ST_SR_CERT_B:
-                        /* Check for second client hello (MS SGC) */
-                        ret = ssl3_check_client_hello(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (ret == 2)
-                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
-                        else {
-                                if (s->s3->tmp.cert_request)
-                                        {
-                                        ret=ssl3_get_client_certificate(s);
-                                        if (ret <= 0) goto end;
-                                        }
-                                s->init_num=0;
-                                s->state=SSL3_ST_SR_KEY_EXCH_A;
-                        }
-                        break;
-
-                case SSL3_ST_SR_KEY_EXCH_A:
-                case SSL3_ST_SR_KEY_EXCH_B:
-                        ret=ssl3_get_client_key_exchange(s);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_SR_CERT_VRFY_A;
-                        s->init_num=0;
-
-                        /* We need to get hashes here so if there is
-                         * a client cert, it can be verified */ 
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst1),
-                                &(s->s3->tmp.cert_verify_md[0]));
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst2),
-                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
-
-                        break;
-
-                case SSL3_ST_SR_CERT_VRFY_A:
-                case SSL3_ST_SR_CERT_VRFY_B:
-
-                        /* we should decide if we expected this one */
-                        ret=ssl3_get_cert_verify(s);
-                        if (ret <= 0) goto end;
-
-                        s->state=SSL3_ST_SR_FINISHED_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SR_FINISHED_A:
-                case SSL3_ST_SR_FINISHED_B:
-                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
-                                SSL3_ST_SR_FINISHED_B);
-                        if (ret <= 0) goto end;
-                        if (s->hit)
-                                s->state=SSL_ST_OK;
-                        else
-                                s->state=SSL3_ST_SW_CHANGE_A;
-                        s->init_num=0;
-                        break;
-
-                case SSL3_ST_SW_CHANGE_A:
-                case SSL3_ST_SW_CHANGE_B:
-
-                        s->session->cipher=s->s3->tmp.new_cipher;
-                        if (!s->method->ssl3_enc->setup_key_block(s))
-                                { ret= -1; goto end; }
-
-                        ret=ssl3_send_change_cipher_spec(s,
-                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_SW_FINISHED_A;
-                        s->init_num=0;
-
-                        if (!s->method->ssl3_enc->change_cipher_state(s,
-                                SSL3_CHANGE_CIPHER_SERVER_WRITE))
-                                {
-                                ret= -1;
-                                goto end;
-                                }
-
-                        break;
-
-                case SSL3_ST_SW_FINISHED_A:
-                case SSL3_ST_SW_FINISHED_B:
-                        ret=ssl3_send_finished(s,
-                                SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-                                s->method->ssl3_enc->server_finished_label,
-                                s->method->ssl3_enc->server_finished_label_len);
-                        if (ret <= 0) goto end;
-                        s->state=SSL3_ST_SW_FLUSH;
-                        if (s->hit)
-                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-                        else
-                                s->s3->tmp.next_state=SSL_ST_OK;
-                        s->init_num=0;
-                        break;
-
-                case SSL_ST_OK:
-                        /* clean a few things up */
-                        ssl3_cleanup_key_block(s);
-
-                        BUF_MEM_free(s->init_buf);
-                        s->init_buf=NULL;
-
-                        /* remove buffering on output */
-                        ssl_free_wbio_buffer(s);
-
-                        s->init_num=0;
-
-                        if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
-                                {
-                                /* actually not necessarily a 'new' session unless
-                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-                                
-                                s->new_session=0;
-                                
-                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-                                
-                                s->ctx->stats.sess_accept_good++;
-                                /* s->server=1; */
-                                s->handshake_func=ssl3_accept;
-
-                                if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-                                }
-                        
-                        ret = 1;
-                        goto end;
-                        /* break; */
-
-                default:
-                        SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
-                        ret= -1;
-                        goto end;
-                        /* break; */
-                        }
-                
-                if (!s->s3->tmp.reuse_message && !skip)
-                        {
-                        if (s->debug)
-                                {
-                                if ((ret=BIO_flush(s->wbio)) <= 0)
-                                        goto end;
-                                }
-
-
-                        if ((cb != NULL) && (s->state != state))
-                                {
-                                new_state=s->state;
-                                s->state=state;
-                                cb(s,SSL_CB_ACCEPT_LOOP,1);
-                                s->state=new_state;
-                                }
-                        }
-                skip=0;
-                }
-end:
-        /* BIO_flush(s->wbio); */
-
-        s->in_handshake--;
-        if (cb != NULL)
-                cb(s,SSL_CB_ACCEPT_EXIT,ret);
-        return(ret);
-        }
-
-static int ssl3_send_hello_request(SSL *s)
-        {
-        unsigned char *p;
-
-        if (s->state == SSL3_ST_SW_HELLO_REQ_A)
-                {
-                p=(unsigned char *)s->init_buf->data;
-                *(p++)=SSL3_MT_HELLO_REQUEST;
-                *(p++)=0;
-                *(p++)=0;
-                *(p++)=0;
-
-                s->state=SSL3_ST_SW_HELLO_REQ_B;
-                /* number of bytes to write */
-                s->init_num=4;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_SW_HELLO_REQ_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
-
-static int ssl3_check_client_hello(SSL *s)
-        {
-        int ok;
-        long n;
-
-        /* this function is called when we really expect a Certificate message,
-         * so permit appropriate message length */
-        n=ssl3_get_message(s,
-                SSL3_ST_SR_CERT_A,
-                SSL3_ST_SR_CERT_B,
-                -1,
-                s->max_cert_list,
-                &ok);
-        if (!ok) return((int)n);
-        s->s3->tmp.reuse_message = 1;
-        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
-                {
-                /* Throw away what we have done so far in the current handshake,
-                 * which will now be aborted. (A full SSL_clear would be too much.)
-                 * I hope that tmp.dh is the only thing that may need to be cleared
-                 * when a handshake is not completed ... */
-#ifndef OPENSSL_NO_DH
-                if (s->s3->tmp.dh != NULL)
-                        {
-                        DH_free(s->s3->tmp.dh);
-                        s->s3->tmp.dh = NULL;
-                        }
-#endif
-                return 2;
-                }
-        return 1;
-}
-
-static int ssl3_get_client_hello(SSL *s)
-        {
-        int i,j,ok,al,ret= -1;
-        long n;
-        unsigned long id;
-        unsigned char *p,*d,*q;
-        SSL_CIPHER *c;
-        SSL_COMP *comp=NULL;
-        STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
-        /* We do this so that we will respond with our native type.
-         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
-         * This down switching should be handled by a different method.
-         * If we are SSLv3, we will respond with SSLv3, even if prompted with
-         * TLSv1.
-         */
-        if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
-                {
-                s->first_packet=1;
-                s->state=SSL3_ST_SR_CLNT_HELLO_B;
-                }
-        n=ssl3_get_message(s,
-                SSL3_ST_SR_CLNT_HELLO_B,
-                SSL3_ST_SR_CLNT_HELLO_C,
-                SSL3_MT_CLIENT_HELLO,
-                SSL3_RT_MAX_PLAIN_LENGTH,
-                &ok);
-
-        if (!ok) return((int)n);
-        d=p=(unsigned char *)s->init_msg;
-
-        /* use version from inside client hello, not from record header
-         * (may differ: see RFC 2246, Appendix E, second paragraph) */
-        s->client_version=(((int)p[0])<<8)|(int)p[1];
-        p+=2;
-
-        if (s->client_version < s->version)
-                {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-                if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
-                        {
-                        /* similar to ssl3_get_record, send alert using remote version number */
-                        s->version = s->client_version;
-                        }
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto f_err;
-                }
-
-        /* load the client random */
-        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-
-        /* get the session-id */
-        j= *(p++);
-
-        s->hit=0;
-        /* Versions before 0.9.7 always allow session reuse during renegotiation
-         * (i.e. when s->new_session is true), option
-         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
-         * Maybe this optional behaviour should always have been the default,
-         * but we cannot safely change the default behaviour (or new applications
-         * might be written that become totally unsecure when compiled with
-         * an earlier library version)
-         */
-        if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
-                {
-                if (!ssl_get_new_session(s,1))
-                        goto err;
-                }
-        else
-                {
-                i=ssl_get_prev_session(s,p,j);
-                if (i == 1)
-                        { /* previous session */
-                        s->hit=1;
-                        }
-                else if (i == -1)
-                        goto err;
-                else /* i == 0 */
-                        {
-                        if (!ssl_get_new_session(s,1))
-                                goto err;
-                        }
-                }
-
-        p+=j;
-        n2s(p,i);
-        if ((i == 0) && (j != 0))
-                {
-                /* we need a cipher if we are not resuming a session */
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
-                goto f_err;
-                }
-        if ((p+i) >= (d+n))
-                {
-                /* not enough data */
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-                goto f_err;
-                }
-        if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
-                == NULL))
-                {
-                goto err;
-                }
-        p+=i;
-
-        /* If it is a hit, check that the cipher is in the list */
-        if ((s->hit) && (i > 0))
-                {
-                j=0;
-                id=s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
-                printf("client sent %d ciphers\n",sk_num(ciphers));
-#endif
-                for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
-                        {
-                        c=sk_SSL_CIPHER_value(ciphers,i);
-#ifdef CIPHER_DEBUG
-                        printf("client [%2d of %2d]:%s\n",
-                                i,sk_num(ciphers),SSL_CIPHER_get_name(c));
-#endif
-                        if (c->id == id)
-                                {
-                                j=1;
-                                break;
-                                }
-                        }
-                if (j == 0)
-                        {
-                        if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
-                                {
-                                /* Very bad for multi-threading.... */
-                                s->session->cipher=sk_SSL_CIPHER_value(ciphers,
-                                                                       0);
-                                }
-                        else
-                                {
-                                /* we need to have the cipher in the cipher
-                                 * list if we are asked to reuse it */
-                                al=SSL_AD_ILLEGAL_PARAMETER;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
-                                goto f_err;
-                                }
-                        }
-                }
-
-        /* compression */
-        i= *(p++);
-        if ((p+i) > (d+n))
-                {
-                /* not enough data */
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-                goto f_err;
-                }
-        q=p;
-        for (j=0; j<i; j++)
-                {
-                if (p[j] == 0) break;
-                }
-
-        p+=i;
-        if (j >= i)
-                {
-                /* no compress */
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
-                goto f_err;
-                }
-
-        /* Worst case, we will use the NULL compression, but if we have other
-         * options, we will now look for them.  We have i-1 compression
-         * algorithms from the client, starting at q. */
-        s->s3->tmp.new_compression=NULL;
-        if (s->ctx->comp_methods != NULL)
-                { /* See if we have a match */
-                int m,nn,o,v,done=0;
-
-                nn=sk_SSL_COMP_num(s->ctx->comp_methods);
-                for (m=0; m<nn; m++)
-                        {
-                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
-                        v=comp->id;
-                        for (o=0; o<i; o++)
-                                {
-                                if (v == q[o])
-                                        {
-                                        done=1;
-                                        break;
-                                        }
-                                }
-                        if (done) break;
-                        }
-                if (done)
-                        s->s3->tmp.new_compression=comp;
-                else
-                        comp=NULL;
-                }
-
-        /* TLS does not mind if there is extra stuff */
-#if 0   /* SSL 3.0 does not mind either, so we should disable this test
-         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
-         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
-        if (s->version == SSL3_VERSION)
-                {
-                if (p < (d+n))
-                        {
-                        /* wrong number of bytes,
-                         * there could be more to follow */
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
-                }
-#endif
-
-        /* Given s->session->ciphers and SSL_get_ciphers, we must
-         * pick a cipher */
-
-        if (!s->hit)
-                {
-                s->session->compress_meth=(comp == NULL)?0:comp->id;
-                if (s->session->ciphers != NULL)
-                        sk_SSL_CIPHER_free(s->session->ciphers);
-                s->session->ciphers=ciphers;
-                if (ciphers == NULL)
-                        {
-                        al=SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
-                        goto f_err;
-                        }
-                ciphers=NULL;
-                c=ssl3_choose_cipher(s,s->session->ciphers,
-                                     SSL_get_ciphers(s));
-
-                if (c == NULL)
-                        {
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
-                        goto f_err;
-                        }
-                s->s3->tmp.new_cipher=c;
-                }
-        else
-                {
-                /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-                STACK_OF(SSL_CIPHER) *sk;
-                SSL_CIPHER *nc=NULL;
-                SSL_CIPHER *ec=NULL;
-
-                if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
-                        {
-                        sk=s->session->ciphers;
-                        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-                                {
-                                c=sk_SSL_CIPHER_value(sk,i);
-                                if (c->algorithms & SSL_eNULL)
-                                        nc=c;
-                                if (SSL_C_IS_EXPORT(c))
-                                        ec=c;
-                                }
-                        if (nc != NULL)
-                                s->s3->tmp.new_cipher=nc;
-                        else if (ec != NULL)
-                                s->s3->tmp.new_cipher=ec;
-                        else
-                                s->s3->tmp.new_cipher=s->session->cipher;
-                        }
-                else
-#endif
-                s->s3->tmp.new_cipher=s->session->cipher;
-                }
-        
-        /* we now have the following setup. 
-         * client_random
-         * cipher_list          - our prefered list of ciphers
-         * ciphers              - the clients prefered list of ciphers
-         * compression          - basically ignored right now
-         * ssl version is set   - sslv3
-         * s->session           - The ssl session has been setup.
-         * s->hit               - session reuse flag
-         * s->tmp.new_cipher    - the new cipher to use.
-         */
-
-        ret=1;
-        if (0)
-                {
-f_err:
-                ssl3_send_alert(s,SSL3_AL_FATAL,al);
-                }
-err:
-        if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
-        return(ret);
-        }
-
-static int ssl3_send_server_hello(SSL *s)
-        {
-        unsigned char *buf;
-        unsigned char *p,*d;
-        int i,sl;
-        unsigned long l,Time;
-
-        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
-                {
-                buf=(unsigned char *)s->init_buf->data;
-                p=s->s3->server_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
-                        return -1;
-                /* Do the message type and length last */
-                d=p= &(buf[4]);
-
-                *(p++)=s->version>>8;
-                *(p++)=s->version&0xff;
-
-                /* Random stuff */
-                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-
-                /* now in theory we have 3 options to sending back the
-                 * session id.  If it is a re-use, we send back the
-                 * old session-id, if it is a new session, we send
-                 * back the new session-id or we send back a 0 length
-                 * session-id if we want it to be single use.
-                 * Currently I will not implement the '0' length session-id
-                 * 12-Jan-98 - I'll now support the '0' length stuff.
-                 */
-                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
-                        s->session->session_id_length=0;
-
-                sl=s->session->session_id_length;
-                if (sl > sizeof s->session->session_id)
-                        {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-                        return -1;
-                        }
-                *(p++)=sl;
-                memcpy(p,s->session->session_id,sl);
-                p+=sl;
-
-                /* put the cipher */
-                i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
-                p+=i;
-
-                /* put the compression method */
-                if (s->s3->tmp.new_compression == NULL)
-                        *(p++)=0;
-                else
-                        *(p++)=s->s3->tmp.new_compression->id;
-
-                /* do the header */
-                l=(p-d);
-                d=buf;
-                *(d++)=SSL3_MT_SERVER_HELLO;
-                l2n3(l,d);
-
-                s->state=SSL3_ST_CW_CLNT_HELLO_B;
-                /* number of bytes to write */
-                s->init_num=p-buf;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
-
-static int ssl3_send_server_done(SSL *s)
-        {
-        unsigned char *p;
-
-        if (s->state == SSL3_ST_SW_SRVR_DONE_A)
-                {
-                p=(unsigned char *)s->init_buf->data;
-
-                /* do the header */
-                *(p++)=SSL3_MT_SERVER_DONE;
-                *(p++)=0;
-                *(p++)=0;
-                *(p++)=0;
-
-                s->state=SSL3_ST_SW_SRVR_DONE_B;
-                /* number of bytes to write */
-                s->init_num=4;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
-
-static int ssl3_send_server_key_exchange(SSL *s)
-        {
-#ifndef OPENSSL_NO_RSA
-        unsigned char *q;
-        int j,num;
-        RSA *rsa;
-        unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-        unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-        DH *dh=NULL,*dhp;
-#endif
-        EVP_PKEY *pkey;
-        unsigned char *p,*d;
-        int al,i;
-        unsigned long type;
-        int n;
-        CERT *cert;
-        BIGNUM *r[4];
-        int nr[4],kn;
-        BUF_MEM *buf;
-        EVP_MD_CTX md_ctx;
-
-        EVP_MD_CTX_init(&md_ctx);
-        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
-                {
-                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
-                cert=s->cert;
-
-                buf=s->init_buf;
-
-                r[0]=r[1]=r[2]=r[3]=NULL;
-                n=0;
-#ifndef OPENSSL_NO_RSA
-                if (type & SSL_kRSA)
-                        {
-                        rsa=cert->rsa_tmp;
-                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
-                                {
-                                rsa=s->cert->rsa_tmp_cb(s,
-                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-                                if(rsa == NULL)
-                                {
-                                        al=SSL_AD_HANDSHAKE_FAILURE;
-                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-                                        goto f_err;
-                                }
-                                RSA_up_ref(rsa);
-                                cert->rsa_tmp=rsa;
-                                }
-                        if (rsa == NULL)
-                                {
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
-                                goto f_err;
-                                }
-                        r[0]=rsa->n;
-                        r[1]=rsa->e;
-                        s->s3->tmp.use_rsa_tmp=1;
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DH
-                        if (type & SSL_kEDH)
-                        {
-                        dhp=cert->dh_tmp;
-                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-                                dhp=s->cert->dh_tmp_cb(s,
-                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-                        if (dhp == NULL)
-                                {
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
-                                goto f_err;
-                                }
-
-                        if (s->s3->tmp.dh != NULL)
-                                {
-                                DH_free(dh);
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-
-                        if ((dh=DHparams_dup(dhp)) == NULL)
-                                {
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-                                goto err;
-                                }
-
-                        s->s3->tmp.dh=dh;
-                        if ((dhp->pub_key == NULL ||
-                             dhp->priv_key == NULL ||
-                             (s->options & SSL_OP_SINGLE_DH_USE)))
-                                {
-                                if(!DH_generate_key(dh))
-                                    {
-                                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                           ERR_R_DH_LIB);
-                                    goto err;
-                                    }
-                                }
-                        else
-                                {
-                                dh->pub_key=BN_dup(dhp->pub_key);
-                                dh->priv_key=BN_dup(dhp->priv_key);
-                                if ((dh->pub_key == NULL) ||
-                                        (dh->priv_key == NULL))
-                                        {
-                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-                                        goto err;
-                                        }
-                                }
-                        r[0]=dh->p;
-                        r[1]=dh->g;
-                        r[2]=dh->pub_key;
-                        }
-                else 
-#endif
-                        {
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-                        goto f_err;
-                        }
-                for (i=0; r[i] != NULL; i++)
-                        {
-                        nr[i]=BN_num_bytes(r[i]);
-                        n+=2+nr[i];
-                        }
-
-                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
-                        {
-                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
-                                == NULL)
-                                {
-                                al=SSL_AD_DECODE_ERROR;
-                                goto f_err;
-                                }
-                        kn=EVP_PKEY_size(pkey);
-                        }
-                else
-                        {
-                        pkey=NULL;
-                        kn=0;
-                        }
-
-                if (!BUF_MEM_grow_clean(buf,n+4+kn))
-                        {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
-                        goto err;
-                        }
-                d=(unsigned char *)s->init_buf->data;
-                p= &(d[4]);
-
-                for (i=0; r[i] != NULL; i++)
-                        {
-                        s2n(nr[i],p);
-                        BN_bn2bin(r[i],p);
-                        p+=nr[i];
-                        }
-
-                /* not anonymous */
-                if (pkey != NULL)
-                        {
-                        /* n is the length of the params, they start at &(d[4])
-                         * and p points to the space at the end. */
-#ifndef OPENSSL_NO_RSA
-                        if (pkey->type == EVP_PKEY_RSA)
-                                {
-                                q=md_buf;
-                                j=0;
-                                for (num=2; num > 0; num--)
-                                        {
-                                        EVP_MD_CTX_set_flags(&md_ctx,
-                                                EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
-                                                ?s->ctx->md5:s->ctx->sha1, NULL);
-                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-                                        EVP_DigestFinal_ex(&md_ctx,q,
-                                                (unsigned int *)&i);
-                                        q+=i;
-                                        j+=i;
-                                        }
-                                if (RSA_sign(NID_md5_sha1, md_buf, j,
-                                        &(p[2]), &u, pkey->pkey.rsa) <= 0)
-                                        {
-                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
-                                        goto err;
-                                        }
-                                s2n(u,p);
-                                n+=u+2;
-                                }
-                        else
-#endif
-#if !defined(OPENSSL_NO_DSA)
-                                if (pkey->type == EVP_PKEY_DSA)
-                                {
-                                /* lets do DSS */
-                                EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
-                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
-                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
-                                        (unsigned int *)&i,pkey))
-                                        {
-                                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
-                                        goto err;
-                                        }
-                                s2n(i,p);
-                                n+=i+2;
-                                }
-                        else
-#endif
-                                {
-                                /* Is this error check actually needed? */
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
-                                goto f_err;
-                                }
-                        }
-
-                *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
-                l2n3(n,d);
-
-                /* we should now have things packed up, so lets send
-                 * it off */
-                s->init_num=n+4;
-                s->init_off=0;
-                }
-
-        s->state = SSL3_ST_SW_KEY_EXCH_B;
-        EVP_MD_CTX_cleanup(&md_ctx);
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-        EVP_MD_CTX_cleanup(&md_ctx);
-        return(-1);
-        }
-
-static int ssl3_send_certificate_request(SSL *s)
-        {
-        unsigned char *p,*d;
-        int i,j,nl,off,n;
-        STACK_OF(X509_NAME) *sk=NULL;
-        X509_NAME *name;
-        BUF_MEM *buf;
-
-        if (s->state == SSL3_ST_SW_CERT_REQ_A)
-                {
-                buf=s->init_buf;
-
-                d=p=(unsigned char *)&(buf->data[4]);
-
-                /* get the list of acceptable cert types */
-                p++;
-                n=ssl3_get_req_cert_type(s,p);
-                d[0]=n;
-                p+=n;
-                n++;
-
-                off=n;
-                p+=2;
-                n+=2;
-
-                sk=SSL_get_client_CA_list(s);
-                nl=0;
-                if (sk != NULL)
-                        {
-                        for (i=0; i<sk_X509_NAME_num(sk); i++)
-                                {
-                                name=sk_X509_NAME_value(sk,i);
-                                j=i2d_X509_NAME(name,NULL);
-                                if (!BUF_MEM_grow_clean(buf,4+n+j+2))
-                                        {
-                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
-                                        goto err;
-                                        }
-                                p=(unsigned char *)&(buf->data[4+n]);
-                                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-                                        {
-                                        s2n(j,p);
-                                        i2d_X509_NAME(name,&p);
-                                        n+=2+j;
-                                        nl+=2+j;
-                                        }
-                                else
-                                        {
-                                        d=p;
-                                        i2d_X509_NAME(name,&p);
-                                        j-=2; s2n(j,d); j+=2;
-                                        n+=j;
-                                        nl+=j;
-                                        }
-                                }
-                        }
-                /* else no CA names */
-                p=(unsigned char *)&(buf->data[4+off]);
-                s2n(nl,p);
-
-                d=(unsigned char *)buf->data;
-                *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
-                l2n3(n,d);
-
-                /* we should now have things packed up, so lets send
-                 * it off */
-
-                s->init_num=n+4;
-                s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
-                p=(unsigned char *)s->init_buf->data + s->init_num;
-
-                /* do the header */
-                *(p++)=SSL3_MT_SERVER_DONE;
-                *(p++)=0;
-                *(p++)=0;
-                *(p++)=0;
-                s->init_num += 4;
-#endif
-
-                s->state = SSL3_ST_SW_CERT_REQ_B;
-                }
-
-        /* SSL3_ST_SW_CERT_REQ_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-        return(-1);
-        }
-
-static int ssl3_get_client_key_exchange(SSL *s)
-        {
-        int i,al,ok;
-        long n;
-        unsigned long l;
-        unsigned char *p;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa=NULL;
-        EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-        BIGNUM *pub=NULL;
-        DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
-        n=ssl3_get_message(s,
-                SSL3_ST_SR_KEY_EXCH_A,
-                SSL3_ST_SR_KEY_EXCH_B,
-                SSL3_MT_CLIENT_KEY_EXCHANGE,
-                2048, /* ??? */
-                &ok);
-
-        if (!ok) return((int)n);
-        p=(unsigned char *)s->init_msg;
-
-        l=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_RSA
-        if (l & SSL_kRSA)
-                {
-                /* FIX THIS UP EAY EAY EAY EAY */
-                if (s->s3->tmp.use_rsa_tmp)
-                        {
-                        if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
-                                rsa=s->cert->rsa_tmp;
-                        /* Don't do a callback because rsa_tmp should
-                         * be sent already */
-                        if (rsa == NULL)
-                                {
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
-                                goto f_err;
-
-                                }
-                        }
-                else
-                        {
-                        pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-                        if (    (pkey == NULL) ||
-                                (pkey->type != EVP_PKEY_RSA) ||
-                                (pkey->pkey.rsa == NULL))
-                                {
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
-                                goto f_err;
-                                }
-                        rsa=pkey->pkey.rsa;
-                        }
-
-                /* TLS */
-                if (s->version > SSL3_VERSION)
-                        {
-                        n2s(p,i);
-                        if (n != i+2)
-                                {
-                                if (!(s->options & SSL_OP_TLS_D5_BUG))
-                                        {
-                                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-                                        goto err;
-                                        }
-                                else
-                                        p-=2;
-                                }
-                        else
-                                n=i;
-                        }
-
-                i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-
-                al = -1;
-                
-                if (i != SSL_MAX_MASTER_KEY_LENGTH)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
-                        }
-
-                if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
-                        {
-                        /* The premaster secret must contain the same version number as the
-                         * ClientHello to detect version rollback attacks (strangely, the
-                         * protocol does not offer such protection for DH ciphersuites).
-                         * However, buggy clients exist that send the negotiated protocol
-                         * version instead if the server does not support the requested
-                         * protocol version.
-                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
-                        if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
-                                (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
-                                {
-                                al=SSL_AD_DECODE_ERROR;
-                                /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
-
-                                /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-                                 * (http://eprint.iacr.org/2003/052/) exploits the version
-                                 * number check as a "bad version oracle" -- an alert would
-                                 * reveal that the plaintext corresponding to some ciphertext
-                                 * made up by the adversary is properly formatted except
-                                 * that the version number is wrong.  To avoid such attacks,
-                                 * we should treat this just like any other decryption error. */
-                                }
-                        }
-
-                if (al != -1)
-                        {
-                        /* Some decryption failure -- use random value instead as countermeasure
-                         * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
-                         * (see RFC 2246, section 7.4.7.1). */
-                        ERR_clear_error();
-                        i = SSL_MAX_MASTER_KEY_LENGTH;
-                        p[0] = s->client_version >> 8;
-                        p[1] = s->client_version & 0xff;
-                        if(RAND_pseudo_bytes(p+2, i-2) <= 0)  /* should be RAND_bytes, but we cannot work around a failure */
-                                goto err;
-                        }
-        
-                s->session->master_key_length=
-                        s->method->ssl3_enc->generate_master_secret(s,
-                                s->session->master_key,
-                                p,i);
-                OPENSSL_cleanse(p,i);
-                }
-        else
-#endif
-#ifndef OPENSSL_NO_DH
-                if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                {
-                n2s(p,i);
-                if (n != i+2)
-                        {
-                        if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
-                                {
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                                goto err;
-                                }
-                        else
-                                {
-                                p-=2;
-                                i=(int)n;
-                                }
-                        }
-
-                if (n == 0L) /* the parameters are in the cert */
-                        {
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
-                        goto f_err;
-                        }
-                else
-                        {
-                        if (s->s3->tmp.dh == NULL)
-                                {
-                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
-                                goto f_err;
-                                }
-                        else
-                                dh_srvr=s->s3->tmp.dh;
-                        }
-
-                pub=BN_bin2bn(p,i,NULL);
-                if (pub == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
-                        goto err;
-                        }
-
-                i=DH_compute_key(p,pub,dh_srvr);
-
-                if (i <= 0)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-                        goto err;
-                        }
-
-                DH_free(s->s3->tmp.dh);
-                s->s3->tmp.dh=NULL;
-
-                BN_clear_free(pub);
-                pub=NULL;
-                s->session->master_key_length=
-                        s->method->ssl3_enc->generate_master_secret(s,
-                                s->session->master_key,p,i);
-                OPENSSL_cleanse(p,i);
-                }
-        else
-#endif
-#ifndef OPENSSL_NO_KRB5
-        if (l & SSL_kKRB5)
-                {
-                krb5_error_code         krb5rc;
-                krb5_data               enc_ticket;
-                krb5_data               authenticator;
-                krb5_data               enc_pms;
-                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
-                EVP_CIPHER_CTX          ciph_ctx;
-                EVP_CIPHER              *enc = NULL;
-                unsigned char           iv[EVP_MAX_IV_LENGTH];
-                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
-                                               + EVP_MAX_BLOCK_LENGTH];
-                int                     padl, outl;
-                krb5_timestamp          authtime = 0;
-                krb5_ticket_times       ttimes;
-
-                EVP_CIPHER_CTX_init(&ciph_ctx);
-
-                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
-
-                n2s(p,i);
-                enc_ticket.length = i;
-
-                if (n < (long)enc_ticket.length + 6)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-
-                enc_ticket.data = (char *)p;
-                p+=enc_ticket.length;
-
-                n2s(p,i);
-                authenticator.length = i;
-
-                if (n < (long)(enc_ticket.length + authenticator.length + 6))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-
-                authenticator.data = (char *)p;
-                p+=authenticator.length;
-
-                n2s(p,i);
-                enc_pms.length = i;
-                enc_pms.data = (char *)p;
-                p+=enc_pms.length;
-
-                /* Note that the length is checked again below,
-                ** after decryption
-                */
-                if(enc_pms.length > sizeof pms)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                               SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-
-                if (n != (long)(enc_ticket.length + authenticator.length +
-                                                enc_pms.length + 6))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-
-                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-                                        &kssl_err)) != 0)
-                        {
-#ifdef KSSL_DEBUG
-                        printf("kssl_sget_tkt rtn %d [%d]\n",
-                                krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                kssl_err.reason);
-                        goto err;
-                        }
-
-                /*  Note: no authenticator is not considered an error,
-                **  but will return authtime == 0.
-                */
-                if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-                                        &authtime, &kssl_err)) != 0)
-                        {
-#ifdef KSSL_DEBUG
-                        printf("kssl_check_authent rtn %d [%d]\n",
-                                krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                kssl_err.reason);
-                        goto err;
-                        }
-
-                if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
-                        {
-                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
-                        goto err;
-                        }
-
-#ifdef KSSL_DEBUG
-                kssl_ctx_show(kssl_ctx);
-#endif  /* KSSL_DEBUG */
-
-                enc = kssl_map_enc(kssl_ctx->enctype);
-                if (enc == NULL)
-                    goto err;
-
-                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
-
-                if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                        }
-                if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
-                                        (unsigned char *)enc_pms.data, enc_pms.length))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                        }
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-                if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                        }
-                outl += padl;
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                        }
-                EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-                s->session->master_key_length=
-                        s->method->ssl3_enc->generate_master_secret(s,
-                                s->session->master_key, pms, outl);
-
-                if (kssl_ctx->client_princ)
-                        {
-                        int len = strlen(kssl_ctx->client_princ);
-                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
-                                {
-                                s->session->krb5_client_princ_len = len;
-                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
-                                }
-                        }
-
-
-                /*  Was doing kssl_ctx_free() here,
-                **  but it caused problems for apache.
-                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
-                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
-                */
-                }
-        else
-#endif  /* OPENSSL_NO_KRB5 */
-                {
-                al=SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                SSL_R_UNKNOWN_CIPHER_TYPE);
-                goto f_err;
-                }
-
-        return(1);
-f_err:
-        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
-err:
-#endif
-        return(-1);
-        }
-
-static int ssl3_get_cert_verify(SSL *s)
-        {
-        EVP_PKEY *pkey=NULL;
-        unsigned char *p;
-        int al,ok,ret=0;
-        long n;
-        int type=0,i,j;
-        X509 *peer;
-
-        n=ssl3_get_message(s,
-                SSL3_ST_SR_CERT_VRFY_A,
-                SSL3_ST_SR_CERT_VRFY_B,
-                -1,
-                514, /* 514? */
-                &ok);
-
-        if (!ok) return((int)n);
-
-        if (s->session->peer != NULL)
-                {
-                peer=s->session->peer;
-                pkey=X509_get_pubkey(peer);
-                type=X509_certificate_type(peer,pkey);
-                }
-        else
-                {
-                peer=NULL;
-                pkey=NULL;
-                }
-
-        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
-                {
-                s->s3->tmp.reuse_message=1;
-                if ((peer != NULL) && (type | EVP_PKT_SIGN))
-                        {
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
-                        goto f_err;
-                        }
-                ret=1;
-                goto end;
-                }
-
-        if (peer == NULL)
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                goto f_err;
-                }
-
-        if (!(type & EVP_PKT_SIGN))
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-                al=SSL_AD_ILLEGAL_PARAMETER;
-                goto f_err;
-                }
-
-        if (s->s3->change_cipher_spec)
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                goto f_err;
-                }
-
-        /* we now have a signature that we need to verify */
-        p=(unsigned char *)s->init_msg;
-        n2s(p,i);
-        n-=2;
-        if (i > n)
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
-                al=SSL_AD_DECODE_ERROR;
-                goto f_err;
-                }
-
-        j=EVP_PKEY_size(pkey);
-        if ((i > j) || (n > j) || (n <= 0))
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
-                al=SSL_AD_DECODE_ERROR;
-                goto f_err;
-                }
-
-#ifndef OPENSSL_NO_RSA 
-        if (pkey->type == EVP_PKEY_RSA)
-                {
-                i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
-                        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
-                                                        pkey->pkey.rsa);
-                if (i < 0)
-                        {
-                        al=SSL_AD_DECRYPT_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
-                        goto f_err;
-                        }
-                if (i == 0)
-                        {
-                        al=SSL_AD_DECRYPT_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
-                        goto f_err;
-                        }
-                }
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                j=DSA_verify(pkey->save_type,
-                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
-                if (j <= 0)
-                        {
-                        /* bad signature */
-                        al=SSL_AD_DECRYPT_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
-                        goto f_err;
-                        }
-                }
-        else
-#endif
-                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
-                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
-                goto f_err;
-                }
-
-
-        ret=1;
-        if (0)
-                {
-f_err:
-                ssl3_send_alert(s,SSL3_AL_FATAL,al);
-                }
-end:
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-
-static int ssl3_get_client_certificate(SSL *s)
-        {
-        int i,ok,al,ret= -1;
-        X509 *x=NULL;
-        unsigned long l,nc,llen,n;
-        unsigned char *p,*d,*q;
-        STACK_OF(X509) *sk=NULL;
-
-        n=ssl3_get_message(s,
-                SSL3_ST_SR_CERT_A,
-                SSL3_ST_SR_CERT_B,
-                -1,
-                s->max_cert_list,
-                &ok);
-
-        if (!ok) return((int)n);
-
-        if      (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
-                {
-                if (    (s->verify_mode & SSL_VERIFY_PEER) &&
-                        (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        goto f_err;
-                        }
-                /* If tls asked for a client cert, the client must return a 0 list */
-                if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
-                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                        goto f_err;
-                        }
-                s->s3->tmp.reuse_message=1;
-                return(1);
-                }
-
-        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
-                {
-                al=SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
-                goto f_err;
-                }
-        d=p=(unsigned char *)s->init_msg;
-
-        if ((sk=sk_X509_new_null()) == NULL)
-                {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-
-        n2l3(p,llen);
-        if (llen+3 != n)
-                {
-                al=SSL_AD_DECODE_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
-                goto f_err;
-                }
-        for (nc=0; nc<llen; )
-                {
-                n2l3(p,l);
-                if ((l+nc+3) > llen)
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
-
-                q=p;
-                x=d2i_X509(NULL,&p,l);
-                if (x == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                if (p != (q+l))
-                        {
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
-                if (!sk_X509_push(sk,x))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                x=NULL;
-                nc+=l+3;
-                }
-
-        if (sk_X509_num(sk) <= 0)
-                {
-                /* TLS does not mind 0 certs returned */
-                if (s->version == SSL3_VERSION)
-                        {
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
-                        goto f_err;
-                        }
-                /* Fail for TLS only if we required a certificate */
-                else if ((s->verify_mode & SSL_VERIFY_PEER) &&
-                         (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                        al=SSL_AD_HANDSHAKE_FAILURE;
-                        goto f_err;
-                        }
-                }
-        else
-                {
-                i=ssl_verify_cert_chain(s,sk);
-                if (!i)
-                        {
-                        al=ssl_verify_alarm_type(s->verify_result);
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
-                        goto f_err;
-                        }
-                }
-
-        if (s->session->peer != NULL) /* This should not be needed */
-                X509_free(s->session->peer);
-        s->session->peer=sk_X509_shift(sk);
-        s->session->verify_result = s->verify_result;
-
-        /* With the current implementation, sess_cert will always be NULL
-         * when we arrive here. */
-        if (s->session->sess_cert == NULL)
-                {
-                s->session->sess_cert = ssl_sess_cert_new();
-                if (s->session->sess_cert == NULL)
-                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        if (s->session->sess_cert->cert_chain != NULL)
-                sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-        s->session->sess_cert->cert_chain=sk;
-        /* Inconsistency alert: cert_chain does *not* include the
-         * peer's own certificate, while we do include it in s3_clnt.c */
-
-        sk=NULL;
-
-        ret=1;
-        if (0)
-                {
-f_err:
-                ssl3_send_alert(s,SSL3_AL_FATAL,al);
-                }
-err:
-        if (x != NULL) X509_free(x);
-        if (sk != NULL) sk_X509_pop_free(sk,X509_free);
-        return(ret);
-        }
-
-int ssl3_send_server_certificate(SSL *s)
-        {
-        unsigned long l;
-        X509 *x;
-
-        if (s->state == SSL3_ST_SW_CERT_A)
-                {
-                x=ssl_get_server_send_cert(s);
-                if (x == NULL &&
-                        /* VRS: allow null cert if auth == KRB5 */
-                        (s->s3->tmp.new_cipher->algorithms
-                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                        != (SSL_aKRB5|SSL_kKRB5))
-                        {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
-                        return(0);
-                        }
-
-                l=ssl3_output_cert_chain(s,x);
-                s->state=SSL3_ST_SW_CERT_B;
-                s->init_num=(int)l;
-                s->init_off=0;
-                }
-
-        /* SSL3_ST_SW_CERT_B */
-        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-        }
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index f461c53390..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=11
-minor=0
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 99e188086b..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,1853 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL_H 
-#define HEADER_SSL_H 
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/kssl.h>
-#include <openssl/safestack.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5                  
-#define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5               
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5    
-#define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5           
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5    
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5          
-#define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5            
-#define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA            
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5    
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA    
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH           32
-#define SSL_MAX_SID_CTX_LENGTH                  32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
-#define SSL_MAX_KEY_ARG_LENGTH                  8
-#define SSL_MAX_MASTER_KEY_LENGTH               48
-
-/* These are used to specify which ciphers to use and not to use */
-#define SSL_TXT_LOW             "LOW"
-#define SSL_TXT_MEDIUM          "MEDIUM"
-#define SSL_TXT_HIGH            "HIGH"
-#define SSL_TXT_FIPS            "FIPS"
-#define SSL_TXT_kFZA            "kFZA"
-#define SSL_TXT_aFZA            "aFZA"
-#define SSL_TXT_eFZA            "eFZA"
-#define SSL_TXT_FZA             "FZA"
-
-#define SSL_TXT_aNULL           "aNULL"
-#define SSL_TXT_eNULL           "eNULL"
-#define SSL_TXT_NULL            "NULL"
-
-#define SSL_TXT_kKRB5           "kKRB5"
-#define SSL_TXT_aKRB5           "aKRB5"
-#define SSL_TXT_KRB5            "KRB5"
-
-#define SSL_TXT_kRSA            "kRSA"
-#define SSL_TXT_kDHr            "kDHr"
-#define SSL_TXT_kDHd            "kDHd"
-#define SSL_TXT_kEDH            "kEDH"
-#define SSL_TXT_aRSA            "aRSA"
-#define SSL_TXT_aDSS            "aDSS"
-#define SSL_TXT_aDH             "aDH"
-#define SSL_TXT_DSS             "DSS"
-#define SSL_TXT_DH              "DH"
-#define SSL_TXT_EDH             "EDH"
-#define SSL_TXT_ADH             "ADH"
-#define SSL_TXT_RSA             "RSA"
-#define SSL_TXT_DES             "DES"
-#define SSL_TXT_3DES            "3DES"
-#define SSL_TXT_RC4             "RC4"
-#define SSL_TXT_RC2             "RC2"
-#define SSL_TXT_IDEA            "IDEA"
-#define SSL_TXT_AES             "AES"
-#define SSL_TXT_MD5             "MD5"
-#define SSL_TXT_SHA1            "SHA1"
-#define SSL_TXT_SHA             "SHA"
-#define SSL_TXT_EXP             "EXP"
-#define SSL_TXT_EXPORT          "EXPORT"
-#define SSL_TXT_EXP40           "EXPORT40"
-#define SSL_TXT_EXP56           "EXPORT56"
-#define SSL_TXT_SSLV2           "SSLv2"
-#define SSL_TXT_SSLV3           "SSLv3"
-#define SSL_TXT_TLSV1           "TLSv1"
-#define SSL_TXT_ALL             "ALL"
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN       1
-#define SSL_RECEIVED_SHUTDOWN   2
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#define OPENSSL_NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-
-/* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
-        {
-        int valid;
-        const char *name;               /* text name */
-        unsigned long id;               /* id, 4 bytes, first is version */
-        unsigned long algorithms;       /* what ciphers are used */
-        unsigned long algo_strength;    /* strength and export flags */
-        unsigned long algorithm2;       /* Extra flags */
-        int strength_bits;              /* Number of bits really used */
-        int alg_bits;                   /* Number of bits for algorithm */
-        unsigned long mask;             /* used for matching */
-        unsigned long mask_strength;    /* also used for matching */
-        } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
-        {
-        int version;
-        int (*ssl_new)(SSL *s);
-        void (*ssl_clear)(SSL *s);
-        void (*ssl_free)(SSL *s);
-        int (*ssl_accept)(SSL *s);
-        int (*ssl_connect)(SSL *s);
-        int (*ssl_read)(SSL *s,void *buf,int len);
-        int (*ssl_peek)(SSL *s,void *buf,int len);
-        int (*ssl_write)(SSL *s,const void *buf,int len);
-        int (*ssl_shutdown)(SSL *s);
-        int (*ssl_renegotiate)(SSL *s);
-        int (*ssl_renegotiate_check)(SSL *s);
-        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
-        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-        SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
-        int (*ssl_pending)(const SSL *s);
-        int (*num_ciphers)(void);
-        SSL_CIPHER *(*get_cipher)(unsigned ncipher);
-        struct ssl_method_st *(*get_ssl_method)(int version);
-        long (*get_timeout)(void);
-        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-        int (*ssl_version)();
-        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
-        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
-        } SSL_METHOD;
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *      version                 INTEGER,        -- structure version number
- *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
- *      Session_ID              OCTET_STRING,   -- the Session ID
- *      Master_key              OCTET_STRING,   -- the master key
- *      KRB5_principal          OCTET_STRING    -- optional Kerberos principal
- *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
- *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
- *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
- *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
- *      Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
- *      }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-typedef struct ssl_session_st
-        {
-        int ssl_version;        /* what ssl version session info is
-                                 * being kept in here? */
-
-        /* only really used in SSLv2 */
-        unsigned int key_arg_length;
-        unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
-        int master_key_length;
-        unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-        /* session_id - valid? */
-        unsigned int session_id_length;
-        unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-        /* this is used to determine whether the session is being reused in
-         * the appropriate context. It is up to the application to set this,
-         * via SSL_new */
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-#ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
-
-        int not_resumable;
-
-        /* The cert is the certificate used to establish this connection */
-        struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
-        /* This is the cert for the other end.
-         * On clients, it will be the same as sess_cert->peer_key->x509
-         * (the latter is not enough as sess_cert is not retained
-         * in the external representation of sessions, see ssl_asn1.c). */
-        X509 *peer;
-        /* when app_verify_callback accepts a session where the peer's certificate
-         * is not ok, we must remember the error for session reuse: */
-        long verify_result; /* only for servers */
-
-        int references;
-        long timeout;
-        long time;
-
-        int compress_meth;              /* Need to lookup the method */
-
-        SSL_CIPHER *cipher;
-        unsigned long cipher_id;        /* when ASN.1 loaded, this
-                                         * needs to be used to load
-                                         * the 'cipher' structure */
-
-        STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
-        CRYPTO_EX_DATA ex_data; /* application specific data */
-
-        /* These are used to make removal of session-ids more
-         * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev,*next;
-        } SSL_SESSION;
-
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
-#define SSL_OP_TLS_D5_BUG                               0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
-
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
- * the workaround is not needed.  Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include
- * it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL                                      0x00000FFFL
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE                            0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA                            0x00200000L
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
-
-#define SSL_OP_NO_SSLv2                                 0x01000000L
-#define SSL_OP_NO_SSLv3                                 0x02000000L
-#define SSL_OP_NO_TLSv1                                 0x04000000L
-
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1                            0x08000000L
-#define SSL_OP_PKCS1_CHECK_2                            0x10000000L
-#define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
-
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
-#else
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-#endif
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- *      SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len);
-
-typedef struct ssl_comp_st
-        {
-        int id;
-        char *name;
-#ifndef OPENSSL_NO_COMP
-        COMP_METHOD *method;
-#else
-        char *method;
-#endif
-        } SSL_COMP;
-
-DECLARE_STACK_OF(SSL_COMP)
-
-struct ssl_ctx_st
-        {
-        SSL_METHOD *method;
-
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        /* same as above but sorted for lookup */
-        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-        struct x509_store_st /* X509_STORE */ *cert_store;
-        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
-        /* Most session-ids that will be cached, default is
-         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
-        unsigned long session_cache_size;
-        struct ssl_session_st *session_cache_head;
-        struct ssl_session_st *session_cache_tail;
-
-        /* This can have one of 2 values, ored together,
-         * SSL_SESS_CACHE_CLIENT,
-         * SSL_SESS_CACHE_SERVER,
-         * Default is SSL_SESSION_CACHE_SERVER, which means only
-         * SSL_accept which cache SSL_SESSIONS. */
-        int session_cache_mode;
-
-        /* If timeout is not 0, it is the default timeout value set
-         * when SSL_new() is called.  This has been put in to make
-         * life easier to set things up */
-        long session_timeout;
-
-        /* If this callback is not null, it will be called each
-         * time a session id is added to the cache.  If this function
-         * returns 1, it means that the callback will do a
-         * SSL_SESSION_free() when it has finished using it.  Otherwise,
-         * on 0, it means the callback has finished with it.
-         * If remove_session_cb is not null, it will be called when
-         * a session-id is removed from the cache.  After the call,
-         * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
-        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-                unsigned char *data,int len,int *copy);
-
-        struct
-                {
-                int sess_connect;       /* SSL new conn - started */
-                int sess_connect_renegotiate;/* SSL reneg - requested */
-                int sess_connect_good;  /* SSL new conne/reneg - finished */
-                int sess_accept;        /* SSL new accept - started */
-                int sess_accept_renegotiate;/* SSL reneg - requested */
-                int sess_accept_good;   /* SSL accept/reneg - finished */
-                int sess_miss;          /* session lookup misses  */
-                int sess_timeout;       /* reuse attempt on timeouted session */
-                int sess_cache_full;    /* session removed due to full cache */
-                int sess_hit;           /* session reuse actually done */
-                int sess_cb_hit;        /* session-id that was not
-                                         * in the cache was
-                                         * passed back via the callback.  This
-                                         * indicates that the application is
-                                         * supplying session-id's from other
-                                         * processes - spooky :-) */
-                } stats;
-
-        int references;
-
-        /* if defined, these override the X509_verify_cert() calls */
-        int (*app_verify_callback)(X509_STORE_CTX *, void *);
-        void *app_verify_arg;
-        /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
-         * ('app_verify_callback' was called with just one argument) */
-
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
-
-        /* Default password callback user data. */
-        void *default_passwd_callback_userdata;
-
-        /* get client cert callback */
-        int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-        CRYPTO_EX_DATA ex_data;
-
-        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
-        const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
-        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
-
-        STACK_OF(X509) *extra_certs;
-        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-
-        /* Default values used when no per-SSL value is defined follow */
-
-        void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
-
-        /* what we put in client cert requests */
-        STACK_OF(X509_NAME) *client_CA;
-
-
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
-        unsigned long options;
-        unsigned long mode;
-        long max_cert_list;
-
-        struct cert_st /* CERT */ *cert;
-        int read_ahead;
-
-        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-        void *msg_callback_arg;
-
-        int verify_mode;
-        int verify_depth;
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
-        /* Default generate session ID callback. */
-        GEN_SESSION_CB generate_session_id;
-
-        int purpose;            /* Purpose setting */
-        int trust;              /* Trust setting */
-
-        int quiet_shutdown;
-        };
-
-#define SSL_SESS_CACHE_OFF                      0x0000
-#define SSL_SESS_CACHE_CLIENT                   0x0001
-#define SSL_SESS_CACHE_SERVER                   0x0002
-#define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
-        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
-#define SSL_CTX_sess_get_new_cb(ctx)    ((ctx)->new_session_cb)
-#define SSL_CTX_sess_set_remove_cb(ctx,cb)      ((ctx)->remove_session_cb=(cb))
-#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
-#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
-#define SSL_CTX_sess_get_get_cb(ctx)    ((ctx)->get_session_cb)
-#define SSL_CTX_set_info_callback(ctx,cb)       ((ctx)->info_callback=(cb))
-#define SSL_CTX_get_info_callback(ctx)          ((ctx)->info_callback)
-#define SSL_CTX_set_client_cert_cb(ctx,cb)      ((ctx)->client_cert_cb=(cb))
-#define SSL_CTX_get_client_cert_cb(ctx)         ((ctx)->client_cert_cb)
-
-#define SSL_NOTHING     1
-#define SSL_WRITING     2
-#define SSL_READING     3
-#define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-struct ssl_st
-        {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
-         */
-        int version;
-        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
-        SSL_METHOD *method; /* SSLv3 */
-
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-
-#ifndef OPENSSL_NO_BIO
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-#else
-        char *rbio; /* used by SSL_read */
-        char *wbio; /* used by SSL_write */
-        char *bbio;
-#endif
-        /* This holds a variable that indicates what we were doing
-         * when a 0 or -1 is returned.  This is needed for
-         * non-blocking IO so we know what request needs re-doing when
-         * in SSL_accept or SSL_connect */
-        int rwstate;
-
-        /* true when we are actually in SSL_accept() or SSL_connect() */
-        int in_handshake;
-        int (*handshake_func)();
-
-        /* Imagine that here's a boolean member "init" that is
-         * switched as soon as SSL_set_{accept/connect}_state
-         * is called for the first time, so that "state" and
-         * "handshake_func" are properly initialized.  But as
-         * handshake_func is == 0 until then, we use this
-         * test instead of an "init" member.
-         */
-
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-
-        int new_session;/* 1 if we are to use a new session.
-                         * 2 if we are a server and are inside a handshake
-                         *   (i.e. not just sending a HelloRequest)
-                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-        int quiet_shutdown;/* don't send shutdown packets */
-        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
-                         * for received */
-        int state;      /* where we are */
-        int rstate;     /* where we are when reading */
-
-        BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
-        int init_num;           /* amount read/written */
-        int init_off;           /* amount read/written */
-
-        /* used internally to point at a raw packet */
-        unsigned char *packet;
-        unsigned int packet_length;
-
-        struct ssl2_state_st *s2; /* SSLv2 variables */
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-
-        int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
-
-        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-        void *msg_callback_arg;
-
-        int hit;                /* reusing a previous session */
-
-        int purpose;            /* Purpose setting */
-        int trust;              /* Trust setting */
-
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-        /* These are the ones being used, the ones in SSL_SESSION are
-         * the ones to be 'copied' into these ones */
-
-        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        const EVP_MD *read_hash;                /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-        COMP_CTX *expand;                       /* uncompress */
-#else
-        char *expand;
-#endif
-
-        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        const EVP_MD *write_hash;               /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-        COMP_CTX *compress;                     /* compression */
-#else
-        char *compress; 
-#endif
-
-        /* session info */
-
-        /* client cert? */
-        /* This is used to hold the server certificate used */
-        struct cert_st /* CERT */ *cert;
-
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        unsigned int sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-
-        /* Default generate session ID callback. */
-        GEN_SESSION_CB generate_session_id;
-
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int verify_depth;
-        int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
-        void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
-
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-
-#ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
-#endif  /* OPENSSL_NO_KRB5 */
-
-        SSL_CTX *ctx;
-        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
-         * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;      
-
-        /* extra application data */
-        long verify_result;
-        CRYPTO_EX_DATA ex_data;
-
-        /* for server side, keep the list of CA_dn we can use */
-        STACK_OF(X509_NAME) *client_CA;
-
-        int references;
-        unsigned long options; /* protocol behaviour */
-        unsigned long mode; /* API behaviour */
-        long max_cert_list;
-        int first_packet;
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-        };
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/ssl23.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT                  0x1000
-#define SSL_ST_ACCEPT                   0x2000
-#define SSL_ST_MASK                     0x0FFF
-#define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE                   0x4000
-#define SSL_ST_OK                       0x03
-#define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP                     0x01
-#define SSL_CB_EXIT                     0x02
-#define SSL_CB_READ                     0x04
-#define SSL_CB_WRITE                    0x08
-#define SSL_CB_ALERT                    0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START          0x10
-#define SSL_CB_HANDSHAKE_DONE           0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a)                SSL_state(a)
-#define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER                      0xF0
-#define SSL_ST_READ_BODY                        0xF1
-#define SSL_ST_READ_DONE                        0xF2
-
-/* Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE                 0x00
-#define SSL_VERIFY_PEER                 0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-#define SSL_VERIFY_CLIENT_ONCE          0x04
-
-#define OpenSSL_add_ssl_algorithms()    SSL_library_init()
-#define SSLeay_add_ssl_algorithms()     SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
-                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
-                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a)         SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
-
-#if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
-        (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
-        (bp),(unsigned char **)(s_id))
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
-        bp,(unsigned char *)s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
-#define PEM_write_SSL_SESSION(fp,x) \
-        PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-        PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
-#endif
-
-#define SSL_AD_REASON_OFFSET            1000
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
-#define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
-#define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
-#define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
-#define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
-#define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
-#define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
-
-#define SSL_ERROR_NONE                  0
-#define SSL_ERROR_SSL                   1
-#define SSL_ERROR_WANT_READ             2
-#define SSL_ERROR_WANT_WRITE            3
-#define SSL_ERROR_WANT_X509_LOOKUP      4
-#define SSL_ERROR_SYSCALL               5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN           6
-#define SSL_ERROR_WANT_CONNECT          7
-#define SSL_ERROR_WANT_ACCEPT           8
-
-#define SSL_CTRL_NEED_TMP_RSA                   1
-#define SSL_CTRL_SET_TMP_RSA                    2
-#define SSL_CTRL_SET_TMP_DH                     3
-#define SSL_CTRL_SET_TMP_RSA_CB                 4
-#define SSL_CTRL_SET_TMP_DH_CB                  5
-
-#define SSL_CTRL_GET_SESSION_REUSED             6
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        7
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         8
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       9
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       10
-#define SSL_CTRL_GET_FLAGS                      11
-#define SSL_CTRL_EXTRA_CHAIN_CERT               12
-
-#define SSL_CTRL_SET_MSG_CALLBACK               13
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           14
-
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER                    20
-#define SSL_CTRL_SESS_CONNECT                   21
-#define SSL_CTRL_SESS_CONNECT_GOOD              22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
-#define SSL_CTRL_SESS_ACCEPT                    24
-#define SSL_CTRL_SESS_ACCEPT_GOOD               25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
-#define SSL_CTRL_SESS_HIT                       27
-#define SSL_CTRL_SESS_CB_HIT                    28
-#define SSL_CTRL_SESS_MISSES                    29
-#define SSL_CTRL_SESS_TIMEOUTS                  30
-#define SSL_CTRL_SESS_CACHE_FULL                31
-#define SSL_CTRL_OPTIONS                        32
-#define SSL_CTRL_MODE                           33
-
-#define SSL_CTRL_GET_READ_AHEAD                 40
-#define SSL_CTRL_SET_READ_AHEAD                 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE            42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE            43
-#define SSL_CTRL_SET_SESS_CACHE_MODE            44
-#define SSL_CTRL_GET_SESS_CACHE_MODE            45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST              50
-#define SSL_CTRL_SET_MAX_CERT_LIST              51
-
-#define SSL_session_reused(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-
-#define SSL_need_tmp_RSA(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
-void    SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(const SSL *s);
-int     SSL_clear(SSL *s);
-
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
-char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
-
-int     SSL_get_fd(const SSL *s);
-int     SSL_get_rfd(const SSL *s);
-int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
-char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int     SSL_get_read_ahead(const SSL * s);
-int     SSL_pending(const SSL *s);
-#ifndef OPENSSL_NO_SOCK
-int     SSL_set_fd(SSL *s, int fd);
-int     SSL_set_rfd(SSL *s, int fd);
-int     SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef OPENSSL_NO_BIO
-void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO *   SSL_get_rbio(const SSL *s);
-BIO *   SSL_get_wbio(const SSL *s);
-#endif
-int     SSL_set_cipher_list(SSL *s, const char *str);
-void    SSL_set_read_ahead(SSL *s, int yes);
-int     SSL_get_verify_mode(const SSL *s);
-int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
-void    SSL_set_verify(SSL *s, int mode,
-                       int (*callback)(int ok,X509_STORE_CTX *ctx));
-void    SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
-int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
-int     SSL_use_certificate(SSL *ssl, X509 *x);
-int     SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
-
-#ifndef OPENSSL_NO_STDIO
-int     SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int     SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int     SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int     SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *file);
-#ifndef OPENSSL_SYS_VMS
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                           const char *dir);
-#endif
-#endif
-
-#endif
-
-void    SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long    SSL_SESSION_get_time(const SSL_SESSION *s);
-long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void    SSL_copy_session_id(SSL *to,const SSL *from);
-
-SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
-int     SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
-#ifndef OPENSSL_NO_FP_API
-int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-#endif
-#ifndef OPENSSL_NO_BIO
-int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
-#endif
-void    SSL_SESSION_free(SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int     SSL_set_session(SSL *to, SSL_SESSION *session);
-int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                        unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp,
-                             long length);
-
-#ifdef HEADER_X509_H
-X509 *  SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
-                        int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-        unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-                                       unsigned int sid_ctx_len);
-
-SSL *   SSL_new(SSL_CTX *ctx);
-int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-void    SSL_free(SSL *ssl);
-int     SSL_accept(SSL *ssl);
-int     SSL_connect(SSL *ssl);
-int     SSL_read(SSL *ssl,void *buf,int num);
-int     SSL_peek(SSL *ssl,void *buf,int num);
-int     SSL_write(SSL *ssl,const void *buf,int num);
-long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long    SSL_callback_ctrl(SSL *, int, void (*)());
-long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
-
-int     SSL_get_error(const SSL *s,int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
-
-SSL_METHOD *SSLv2_method(void);         /* SSLv2 */
-SSL_METHOD *SSLv2_server_method(void);  /* SSLv2 */
-SSL_METHOD *SSLv2_client_method(void);  /* SSLv2 */
-
-SSL_METHOD *SSLv3_method(void);         /* SSLv3 */
-SSL_METHOD *SSLv3_server_method(void);  /* SSLv3 */
-SSL_METHOD *SSLv3_client_method(void);  /* SSLv3 */
-
-SSL_METHOD *SSLv23_method(void);        /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
-
-SSL_METHOD *TLSv1_method(void);         /* TLSv1.0 */
-SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
-SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-        const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
-int SSL_state(const SSL *ssl);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-     /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
-#endif
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
-#endif
-
-#ifndef OPENSSL_NO_COMP
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-int SSL_COMP_add_compression_method(int id,char *cm);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE                         100
-#define SSL_F_CLIENT_FINISHED                            238
-#define SSL_F_CLIENT_HELLO                               101
-#define SSL_F_CLIENT_MASTER_KEY                          102
-#define SSL_F_D2I_SSL_SESSION                            103
-#define SSL_F_DO_SSL3_WRITE                              104
-#define SSL_F_GET_CLIENT_FINISHED                        105
-#define SSL_F_GET_CLIENT_HELLO                           106
-#define SSL_F_GET_CLIENT_MASTER_KEY                      107
-#define SSL_F_GET_SERVER_FINISHED                        108
-#define SSL_F_GET_SERVER_HELLO                           109
-#define SSL_F_GET_SERVER_VERIFY                          110
-#define SSL_F_I2D_SSL_SESSION                            111
-#define SSL_F_READ_N                                     112
-#define SSL_F_REQUEST_CERTIFICATE                        113
-#define SSL_F_SERVER_FINISH                              239
-#define SSL_F_SERVER_HELLO                               114
-#define SSL_F_SERVER_VERIFY                              240
-#define SSL_F_SSL23_ACCEPT                               115
-#define SSL_F_SSL23_CLIENT_HELLO                         116
-#define SSL_F_SSL23_CONNECT                              117
-#define SSL_F_SSL23_GET_CLIENT_HELLO                     118
-#define SSL_F_SSL23_GET_SERVER_HELLO                     119
-#define SSL_F_SSL23_PEEK                                 237
-#define SSL_F_SSL23_READ                                 120
-#define SSL_F_SSL23_WRITE                                121
-#define SSL_F_SSL2_ACCEPT                                122
-#define SSL_F_SSL2_CONNECT                               123
-#define SSL_F_SSL2_ENC_INIT                              124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
-#define SSL_F_SSL2_PEEK                                  234
-#define SSL_F_SSL2_READ                                  125
-#define SSL_F_SSL2_READ_INTERNAL                         236
-#define SSL_F_SSL2_SET_CERTIFICATE                       126
-#define SSL_F_SSL2_WRITE                                 127
-#define SSL_F_SSL3_ACCEPT                                128
-#define SSL_F_SSL3_CALLBACK_CTRL                         233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
-#define SSL_F_SSL3_CLIENT_HELLO                          131
-#define SSL_F_SSL3_CONNECT                               132
-#define SSL_F_SSL3_CTRL                                  213
-#define SSL_F_SSL3_CTX_CTRL                              133
-#define SSL_F_SSL3_ENC                                   134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
-#define SSL_F_SSL3_GET_CERT_VERIFY                       136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
-#define SSL_F_SSL3_GET_CLIENT_HELLO                      138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
-#define SSL_F_SSL3_GET_FINISHED                          140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
-#define SSL_F_SSL3_GET_MESSAGE                           142
-#define SSL_F_SSL3_GET_RECORD                            143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
-#define SSL_F_SSL3_GET_SERVER_DONE                       145
-#define SSL_F_SSL3_GET_SERVER_HELLO                      146
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
-#define SSL_F_SSL3_PEEK                                  235
-#define SSL_F_SSL3_READ_BYTES                            148
-#define SSL_F_SSL3_READ_N                                149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
-#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
-#define SSL_F_SSL3_SETUP_BUFFERS                         156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
-#define SSL_F_SSL3_WRITE_BYTES                           158
-#define SSL_F_SSL3_WRITE_PENDING                         159
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
-#define SSL_F_SSL_BAD_METHOD                             160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
-#define SSL_F_SSL_CERT_DUP                               221
-#define SSL_F_SSL_CERT_INST                              222
-#define SSL_F_SSL_CERT_INSTANTIATE                       214
-#define SSL_F_SSL_CERT_NEW                               162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
-#define SSL_F_SSL_CLEAR                                  164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
-#define SSL_F_SSL_CREATE_CIPHER_LIST                     166
-#define SSL_F_SSL_CTRL                                   232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
-#define SSL_F_SSL_CTX_NEW                                169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
-#define SSL_F_SSL_CTX_SET_PURPOSE                        226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
-#define SSL_F_SSL_CTX_SET_TRUST                          229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
-#define SSL_F_SSL_DO_HANDSHAKE                           180
-#define SSL_F_SSL_GET_NEW_SESSION                        181
-#define SSL_F_SSL_GET_PREV_SESSION                       217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
-#define SSL_F_SSL_GET_SIGN_PKEY                          183
-#define SSL_F_SSL_INIT_WBIO_BUFFER                       184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
-#define SSL_F_SSL_NEW                                    186
-#define SSL_F_SSL_READ                                   223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
-#define SSL_F_SSL_SESSION_NEW                            189
-#define SSL_F_SSL_SESSION_PRINT_FP                       190
-#define SSL_F_SSL_SESS_CERT_NEW                          225
-#define SSL_F_SSL_SET_CERT                               191
-#define SSL_F_SSL_SET_CIPHER_LIST                        271
-#define SSL_F_SSL_SET_FD                                 192
-#define SSL_F_SSL_SET_PKEY                               193
-#define SSL_F_SSL_SET_PURPOSE                            227
-#define SSL_F_SSL_SET_RFD                                194
-#define SSL_F_SSL_SET_SESSION                            195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
-#define SSL_F_SSL_SET_TRUST                              228
-#define SSL_F_SSL_SET_WFD                                196
-#define SSL_F_SSL_SHUTDOWN                               224
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
-#define SSL_F_SSL_UNDEFINED_FUNCTION                     197
-#define SSL_F_SSL_USE_CERTIFICATE                        198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
-#define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
-#define SSL_F_SSL_USE_PRIVATEKEY                         201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
-#define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
-#define SSL_F_SSL_WRITE                                  208
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
-#define SSL_F_TLS1_ENC                                   210
-#define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
-#define SSL_F_WRITE_PENDING                              212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE                      100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD                           101
-#define SSL_R_BAD_AUTHENTICATION_TYPE                    102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
-#define SSL_R_BAD_CHECKSUM                               104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
-#define SSL_R_BAD_DECOMPRESSION                          107
-#define SSL_R_BAD_DH_G_LENGTH                            108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
-#define SSL_R_BAD_DH_P_LENGTH                            110
-#define SSL_R_BAD_DIGEST_LENGTH                          111
-#define SSL_R_BAD_DSA_SIGNATURE                          112
-#define SSL_R_BAD_HELLO_REQUEST                          105
-#define SSL_R_BAD_LENGTH                                 271
-#define SSL_R_BAD_MAC_DECODE                             113
-#define SSL_R_BAD_MESSAGE_TYPE                           114
-#define SSL_R_BAD_PACKET_LENGTH                          115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
-#define SSL_R_BAD_RESPONSE_ARGUMENT                      117
-#define SSL_R_BAD_RSA_DECRYPT                            118
-#define SSL_R_BAD_RSA_ENCRYPT                            119
-#define SSL_R_BAD_RSA_E_LENGTH                           120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
-#define SSL_R_BAD_RSA_SIGNATURE                          122
-#define SSL_R_BAD_SIGNATURE                              123
-#define SSL_R_BAD_SSL_FILETYPE                           124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
-#define SSL_R_BAD_STATE                                  126
-#define SSL_R_BAD_WRITE_RETRY                            127
-#define SSL_R_BIO_NOT_SET                                128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
-#define SSL_R_BN_LIB                                     130
-#define SSL_R_CA_DN_LENGTH_MISMATCH                      131
-#define SSL_R_CA_DN_TOO_LONG                             132
-#define SSL_R_CCS_RECEIVED_EARLY                         133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
-#define SSL_R_CERT_LENGTH_MISMATCH                       135
-#define SSL_R_CHALLENGE_IS_DIFFERENT                     136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
-#define SSL_R_COMPRESSION_FAILURE                        141
-#define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET                    144
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
-#define SSL_R_DATA_LENGTH_TOO_LONG                       146
-#define SSL_R_DECRYPTION_FAILED                          147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
-#define SSL_R_DIGEST_CHECK_FAILED                        149
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
-#define SSL_R_HTTPS_PROXY_REQUEST                        155
-#define SSL_R_HTTP_REQUEST                               156
-#define SSL_R_ILLEGAL_PADDING                            283
-#define SSL_R_INVALID_CHALLENGE_LENGTH                   158
-#define SSL_R_INVALID_COMMAND                            280
-#define SSL_R_INVALID_PURPOSE                            278
-#define SSL_R_INVALID_TRUST                              279
-#define SSL_R_KEY_ARG_TOO_LONG                           284
-#define SSL_R_KRB5                                       285
-#define SSL_R_KRB5_C_CC_PRINC                            286
-#define SSL_R_KRB5_C_GET_CRED                            287
-#define SSL_R_KRB5_C_INIT                                288
-#define SSL_R_KRB5_C_MK_REQ                              289
-#define SSL_R_KRB5_S_BAD_TICKET                          290
-#define SSL_R_KRB5_S_INIT                                291
-#define SSL_R_KRB5_S_RD_REQ                              292
-#define SSL_R_KRB5_S_TKT_EXPIRED                         293
-#define SSL_R_KRB5_S_TKT_NYV                             294
-#define SSL_R_KRB5_S_TKT_SKEW                            295
-#define SSL_R_LENGTH_MISMATCH                            159
-#define SSL_R_LENGTH_TOO_SHORT                           160
-#define SSL_R_LIBRARY_BUG                                274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
-#define SSL_R_MESSAGE_TOO_LONG                           296
-#define SSL_R_MISSING_DH_DSA_CERT                        162
-#define SSL_R_MISSING_DH_KEY                             163
-#define SSL_R_MISSING_DH_RSA_CERT                        164
-#define SSL_R_MISSING_DSA_SIGNING_CERT                   165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
-#define SSL_R_MISSING_RSA_CERTIFICATE                    168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
-#define SSL_R_MISSING_RSA_SIGNING_CERT                   170
-#define SSL_R_MISSING_TMP_DH_KEY                         171
-#define SSL_R_MISSING_TMP_RSA_KEY                        172
-#define SSL_R_MISSING_TMP_RSA_PKEY                       173
-#define SSL_R_MISSING_VERIFY_MESSAGE                     174
-#define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
-#define SSL_R_NO_CERTIFICATES_RETURNED                   176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
-#define SSL_R_NO_CERTIFICATE_RETURNED                    178
-#define SSL_R_NO_CERTIFICATE_SET                         179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
-#define SSL_R_NO_CIPHERS_AVAILABLE                       181
-#define SSL_R_NO_CIPHERS_PASSED                          182
-#define SSL_R_NO_CIPHERS_SPECIFIED                       183
-#define SSL_R_NO_CIPHER_LIST                             184
-#define SSL_R_NO_CIPHER_MATCH                            185
-#define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
-#define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-#define SSL_R_NO_METHOD_SPECIFIED                        188
-#define SSL_R_NO_PRIVATEKEY                              189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
-#define SSL_R_NO_PUBLICKEY                               192
-#define SSL_R_NO_SHARED_CIPHER                           193
-#define SSL_R_NO_VERIFY_CALLBACK                         194
-#define SSL_R_NULL_SSL_CTX                               195
-#define SSL_R_NULL_SSL_METHOD_PASSED                     196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
-#define SSL_R_PACKET_LENGTH_TOO_LONG                     198
-#define SSL_R_PATH_TOO_LONG                              270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
-#define SSL_R_PEER_ERROR                                 200
-#define SSL_R_PEER_ERROR_CERTIFICATE                     201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
-#define SSL_R_PEER_ERROR_NO_CIPHER                       203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
-#define SSL_R_PUBLIC_KEY_NOT_RSA                         210
-#define SSL_R_READ_BIO_NOT_SET                           211
-#define SSL_R_READ_WRONG_PACKET_TYPE                     212
-#define SSL_R_RECORD_LENGTH_MISMATCH                     213
-#define SSL_R_RECORD_TOO_LARGE                           214
-#define SSL_R_RECORD_TOO_SMALL                           298
-#define SSL_R_REQUIRED_CIPHER_MISSING                    215
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
-#define SSL_R_SHORT_READ                                 219
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
-#define SSL_R_SSL_HANDSHAKE_FAILURE                      229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
-#define SSL_R_SSL_SESSION_ID_CONFLICT                    302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
-#define SSL_R_UNEXPECTED_MESSAGE                         244
-#define SSL_R_UNEXPECTED_RECORD                          245
-#define SSL_R_UNINITIALIZED                              276
-#define SSL_R_UNKNOWN_ALERT_TYPE                         246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
-#define SSL_R_UNKNOWN_CIPHER_TYPE                        249
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
-#define SSL_R_UNKNOWN_PKEY_TYPE                          251
-#define SSL_R_UNKNOWN_PROTOCOL                           252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
-#define SSL_R_UNKNOWN_SSL_VERSION                        254
-#define SSL_R_UNKNOWN_STATE                              255
-#define SSL_R_UNSUPPORTED_CIPHER                         256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
-#define SSL_R_UNSUPPORTED_PROTOCOL                       258
-#define SSL_R_UNSUPPORTED_SSL_VERSION                    259
-#define SSL_R_WRITE_BIO_NOT_SET                          260
-#define SSL_R_WRONG_CIPHER_RETURNED                      261
-#define SSL_R_WRONG_MESSAGE_TYPE                         262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
-#define SSL_R_WRONG_SIGNATURE_LENGTH                     264
-#define SSL_R_WRONG_SIGNATURE_SIZE                       265
-#define SSL_R_WRONG_SSL_VERSION                          266
-#define SSL_R_WRONG_VERSION_NUMBER                       267
-#define SSL_R_X509_LIB                                   268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 99a52ea0dd..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,268 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H 
-#define HEADER_SSL2_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION            0x0002
-#define SSL2_VERSION_MAJOR      0x00
-#define SSL2_VERSION_MINOR      0x02
-/* #define SSL2_CLIENT_VERSION  0x0002 */
-/* #define SSL2_SERVER_VERSION  0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR                   0
-#define SSL2_MT_CLIENT_HELLO            1
-#define SSL2_MT_CLIENT_MASTER_KEY       2
-#define SSL2_MT_CLIENT_FINISHED         3
-#define SSL2_MT_SERVER_HELLO            4
-#define SSL2_MT_SERVER_VERIFY           5
-#define SSL2_MT_SERVER_FINISHED         6
-#define SSL2_MT_REQUEST_CERTIFICATE     7
-#define SSL2_MT_CLIENT_CERTIFICATE      8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR         0x0000
-#define SSL2_PE_NO_CIPHER               0x0001
-#define SSL2_PE_NO_CERTIFICATE          0x0002
-#define SSL2_PE_BAD_CERTIFICATE         0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5                   0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5                0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5       0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5            0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5   0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5           0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5             0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA             0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
- 
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1        "DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5                  "NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5               "RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5      "EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5           "RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5  "EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5          "IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5            "DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA            "DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5      "DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA      "DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5                "RC4-64-MD5"
-
-#define SSL2_TXT_NULL                           "NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC                      0x01
-#define SSL2_CF_8_BYTE_ENC                      0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE                0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION         0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH          32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-#ifdef OPENSSL_SYS_MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH   16
-/*#define SSL2_CHALLENGE_LENGTH 32 */
-#define SSL2_MIN_CHALLENGE_LENGTH       16
-#define SSL2_MAX_CHALLENGE_LENGTH       32
-#define SSL2_CONNECTION_ID_LENGTH       16
-#define SSL2_MAX_CONNECTION_ID_LENGTH   16
-#define SSL2_SSL_SESSION_ID_LENGTH      16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH  32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH  16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH    24
-
-#ifndef HEADER_SSL_LOCL_H
-#define  CERT           char
-#endif
-
-typedef struct ssl2_state_st
-        {
-        int three_byte_header;
-        int clear_text;         /* clear text */
-        int escape;             /* not used in SSLv2 */
-        int ssl2_rollback;      /* used if SSLv23 rolled back to SSLv2 */
-
-        /* non-blocking io info, used to make sure the same
-         * args were passwd */
-        unsigned int wnum;      /* number of bytes sent so far */
-        int wpend_tot;
-        const unsigned char *wpend_buf;
-
-        int wpend_off;  /* offset to data to write */
-        int wpend_len;  /* number of bytes passwd to write */
-        int wpend_ret;  /* number of bytes to return to caller */
-
-        /* buffer raw data */
-        int rbuf_left;
-        int rbuf_offs;
-        unsigned char *rbuf;
-        unsigned char *wbuf;
-
-        unsigned char *write_ptr;/* used to point to the start due to
-                                  * 2/3 byte header. */
-
-        unsigned int padding;
-        unsigned int rlength; /* passed to ssl2_enc */
-        int ract_data_length; /* Set when things are encrypted. */
-        unsigned int wlength; /* passed to ssl2_enc */
-        int wact_data_length; /* Set when things are decrypted. */
-        unsigned char *ract_data;
-        unsigned char *wact_data;
-        unsigned char *mac_data;
-
-        unsigned char *read_key;
-        unsigned char *write_key;
-
-                /* Stuff specifically to do with this SSL session */
-        unsigned int challenge_length;
-        unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
-        unsigned int conn_id_length;
-        unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
-        unsigned int key_material_length;
-        unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
-        unsigned long read_sequence;
-        unsigned long write_sequence;
-
-        struct  {
-                unsigned int conn_id_length;
-                unsigned int cert_type; 
-                unsigned int cert_length;
-                unsigned int csl; 
-                unsigned int clear;
-                unsigned int enc; 
-                unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
-                unsigned int cipher_spec_length;
-                unsigned int session_id_length;
-                unsigned int clen;
-                unsigned int rlen;
-                } tmp;
-        } SSL2_STATE;
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A             (0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B             (0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A              (0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B              (0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A        (0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B        (0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A          (0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B          (0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A       (0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B       (0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C       (0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D       (0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A             (0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B             (0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A           (0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B           (0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION         (0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE     (0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A              (0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B              (0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C              (0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A             (0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B             (0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A         (0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B         (0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A            (0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B            (0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C            (0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A           (0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B           (0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A          (0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B          (0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A      (0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B      (0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C      (0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D      (0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION         (0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE     (0x90|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H 
-#define HEADER_SSL23_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A        (0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B        (0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A        (0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B        (0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B        (0x211|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 1153aeda74..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,526 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL3_H 
-#define HEADER_SSL3_H 
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define SSL3_CK_RSA_NULL_MD5                    0x03000001
-#define SSL3_CK_RSA_NULL_SHA                    0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
-
-#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-         of the ietf-tls list */
-#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-#endif
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
-
-#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH              32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
-
-#define SSL3_MASTER_SECRET_SIZE                 48
-#define SSL3_RANDOM_SIZE                        32
-#define SSL3_SESSION_ID_SIZE                    32
-#define SSL3_RT_HEADER_LENGTH                   5
-
-/* Due to MS stuffing up, this can change.... */
-#if defined(OPENSSL_SYS_WIN16) || \
-        (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
-#define SSL3_RT_MAX_EXTRA                       (14000)
-#else
-#define SSL3_RT_MAX_EXTRA                       (16384)
-#endif
-
-#define SSL3_RT_MAX_PLAIN_LENGTH                16384
-#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
-
-#define SSL3_VERSION                    0x0300
-#define SSL3_VERSION_MAJOR              0x03
-#define SSL3_VERSION_MINOR              0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC      20
-#define SSL3_RT_ALERT                   21
-#define SSL3_RT_HANDSHAKE               22
-#define SSL3_RT_APPLICATION_DATA        23
-
-#define SSL3_AL_WARNING                 1
-#define SSL3_AL_FATAL                   2
-
-#define SSL3_AD_CLOSE_NOTIFY             0
-#define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
-#define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
-#define SSL3_AD_NO_CERTIFICATE          41
-#define SSL3_AD_BAD_CERTIFICATE         42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-#define SSL3_AD_CERTIFICATE_REVOKED     44
-#define SSL3_AD_CERTIFICATE_EXPIRED     45
-#define SSL3_AD_CERTIFICATE_UNKNOWN     46
-#define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
-
-typedef struct ssl3_record_st
-        {
-/*r */  int type;               /* type of record */
-/*rw*/  unsigned int length;    /* How many bytes available */
-/*r */  unsigned int off;       /* read/write offset into 'buf' */
-/*rw*/  unsigned char *data;    /* pointer to the record data */
-/*rw*/  unsigned char *input;   /* where the decode bytes are */
-/*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
-        } SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
-        {
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-                                 * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
-        } SSL3_BUFFER;
-
-#define SSL3_CT_RSA_SIGN                        1
-#define SSL3_CT_DSS_SIGN                        2
-#define SSL3_CT_RSA_FIXED_DH                    3
-#define SSL3_CT_DSS_FIXED_DH                    4
-#define SSL3_CT_RSA_EPHEMERAL_DH                5
-#define SSL3_CT_DSS_EPHEMERAL_DH                6
-#define SSL3_CT_FORTEZZA_DMS                    20
-#define SSL3_CT_NUMBER                          7
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
-#define SSL3_FLAGS_POP_BUFFER                   0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
-
-typedef struct ssl3_state_st
-        {
-        long flags;
-        int delay_buf_pop_ret;
-
-        unsigned char read_sequence[8];
-        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-        unsigned char write_sequence[8];
-        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
-        unsigned char server_random[SSL3_RANDOM_SIZE];
-        unsigned char client_random[SSL3_RANDOM_SIZE];
-
-        /* flags for countermeasure against known-IV weakness */
-        int need_empty_fragments;
-        int empty_fragment_done;
-
-        SSL3_BUFFER rbuf;       /* read IO goes into here */
-        SSL3_BUFFER wbuf;       /* write IO goes into here */
-
-        SSL3_RECORD rrec;       /* each decoded record goes in here */
-        SSL3_RECORD wrec;       /* goes out from here */
-
-        /* storage for Alert/Handshake protocol data received but not
-         * yet processed by ssl3_read_bytes: */
-        unsigned char alert_fragment[2];
-        unsigned int alert_fragment_len;
-        unsigned char handshake_fragment[4];
-        unsigned int handshake_fragment_len;
-
-        /* partial write - check the numbers match */
-        unsigned int wnum;      /* number of bytes sent so far */
-        int wpend_tot;          /* number bytes written */
-        int wpend_type;
-        int wpend_ret;          /* number of bytes submitted */
-        const unsigned char *wpend_buf;
-
-        /* used during startup, digest all incoming/outgoing packets */
-        EVP_MD_CTX finish_dgst1;
-        EVP_MD_CTX finish_dgst2;
-
-        /* this is set whenerver we see a change_cipher_spec message
-         * come in when we are not looking for one */
-        int change_cipher_spec;
-
-        int warn_alert;
-        int fatal_alert;
-        /* we allow one fatal and one warning alert to be outstanding,
-         * send close alert via the warning alert */
-        int alert_dispatch;
-        unsigned char send_alert[2];
-
-        /* This flag is set when we should renegotiate ASAP, basically when
-         * there is no more data in the read or write buffers */
-        int renegotiate;
-        int total_renegotiations;
-        int num_renegotiations;
-
-        int in_read_app_data;
-
-        struct  {
-                /* actually only needs to be 16+20 */
-                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
-                /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
-                int finish_md_len;
-                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
-                int peer_finish_md_len;
-                
-                unsigned long message_size;
-                int message_type;
-
-                /* used to hold the new cipher we are going to use */
-                SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
-                DH *dh;
-#endif
-                /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;                 
-
-                int reuse_message;
-
-                /* used for certificate requests */
-                int cert_req;
-                int ctype_num;
-                char ctype[SSL3_CT_NUMBER];
-                STACK_OF(X509_NAME) *ca_names;
-
-                int use_rsa_tmp;
-
-                int key_block_length;
-                unsigned char *key_block;
-
-                const EVP_CIPHER *new_sym_enc;
-                const EVP_MD *new_hash;
-#ifndef OPENSSL_NO_COMP
-                const SSL_COMP *new_compression;
-#else
-                char *new_compression;
-#endif
-                int cert_request;
-                } tmp;
-
-        } SSL3_STATE;
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST                   0
-#define SSL3_MT_CLIENT_HELLO                    1
-#define SSL3_MT_SERVER_HELLO                    2
-#define SSL3_MT_CERTIFICATE                     11
-#define SSL3_MT_SERVER_KEY_EXCHANGE             12
-#define SSL3_MT_CERTIFICATE_REQUEST             13
-#define SSL3_MT_SERVER_DONE                     14
-#define SSL3_MT_CERTIFICATE_VERIFY              15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE             16
-#define SSL3_MT_FINISHED                        20
-
-#define SSL3_MT_CCS                             1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ            0x01
-#define SSL3_CC_WRITE           0x02
-#define SSL3_CC_CLIENT          0x10
-#define SSL3_CC_SERVER          0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
-#define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 3d1299ee7b..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
-        {
-
-#ifndef OPENSSL_NO_DES
-        EVP_add_cipher(EVP_des_cbc());
-        EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_IDEA
-        EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
-        EVP_add_cipher(EVP_rc4());
-#endif  
-#ifndef OPENSSL_NO_RC2
-        EVP_add_cipher(EVP_rc2_cbc());
-#endif
-#ifndef OPENSSL_NO_AES
-        EVP_add_cipher(EVP_aes_128_cbc());
-        EVP_add_cipher(EVP_aes_192_cbc());
-        EVP_add_cipher(EVP_aes_256_cbc());
-#endif
-#ifndef OPENSSL_NO_MD2
-        EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
-        EVP_add_digest(EVP_md5());
-        EVP_add_digest_alias(SN_md5,"ssl2-md5");
-        EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef OPENSSL_NO_SHA
-        EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
-        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
-        EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-        EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-        EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-        /* If you want support for phased out ciphers, add the following */
-#if 0
-        EVP_add_digest(EVP_sha());
-        EVP_add_digest(EVP_dss());
-#endif
-        return(1);
-        }
-
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index fc5fcce108..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl_locl.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-typedef struct ssl_session_asn1_st
-        {
-        ASN1_INTEGER version;
-        ASN1_INTEGER ssl_version;
-        ASN1_OCTET_STRING cipher;
-        ASN1_OCTET_STRING master_key;
-        ASN1_OCTET_STRING session_id;
-        ASN1_OCTET_STRING session_id_context;
-        ASN1_OCTET_STRING key_arg;
-#ifndef OPENSSL_NO_KRB5
-        ASN1_OCTET_STRING krb5_princ;
-#endif /* OPENSSL_NO_KRB5 */
-        ASN1_INTEGER time;
-        ASN1_INTEGER timeout;
-        ASN1_INTEGER verify_result;
-        } SSL_SESSION_ASN1;
-
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
-        {
-#define LSIZE2 (sizeof(long)*2)
-        int v1=0,v2=0,v3=0,v4=0,v5=0;
-        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
-        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
-        long l;
-        SSL_SESSION_ASN1 a;
-        M_ASN1_I2D_vars(in);
-
-        if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
-                return(0);
-
-        /* Note that I cheat in the following 2 assignments.  I know
-         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
-         * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
-         * This is a bit evil but makes things simple, no dynamic allocation
-         * to clean up :-) */
-        a.version.length=LSIZE2;
-        a.version.type=V_ASN1_INTEGER;
-        a.version.data=ibuf1;
-        ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
-
-        a.ssl_version.length=LSIZE2;
-        a.ssl_version.type=V_ASN1_INTEGER;
-        a.ssl_version.data=ibuf2;
-        ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
-
-        a.cipher.type=V_ASN1_OCTET_STRING;
-        a.cipher.data=buf;
-
-        if (in->cipher == NULL)
-                l=in->cipher_id;
-        else
-                l=in->cipher->id;
-        if (in->ssl_version == SSL2_VERSION)
-                {
-                a.cipher.length=3;
-                buf[0]=((unsigned char)(l>>16L))&0xff;
-                buf[1]=((unsigned char)(l>> 8L))&0xff;
-                buf[2]=((unsigned char)(l     ))&0xff;
-                }
-        else
-                {
-                a.cipher.length=2;
-                buf[0]=((unsigned char)(l>>8L))&0xff;
-                buf[1]=((unsigned char)(l    ))&0xff;
-                }
-
-        a.master_key.length=in->master_key_length;
-        a.master_key.type=V_ASN1_OCTET_STRING;
-        a.master_key.data=in->master_key;
-
-        a.session_id.length=in->session_id_length;
-        a.session_id.type=V_ASN1_OCTET_STRING;
-        a.session_id.data=in->session_id;
-
-        a.session_id_context.length=in->sid_ctx_length;
-        a.session_id_context.type=V_ASN1_OCTET_STRING;
-        a.session_id_context.data=in->sid_ctx;
-
-        a.key_arg.length=in->key_arg_length;
-        a.key_arg.type=V_ASN1_OCTET_STRING;
-        a.key_arg.data=in->key_arg;
-
-#ifndef OPENSSL_NO_KRB5
-        if (in->krb5_client_princ_len)
-                {
-                a.krb5_princ.length=in->krb5_client_princ_len;
-                a.krb5_princ.type=V_ASN1_OCTET_STRING;
-                a.krb5_princ.data=in->krb5_client_princ;
-                }
-#endif /* OPENSSL_NO_KRB5 */
- 
-        if (in->time != 0L)
-                {
-                a.time.length=LSIZE2;
-                a.time.type=V_ASN1_INTEGER;
-                a.time.data=ibuf3;
-                ASN1_INTEGER_set(&(a.time),in->time);
-                }
-
-        if (in->timeout != 0L)
-                {
-                a.timeout.length=LSIZE2;
-                a.timeout.type=V_ASN1_INTEGER;
-                a.timeout.data=ibuf4;
-                ASN1_INTEGER_set(&(a.timeout),in->timeout);
-                }
-
-        if (in->verify_result != X509_V_OK)
-                {
-                a.verify_result.length=LSIZE2;
-                a.verify_result.type=V_ASN1_INTEGER;
-                a.verify_result.data=ibuf5;
-                ASN1_INTEGER_set(&a.verify_result,in->verify_result);
-                }
-
-
-        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-        if (in->krb5_client_princ_len)
-                M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
-        if (in->key_arg_length > 0)
-                M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
-        if (in->time != 0L)
-                M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
-        if (in->timeout != 0L)
-                M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
-        if (in->peer != NULL)
-                M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
-        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
-        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
-
-        M_ASN1_I2D_seq_total();
-
-        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.ssl_version),        i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-        if (in->krb5_client_princ_len)
-                M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
-        if (in->key_arg_length > 0)
-                M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
-        if (in->time != 0L)
-                M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
-        if (in->timeout != 0L)
-                M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
-        if (in->peer != NULL)
-                M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
-        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
-                               v4);
-        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
-        M_ASN1_I2D_finish();
-        }
-
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
-             long length)
-        {
-        int version,ssl_version=0,i;
-        long id;
-        ASN1_INTEGER ai,*aip;
-        ASN1_OCTET_STRING os,*osp;
-        M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
-
-        aip= &ai;
-        osp= &os;
-
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-
-        ai.data=NULL; ai.length=0;
-        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
-        version=(int)ASN1_INTEGER_get(aip);
-        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
-        /* we don't care about the version right now :-) */
-        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
-        ssl_version=(int)ASN1_INTEGER_get(aip);
-        ret->ssl_version=ssl_version;
-        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
-        os.data=NULL; os.length=0;
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-        if (ssl_version == SSL2_VERSION)
-                {
-                if (os.length != 3)
-                        {
-                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
-                        goto err;
-                        }
-                id=0x02000000L|
-                        ((unsigned long)os.data[0]<<16L)|
-                        ((unsigned long)os.data[1]<< 8L)|
-                         (unsigned long)os.data[2];
-                }
-        else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
-                {
-                if (os.length != 2)
-                        {
-                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
-                        goto err;
-                        }
-                id=0x03000000L|
-                        ((unsigned long)os.data[0]<<8L)|
-                         (unsigned long)os.data[1];
-                }
-        else
-                {
-                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
-                return(NULL);
-                }
-        
-        ret->cipher=NULL;
-        ret->cipher_id=id;
-
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-        if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
-                i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
-        else /* if (ssl_version == SSL2_VERSION_MAJOR) */
-                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
-
-        if (os.length > i)
-                os.length = i;
-        if (os.length > sizeof ret->session_id) /* can't happen */
-                os.length = sizeof ret->session_id;
-
-        ret->session_id_length=os.length;
-        OPENSSL_assert(os.length <= sizeof ret->session_id);
-        memcpy(ret->session_id,os.data,os.length);
-
-        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-        if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
-                ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
-        else
-                ret->master_key_length=os.length;
-        memcpy(ret->master_key,os.data,ret->master_key_length);
-
-        os.length=0;
-
-#ifndef OPENSSL_NO_KRB5
-        os.length=0;
-        M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
-        if (os.data)
-                {
-                if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
-                        ret->krb5_client_princ_len=0;
-                else
-                        ret->krb5_client_princ_len=os.length;
-                memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
-                OPENSSL_free(os.data);
-                os.data = NULL;
-                os.length = 0;
-                }
-        else
-                ret->krb5_client_princ_len=0;
-#endif /* OPENSSL_NO_KRB5 */
-
-        M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
-        if (os.length > SSL_MAX_KEY_ARG_LENGTH)
-                ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
-        else
-                ret->key_arg_length=os.length;
-        memcpy(ret->key_arg,os.data,ret->key_arg_length);
-        if (os.data != NULL) OPENSSL_free(os.data);
-
-        ai.length=0;
-        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
-        if (ai.data != NULL)
-                {
-                ret->time=ASN1_INTEGER_get(aip);
-                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-                }
-        else
-                ret->time=(unsigned long)time(NULL);
-
-        ai.length=0;
-        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
-        if (ai.data != NULL)
-                {
-                ret->timeout=ASN1_INTEGER_get(aip);
-                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-                }
-        else
-                ret->timeout=3;
-
-        if (ret->peer != NULL)
-                {
-                X509_free(ret->peer);
-                ret->peer=NULL;
-                }
-        M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
-
-        os.length=0;
-        os.data=NULL;
-        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
-
-        if(os.data != NULL)
-            {
-            if (os.length > SSL_MAX_SID_CTX_LENGTH)
-                {
-                ret->sid_ctx_length=os.length;
-                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
-                }
-            else
-                {
-                ret->sid_ctx_length=os.length;
-                memcpy(ret->sid_ctx,os.data,os.length);
-                }
-            OPENSSL_free(os.data); os.data=NULL; os.length=0;
-            }
-        else
-            ret->sid_ctx_length=0;
-
-        ai.length=0;
-        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
-        if (ai.data != NULL)
-                {
-                ret->verify_result=ASN1_INTEGER_get(aip);
-                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-                }
-        else
-                ret->verify_result=X509_V_OK;
-
-        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
-        }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index b779e6bb4d..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,898 +0,0 @@
-/*! \file ssl/ssl_cert.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdio.h>
-
-#include "e_os.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
-#include <dirent.h>
-#endif
-
-#if defined(WIN32)
-#include <windows.h>
-#include <tchar.h>
-#endif
-
-#ifdef NeXT
-#include <sys/dir.h>
-#define dirent direct
-#endif
-
-#include <openssl/objects.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include "ssl_locl.h"
-#include <openssl/fips.h>
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
-        {
-        static volatile int ssl_x509_store_ctx_idx= -1;
-
-        if (ssl_x509_store_ctx_idx < 0)
-                {
-                /* any write lock will do; usually this branch
-                 * will only be taken once anyway */
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-                
-                if (ssl_x509_store_ctx_idx < 0)
-                        {
-                        ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
-                                0,"SSL for verify callback",NULL,NULL,NULL);
-                        }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-                }
-        return ssl_x509_store_ctx_idx;
-        }
-
-CERT *ssl_cert_new(void)
-        {
-        CERT *ret;
-
-        ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
-        if (ret == NULL)
-                {
-                SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        memset(ret,0,sizeof(CERT));
-
-        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
-        ret->references=1;
-
-        return(ret);
-        }
-
-CERT *ssl_cert_dup(CERT *cert)
-        {
-        CERT *ret;
-        int i;
-
-        ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
-        if (ret == NULL)
-                {
-                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-
-        memset(ret, 0, sizeof(CERT));
-
-        ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-        /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
-         * if you find that more readable */
-
-        ret->valid = cert->valid;
-        ret->mask = cert->mask;
-        ret->export_mask = cert->export_mask;
-
-#ifndef OPENSSL_NO_RSA
-        if (cert->rsa_tmp != NULL)
-                {
-                RSA_up_ref(cert->rsa_tmp);
-                ret->rsa_tmp = cert->rsa_tmp;
-                }
-        ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_DH
-        if (cert->dh_tmp != NULL)
-                {
-                /* DH parameters don't have a reference count */
-                ret->dh_tmp = DHparams_dup(cert->dh_tmp);
-                if (ret->dh_tmp == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
-                        goto err;
-                        }
-                if (cert->dh_tmp->priv_key)
-                        {
-                        BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
-                        if (!b)
-                                {
-                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-                                goto err;
-                                }
-                        ret->dh_tmp->priv_key = b;
-                        }
-                if (cert->dh_tmp->pub_key)
-                        {
-                        BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
-                        if (!b)
-                                {
-                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-                                goto err;
-                                }
-                        ret->dh_tmp->pub_key = b;
-                        }
-                }
-        ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
-        for (i = 0; i < SSL_PKEY_NUM; i++)
-                {
-                if (cert->pkeys[i].x509 != NULL)
-                        {
-                        ret->pkeys[i].x509 = cert->pkeys[i].x509;
-                        CRYPTO_add(&ret->pkeys[i].x509->references, 1,
-                                CRYPTO_LOCK_X509);
-                        }
-                
-                if (cert->pkeys[i].privatekey != NULL)
-                        {
-                        ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
-                        CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
-                                CRYPTO_LOCK_EVP_PKEY);
-
-                        switch(i) 
-                                {
-                                /* If there was anything special to do for
-                                 * certain types of keys, we'd do it here.
-                                 * (Nothing at the moment, I think.) */
-
-                        case SSL_PKEY_RSA_ENC:
-                        case SSL_PKEY_RSA_SIGN:
-                                /* We have an RSA key. */
-                                break;
-                                
-                        case SSL_PKEY_DSA_SIGN:
-                                /* We have a DSA key. */
-                                break;
-                                
-                        case SSL_PKEY_DH_RSA:
-                        case SSL_PKEY_DH_DSA:
-                                /* We have a DH key. */
-                                break;
-                                
-                        default:
-                                /* Can't happen. */
-                                SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
-                                }
-                        }
-                }
-        
-        /* ret->extra_certs *should* exist, but currently the own certificate
-         * chain is held inside SSL_CTX */
-
-        ret->references=1;
-
-        return(ret);
-        
-#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
-err:
-#endif
-#ifndef OPENSSL_NO_RSA
-        if (ret->rsa_tmp != NULL)
-                RSA_free(ret->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-        if (ret->dh_tmp != NULL)
-                DH_free(ret->dh_tmp);
-#endif
-
-        for (i = 0; i < SSL_PKEY_NUM; i++)
-                {
-                if (ret->pkeys[i].x509 != NULL)
-                        X509_free(ret->pkeys[i].x509);
-                if (ret->pkeys[i].privatekey != NULL)
-                        EVP_PKEY_free(ret->pkeys[i].privatekey);
-                }
-
-        return NULL;
-        }
-
-
-void ssl_cert_free(CERT *c)
-        {
-        int i;
-
-        if(c == NULL)
-            return;
-
-        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
-        REF_PRINT("CERT",c);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"ssl_cert_free, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-        if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-        if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-
-        for (i=0; i<SSL_PKEY_NUM; i++)
-                {
-                if (c->pkeys[i].x509 != NULL)
-                        X509_free(c->pkeys[i].x509);
-                if (c->pkeys[i].privatekey != NULL)
-                        EVP_PKEY_free(c->pkeys[i].privatekey);
-#if 0
-                if (c->pkeys[i].publickey != NULL)
-                        EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
-                }
-        OPENSSL_free(c);
-        }
-
-int ssl_cert_inst(CERT **o)
-        {
-        /* Create a CERT if there isn't already one
-         * (which cannot really happen, as it is initially created in
-         * SSL_CTX_new; but the earlier code usually allows for that one
-         * being non-existant, so we follow that behaviour, as it might
-         * turn out that there actually is a reason for it -- but I'm
-         * not sure that *all* of the existing code could cope with
-         * s->cert being NULL, otherwise we could do without the
-         * initialization in SSL_CTX_new).
-         */
-        
-        if (o == NULL) 
-                {
-                SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (*o == NULL)
-                {
-                if ((*o = ssl_cert_new()) == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                }
-        return(1);
-        }
-
-
-SESS_CERT *ssl_sess_cert_new(void)
-        {
-        SESS_CERT *ret;
-
-        ret = OPENSSL_malloc(sizeof *ret);
-        if (ret == NULL)
-                {
-                SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-
-        memset(ret, 0 ,sizeof *ret);
-        ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
-        ret->references = 1;
-
-        return ret;
-        }
-
-void ssl_sess_cert_free(SESS_CERT *sc)
-        {
-        int i;
-
-        if (sc == NULL)
-                return;
-
-        i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
-        REF_PRINT("SESS_CERT", sc);
-#endif
-        if (i > 0)
-                return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-
-        /* i == 0 */
-        if (sc->cert_chain != NULL)
-                sk_X509_pop_free(sc->cert_chain, X509_free);
-        for (i = 0; i < SSL_PKEY_NUM; i++)
-                {
-                if (sc->peer_pkeys[i].x509 != NULL)
-                        X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key.  These lines are just
-           * here as a reminder that we're still using a not-quite-appropriate
-           * data structure. */
-                if (sc->peer_pkeys[i].privatekey != NULL)
-                        EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
-                }
-
-#ifndef OPENSSL_NO_RSA
-        if (sc->peer_rsa_tmp != NULL)
-                RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-        if (sc->peer_dh_tmp != NULL)
-                DH_free(sc->peer_dh_tmp);
-#endif
-
-        OPENSSL_free(sc);
-        }
-
-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
-        {
-        sc->peer_cert_type = type;
-        return(1);
-        }
-
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
-        {
-        X509 *x;
-        int i;
-        X509_STORE_CTX ctx;
-
-        if ((sk == NULL) || (sk_X509_num(sk) == 0))
-                return(0);
-
-        x=sk_X509_value(sk,0);
-        if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
-                {
-                SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
-                return(0);
-                }
-        if (SSL_get_verify_depth(s) >= 0)
-                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-
-        /* We need to set the verify purpose. The purpose can be determined by
-         * the context: if its a server it will verify SSL client certificates
-         * or vice versa.
-         */
-        if (s->server)
-                i = X509_PURPOSE_SSL_CLIENT;
-        else
-                i = X509_PURPOSE_SSL_SERVER;
-
-        X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
-
-        if (s->verify_callback)
-                X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
-
-        if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
-                i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
-#else
-                i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
-        else
-                {
-#ifndef OPENSSL_NO_X509_VERIFY
-                i=X509_verify_cert(&ctx);
-#else
-                i=0;
-                ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
-                SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
-#endif
-                }
-
-        s->verify_result=ctx.error;
-        X509_STORE_CTX_cleanup(&ctx);
-
-        return(i);
-        }
-
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
-        {
-        if (*ca_list != NULL)
-                sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
-
-        *ca_list=name_list;
-        }
-
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
-        {
-        int i;
-        STACK_OF(X509_NAME) *ret;
-        X509_NAME *name;
-
-        ret=sk_X509_NAME_new_null();
-        for (i=0; i<sk_X509_NAME_num(sk); i++)
-                {
-                name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
-                if ((name == NULL) || !sk_X509_NAME_push(ret,name))
-                        {
-                        sk_X509_NAME_pop_free(ret,X509_NAME_free);
-                        return(NULL);
-                        }
-                }
-        return(ret);
-        }
-
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
-        {
-        set_client_CA_list(&(s->client_CA),name_list);
-        }
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
-        {
-        set_client_CA_list(&(ctx->client_CA),name_list);
-        }
-
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
-        {
-        return(ctx->client_CA);
-        }
-
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
-        {
-        if (s->type == SSL_ST_CONNECT)
-                { /* we are in the client */
-                if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
-                        (s->s3 != NULL))
-                        return(s->s3->tmp.ca_names);
-                else
-                        return(NULL);
-                }
-        else
-                {
-                if (s->client_CA != NULL)
-                        return(s->client_CA);
-                else
-                        return(s->ctx->client_CA);
-                }
-        }
-
-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
-        {
-        X509_NAME *name;
-
-        if (x == NULL) return(0);
-        if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
-                return(0);
-                
-        if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
-                return(0);
-
-        if (!sk_X509_NAME_push(*sk,name))
-                {
-                X509_NAME_free(name);
-                return(0);
-                }
-        return(1);
-        }
-
-int SSL_add_client_CA(SSL *ssl,X509 *x)
-        {
-        return(add_client_CA(&(ssl->client_CA),x));
-        }
-
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
-        {
-        return(add_client_CA(&(ctx->client_CA),x));
-        }
-
-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-        {
-        return(X509_NAME_cmp(*a,*b));
-        }
-
-#ifndef OPENSSL_NO_STDIO
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
-        {
-        BIO *in;
-        X509 *x=NULL;
-        X509_NAME *xn=NULL;
-        STACK_OF(X509_NAME) *ret = NULL,*sk;
-
-        sk=sk_X509_NAME_new(xname_cmp);
-
-        in=BIO_new(BIO_s_file_internal());
-
-        if ((sk == NULL) || (in == NULL))
-                {
-                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        
-        if (!BIO_read_filename(in,file))
-                goto err;
-
-        for (;;)
-                {
-                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-                        break;
-                if (ret == NULL)
-                        {
-                        ret = sk_X509_NAME_new_null();
-                        if (ret == NULL)
-                                {
-                                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        }
-                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-                /* check for duplicates */
-                xn=X509_NAME_dup(xn);
-                if (xn == NULL) goto err;
-                if (sk_X509_NAME_find(sk,xn) >= 0)
-                        X509_NAME_free(xn);
-                else
-                        {
-                        sk_X509_NAME_push(sk,xn);
-                        sk_X509_NAME_push(ret,xn);
-                        }
-                }
-
-        if (0)
-                {
-err:
-                if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
-                ret=NULL;
-                }
-        if (sk != NULL) sk_X509_NAME_free(sk);
-        if (in != NULL) BIO_free(in);
-        if (x != NULL) X509_free(x);
-        if (ret != NULL)
-                ERR_clear_error();
-        return(ret);
-        }
-#endif
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-                                        const char *file)
-        {
-        BIO *in;
-        X509 *x=NULL;
-        X509_NAME *xn=NULL;
-        int ret=1;
-        int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-        
-        oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-        
-        in=BIO_new(BIO_s_file_internal());
-        
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        
-        if (!BIO_read_filename(in,file))
-                goto err;
-        
-        for (;;)
-                {
-                if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-                        break;
-                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-                xn=X509_NAME_dup(xn);
-                if (xn == NULL) goto err;
-                if (sk_X509_NAME_find(stack,xn) >= 0)
-                        X509_NAME_free(xn);
-                else
-                        sk_X509_NAME_push(stack,xn);
-                }
-
-        if (0)
-                {
-err:
-                ret=0;
-                }
-        if(in != NULL)
-                BIO_free(in);
-        if(x != NULL)
-                X509_free(x);
-        
-        sk_X509_NAME_set_cmp_func(stack,oldcmp);
-
-        return ret;
-        }
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-#ifndef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_SYS_VMS         /* XXXX This may be fixed in the future */
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-                                       const char *dir)
-        {
-        DIR *d;
-        struct dirent *dstruct;
-        int ret = 0;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-        d = opendir(dir);
-
-        /* Note that a side effect is that the CAs will be sorted by name */
-        if(!d)
-                {
-                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-                ERR_add_error_data(3, "opendir('", dir, "')");
-                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-                goto err;
-                }
-        
-        while((dstruct=readdir(d)))
-                {
-                char buf[1024];
-                int r;
-                
-                if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
-                        {
-                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-                        goto err;
-                        }
-                
-                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
-                if (r <= 0 || r >= sizeof buf)
-                        goto err;
-                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-                        goto err;
-                }
-        ret = 1;
-
-err:    
-        if (d) closedir(d);
-        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-        return ret;
-        }
-
-#endif
-#endif
-
-#else /* OPENSSL_SYS_WIN32 */
-
-#if defined(_WIN32_WCE)
-# ifndef UNICODE
-#  error "WinCE comes in UNICODE flavor only..."
-# endif
-# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
-#  define OPENSSL_NO_MULTIBYTE
-# endif
-# ifndef  FindFirstFile
-#  define FindFirstFile FindFirstFileW
-# endif
-# ifndef  FindNextFile
-#  define FindNextFile FindNextFileW
-# endif
-#endif
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-                                       const char *dir)
-        {
-        WIN32_FIND_DATA FindFileData;
-        HANDLE hFind;
-        int    ret = 0;
-        TCHAR *wdir = NULL;
-        size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
-        char   buf[1024],*slash;
-
-        if (len_0 > (sizeof(buf)-14))   /* 14 is just some value... */
-                {
-                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-                return ret;
-                }
-
-        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
-        if (sizeof(TCHAR) != sizeof(char))
-                {
-                wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
-                if (wdir == NULL)
-                        goto err_noclose;
-#ifndef OPENSSL_NO_MULTIBYTE
-                if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
-                                        (WCHAR *)wdir,len_0))
-#endif
-                        for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
-
-                hFind = FindFirstFile(wdir, &FindFileData);
-                }
-        else    hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
-
-        /* Note that a side effect is that the CAs will be sorted by name */
-        if(hFind == INVALID_HANDLE_VALUE)
-                {
-                SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-                ERR_add_error_data(3, "opendir('", dir, "')");
-                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-                goto err_noclose;
-                }
-
-        strncpy(buf,dir,sizeof(buf));   /* strcpy is safe too... */
-        buf[len_0-1]='/';               /* no trailing zero!     */
-        slash=buf+len_0;
-
-        do      {
-                const TCHAR *fnam=FindFileData.cFileName;
-                size_t flen_0=_tcslen(fnam)+1;
-
-                if (flen_0 > (sizeof(buf)-len_0))
-                        {
-                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-                        goto err;
-                        }
-                /* else strcpy would be safe too... */
-
-                if (sizeof(TCHAR) != sizeof(char))
-                        {
-#ifndef OPENSSL_NO_MULTIBYTE
-                        if (!WideCharToMultiByte(CP_ACP,0,
-                                                (WCHAR *)fnam,flen_0,
-                                                slash,sizeof(buf)-len_0,
-                                                NULL,0))
-#endif
-                                for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
-                        }
-                else    strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
-
-                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-                        goto err;
-                }
-        while (FindNextFile(hFind, &FindFileData) != FALSE);
-        ret = 1;
-
-err:    
-        FindClose(hFind);
-err_noclose:
-        if (wdir != NULL)
-                free(wdir);
-
-        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-        return ret;
-        }
-
-#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index f622180c69..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1139 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include <openssl/fips.h>
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX         0
-#define SSL_ENC_3DES_IDX        1
-#define SSL_ENC_RC4_IDX         2
-#define SSL_ENC_RC2_IDX         3
-#define SSL_ENC_IDEA_IDX        4
-#define SSL_ENC_eFZA_IDX        5
-#define SSL_ENC_NULL_IDX        6
-#define SSL_ENC_AES128_IDX      7
-#define SSL_ENC_AES256_IDX      8
-#define SSL_ENC_NUM_IDX         9
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
-        };
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-#define SSL_MD_MD5_IDX  0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_NUM_IDX  2
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-        NULL,NULL,
-        };
-
-#define CIPHER_ADD      1
-#define CIPHER_KILL     2
-#define CIPHER_DEL      3
-#define CIPHER_ORD      4
-#define CIPHER_SPECIAL  5
-
-typedef struct cipher_order_st
-        {
-        SSL_CIPHER *cipher;
-        int active;
-        int dead;
-        struct cipher_order_st *next,*prev;
-        } CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[]={
-        /* Don't include eNULL unless specifically enabled. */
-        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
-        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
-        {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
-        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-
-        {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
-        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_DSS, 0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
-
-        {0,SSL_TXT_DES, 0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_RC4, 0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_RC2, 0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
-#ifndef OPENSSL_NO_IDEA
-        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
-#endif
-        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
-
-        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
-        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
-        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
-
-        {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
-        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
-        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
-        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
-
-        {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
-        {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
-        {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
-
-        {0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
-        {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
-        {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_FIPS,  0, 0,  SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
-        };
-
-static int init_ciphers=1;
-
-static void load_ciphers(void)
-        {
-        ssl_cipher_methods[SSL_ENC_DES_IDX]= 
-                EVP_get_cipherbyname(SN_des_cbc);
-        ssl_cipher_methods[SSL_ENC_3DES_IDX]=
-                EVP_get_cipherbyname(SN_des_ede3_cbc);
-        ssl_cipher_methods[SSL_ENC_RC4_IDX]=
-                EVP_get_cipherbyname(SN_rc4);
-        ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
-                EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
-        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
-                EVP_get_cipherbyname(SN_idea_cbc);
-#else
-        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
-#endif
-        ssl_cipher_methods[SSL_ENC_AES128_IDX]=
-          EVP_get_cipherbyname(SN_aes_128_cbc);
-        ssl_cipher_methods[SSL_ENC_AES256_IDX]=
-          EVP_get_cipherbyname(SN_aes_256_cbc);
-
-        ssl_digest_methods[SSL_MD_MD5_IDX]=
-                EVP_get_digestbyname(SN_md5);
-        ssl_digest_methods[SSL_MD_SHA1_IDX]=
-                EVP_get_digestbyname(SN_sha1);
-        init_ciphers=0;
-        }
-
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-             const EVP_MD **md, SSL_COMP **comp)
-        {
-        int i;
-        SSL_CIPHER *c;
-
-        c=s->cipher;
-        if (c == NULL) return(0);
-        if (comp != NULL)
-                {
-                SSL_COMP ctmp;
-
-                if (s->compress_meth == 0)
-                        *comp=NULL;
-                else if (ssl_comp_methods == NULL)
-                        {
-                        /* bad */
-                        *comp=NULL;
-                        }
-                else
-                        {
-
-                        ctmp.id=s->compress_meth;
-                        i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
-                        if (i >= 0)
-                                *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
-                        else
-                                *comp=NULL;
-                        }
-                }
-
-        if ((enc == NULL) || (md == NULL)) return(0);
-
-        switch (c->algorithms & SSL_ENC_MASK)
-                {
-        case SSL_DES:
-                i=SSL_ENC_DES_IDX;
-                break;
-        case SSL_3DES:
-                i=SSL_ENC_3DES_IDX;
-                break;
-        case SSL_RC4:
-                i=SSL_ENC_RC4_IDX;
-                break;
-        case SSL_RC2:
-                i=SSL_ENC_RC2_IDX;
-                break;
-        case SSL_IDEA:
-                i=SSL_ENC_IDEA_IDX;
-                break;
-        case SSL_eNULL:
-                i=SSL_ENC_NULL_IDX;
-                break;
-        case SSL_AES:
-                switch(c->alg_bits)
-                        {
-                case 128: i=SSL_ENC_AES128_IDX; break;
-                case 256: i=SSL_ENC_AES256_IDX; break;
-                default: i=-1; break;
-                        }
-                break;
-        default:
-                i= -1;
-                break;
-                }
-
-        if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
-                *enc=NULL;
-        else
-                {
-                if (i == SSL_ENC_NULL_IDX)
-                        *enc=EVP_enc_null();
-                else
-                        *enc=ssl_cipher_methods[i];
-                }
-
-        switch (c->algorithms & SSL_MAC_MASK)
-                {
-        case SSL_MD5:
-                i=SSL_MD_MD5_IDX;
-                break;
-        case SSL_SHA1:
-                i=SSL_MD_SHA1_IDX;
-                break;
-        default:
-                i= -1;
-                break;
-                }
-        if ((i < 0) || (i >= SSL_MD_NUM_IDX))
-                *md=NULL;
-        else
-                *md=ssl_digest_methods[i];
-
-        if ((*enc != NULL) && (*md != NULL))
-                return(1);
-        else
-                return(0);
-        }
-
-#define ITEM_SEP(a) \
-        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-             CIPHER_ORDER **tail)
-        {
-        if (curr == *tail) return;
-        if (curr == *head)
-                *head=curr->next;
-        if (curr->prev != NULL)
-                curr->prev->next=curr->next;
-        if (curr->next != NULL) /* should always be true */
-                curr->next->prev=curr->prev;
-        (*tail)->next=curr;
-        curr->prev= *tail;
-        curr->next=NULL;
-        *tail=curr;
-        }
-
-static unsigned long ssl_cipher_get_disabled(void)
-        {
-        unsigned long mask;
-
-        mask = SSL_kFZA;
-#ifdef OPENSSL_NO_RSA
-        mask |= SSL_aRSA|SSL_kRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-        mask |= SSL_aDSS;
-#endif
-#ifdef OPENSSL_NO_DH
-        mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
-        mask |= SSL_kKRB5|SSL_aKRB5;
-#endif
-
-#ifdef SSL_FORBID_ENULL
-        mask |= SSL_eNULL;
-#endif
-
-        mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
-
-        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
-        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-
-        return(mask);
-        }
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-                int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
-                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-        {
-        int i, co_list_num;
-        SSL_CIPHER *c;
-
-        /*
-         * We have num_of_ciphers descriptions compiled in, depending on the
-         * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
-         * These will later be sorted in a linked list with at most num
-         * entries.
-         */
-
-        /* Get the initial list of ciphers */
-        co_list_num = 0;        /* actual count of ciphers */
-        for (i = 0; i < num_of_ciphers; i++)
-                {
-                c = ssl_method->get_cipher(i);
-                /* drop those that use any of that is not available */
-#ifdef OPENSSL_FIPS
-                if ((c != NULL) && c->valid && !(c->algorithms & mask)
-                        && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
-                if ((c != NULL) && c->valid && !(c->algorithms & mask))
-#endif
-                        {
-                        co_list[co_list_num].cipher = c;
-                        co_list[co_list_num].next = NULL;
-                        co_list[co_list_num].prev = NULL;
-                        co_list[co_list_num].active = 0;
-                        co_list_num++;
-#ifdef KSSL_DEBUG
-                        printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
-#endif  /* KSSL_DEBUG */
-                        /*
-                        if (!sk_push(ca_list,(char *)c)) goto err;
-                        */
-                        }
-                }
-
-        /*
-         * Prepare linked list from list entries
-         */     
-        for (i = 1; i < co_list_num - 1; i++)
-                {
-                co_list[i].prev = &(co_list[i-1]);
-                co_list[i].next = &(co_list[i+1]);
-                }
-        if (co_list_num > 0)
-                {
-                (*head_p) = &(co_list[0]);
-                (*head_p)->prev = NULL;
-                (*head_p)->next = &(co_list[1]);
-                (*tail_p) = &(co_list[co_list_num - 1]);
-                (*tail_p)->prev = &(co_list[co_list_num - 2]);
-                (*tail_p)->next = NULL;
-                }
-        }
-
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
-                        int num_of_group_aliases, unsigned long mask,
-                        CIPHER_ORDER *head)
-        {
-        CIPHER_ORDER *ciph_curr;
-        SSL_CIPHER **ca_curr;
-        int i;
-
-        /*
-         * First, add the real ciphers as already collected
-         */
-        ciph_curr = head;
-        ca_curr = ca_list;
-        while (ciph_curr != NULL)
-                {
-                *ca_curr = ciph_curr->cipher;
-                ca_curr++;
-                ciph_curr = ciph_curr->next;
-                }
-
-        /*
-         * Now we add the available ones from the cipher_aliases[] table.
-         * They represent either an algorithm, that must be fully
-         * supported (not match any bit in mask) or represent a cipher
-         * strength value (will be added in any case because algorithms=0).
-         */
-        for (i = 0; i < num_of_group_aliases; i++)
-                {
-                if ((i == 0) ||         /* always fetch "ALL" */
-                    !(cipher_aliases[i].algorithms & mask))
-                        {
-                        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
-                        ca_curr++;
-                        }
-                }
-
-        *ca_curr = NULL;        /* end of list */
-        }
-
-static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
-                unsigned long algo_strength, unsigned long mask_strength,
-                int rule, int strength_bits, CIPHER_ORDER *co_list,
-                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-        {
-        CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
-        SSL_CIPHER *cp;
-        unsigned long ma, ma_s;
-
-#ifdef CIPHER_DEBUG
-        printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
-                rule, algorithms, mask, algo_strength, mask_strength,
-                strength_bits);
-#endif
-
-        curr = head = *head_p;
-        curr2 = head;
-        tail2 = tail = *tail_p;
-        for (;;)
-                {
-                if ((curr == NULL) || (curr == tail2)) break;
-                curr = curr2;
-                curr2 = curr->next;
-
-                cp = curr->cipher;
-
-                /*
-                 * Selection criteria is either the number of strength_bits
-                 * or the algorithm used.
-                 */
-                if (strength_bits == -1)
-                        {
-                        ma = mask & cp->algorithms;
-                        ma_s = mask_strength & cp->algo_strength;
-
-#ifdef CIPHER_DEBUG
-                        printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
-                        printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
-#endif
-                        /*
-                         * Select: if none of the mask bit was met from the
-                         * cipher or not all of the bits were met, the
-                         * selection does not apply.
-                         */
-                        if (((ma == 0) && (ma_s == 0)) ||
-                            ((ma & algorithms) != ma) ||
-                            ((ma_s & algo_strength) != ma_s))
-                                continue; /* does not apply */
-                        }
-                else if (strength_bits != cp->strength_bits)
-                        continue;       /* does not apply */
-
-#ifdef CIPHER_DEBUG
-                printf("Action = %d\n", rule);
-#endif
-
-                /* add the cipher if it has not been added yet. */
-                if (rule == CIPHER_ADD)
-                        {
-                        if (!curr->active)
-                                {
-                                ll_append_tail(&head, curr, &tail);
-                                curr->active = 1;
-                                }
-                        }
-                /* Move the added cipher to this location */
-                else if (rule == CIPHER_ORD)
-                        {
-                        if (curr->active)
-                                {
-                                ll_append_tail(&head, curr, &tail);
-                                }
-                        }
-                else if (rule == CIPHER_DEL)
-                        curr->active = 0;
-                else if (rule == CIPHER_KILL)
-                        {
-                        if (head == curr)
-                                head = curr->next;
-                        else
-                                curr->prev->next = curr->next;
-                        if (tail == curr)
-                                tail = curr->prev;
-                        curr->active = 0;
-                        if (curr->next != NULL)
-                                curr->next->prev = curr->prev;
-                        if (curr->prev != NULL)
-                                curr->prev->next = curr->next;
-                        curr->next = NULL;
-                        curr->prev = NULL;
-                        }
-                }
-
-        *head_p = head;
-        *tail_p = tail;
-        }
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
-                                    CIPHER_ORDER **head_p,
-                                    CIPHER_ORDER **tail_p)
-        {
-        int max_strength_bits, i, *number_uses;
-        CIPHER_ORDER *curr;
-
-        /*
-         * This routine sorts the ciphers with descending strength. The sorting
-         * must keep the pre-sorted sequence, so we apply the normal sorting
-         * routine as '+' movement to the end of the list.
-         */
-        max_strength_bits = 0;
-        curr = *head_p;
-        while (curr != NULL)
-                {
-                if (curr->active &&
-                    (curr->cipher->strength_bits > max_strength_bits))
-                    max_strength_bits = curr->cipher->strength_bits;
-                curr = curr->next;
-                }
-
-        number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
-        if (!number_uses)
-        {
-                SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
-                return(0);
-        }
-        memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
-        /*
-         * Now find the strength_bits values actually used
-         */
-        curr = *head_p;
-        while (curr != NULL)
-                {
-                if (curr->active)
-                        number_uses[curr->cipher->strength_bits]++;
-                curr = curr->next;
-                }
-        /*
-         * Go through the list of used strength_bits values in descending
-         * order.
-         */
-        for (i = max_strength_bits; i >= 0; i--)
-                if (number_uses[i] > 0)
-                        ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
-                                        co_list, head_p, tail_p);
-
-        OPENSSL_free(number_uses);
-        return(1);
-        }
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
-                CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
-                CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
-        {
-        unsigned long algorithms, mask, algo_strength, mask_strength;
-        const char *l, *start, *buf;
-        int j, multi, found, rule, retval, ok, buflen;
-        char ch;
-
-        retval = 1;
-        l = rule_str;
-        for (;;)
-                {
-                ch = *l;
-
-                if (ch == '\0')
-                        break;          /* done */
-                if (ch == '-')
-                        { rule = CIPHER_DEL; l++; }
-                else if (ch == '+')
-                        { rule = CIPHER_ORD; l++; }
-                else if (ch == '!')
-                        { rule = CIPHER_KILL; l++; }
-                else if (ch == '@')
-                        { rule = CIPHER_SPECIAL; l++; }
-                else
-                        { rule = CIPHER_ADD; }
-
-                if (ITEM_SEP(ch))
-                        {
-                        l++;
-                        continue;
-                        }
-
-                algorithms = mask = algo_strength = mask_strength = 0;
-
-                start=l;
-                for (;;)
-                        {
-                        ch = *l;
-                        buf = l;
-                        buflen = 0;
-#ifndef CHARSET_EBCDIC
-                        while ( ((ch >= 'A') && (ch <= 'Z')) ||
-                                ((ch >= '0') && (ch <= '9')) ||
-                                ((ch >= 'a') && (ch <= 'z')) ||
-                                 (ch == '-'))
-#else
-                        while ( isalnum(ch) || (ch == '-'))
-#endif
-                                 {
-                                 ch = *(++l);
-                                 buflen++;
-                                 }
-
-                        if (buflen == 0)
-                                {
-                                /*
-                                 * We hit something we cannot deal with,
-                                 * it is no command or separator nor
-                                 * alphanumeric, so we call this an error.
-                                 */
-                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                                       SSL_R_INVALID_COMMAND);
-                                retval = found = 0;
-                                l++;
-                                break;
-                                }
-
-                        if (rule == CIPHER_SPECIAL)
-                                {
-                                found = 0; /* unused -- avoid compiler warning */
-                                break;  /* special treatment */
-                                }
-
-                        /* check for multi-part specification */
-                        if (ch == '+')
-                                {
-                                multi=1;
-                                l++;
-                                }
-                        else
-                                multi=0;
-
-                        /*
-                         * Now search for the cipher alias in the ca_list. Be careful
-                         * with the strncmp, because the "buflen" limitation
-                         * will make the rule "ADH:SOME" and the cipher
-                         * "ADH-MY-CIPHER" look like a match for buflen=3.
-                         * So additionally check whether the cipher name found
-                         * has the correct length. We can save a strlen() call:
-                         * just checking for the '\0' at the right place is
-                         * sufficient, we have to strncmp() anyway. (We cannot
-                         * use strcmp(), because buf is not '\0' terminated.)
-                         */
-                         j = found = 0;
-                         while (ca_list[j])
-                                {
-                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
-                                    (ca_list[j]->name[buflen] == '\0'))
-                                        {
-                                        found = 1;
-                                        break;
-                                        }
-                                else
-                                        j++;
-                                }
-                        if (!found)
-                                break;  /* ignore this entry */
-
-                        /* New algorithms:
-                         *  1 - any old restrictions apply outside new mask
-                         *  2 - any new restrictions apply outside old mask
-                         *  3 - enforce old & new where masks intersect
-                         */
-                        algorithms = (algorithms & ~ca_list[j]->mask) |         /* 1 */
-                                     (ca_list[j]->algorithms & ~mask) |         /* 2 */
-                                     (algorithms & ca_list[j]->algorithms);     /* 3 */
-                        mask |= ca_list[j]->mask;
-                        algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
-                                        (ca_list[j]->algo_strength & ~mask_strength) |
-                                        (algo_strength & ca_list[j]->algo_strength);
-                        mask_strength |= ca_list[j]->mask_strength;
-
-                        if (!multi) break;
-                        }
-
-                /*
-                 * Ok, we have the rule, now apply it
-                 */
-                if (rule == CIPHER_SPECIAL)
-                        {       /* special command */
-                        ok = 0;
-                        if ((buflen == 8) &&
-                                !strncmp(buf, "STRENGTH", 8))
-                                ok = ssl_cipher_strength_sort(co_list,
-                                        head_p, tail_p);
-                        else
-                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                                        SSL_R_INVALID_COMMAND);
-                        if (ok == 0)
-                                retval = 0;
-                        /*
-                         * We do not support any "multi" options
-                         * together with "@", so throw away the
-                         * rest of the command, if any left, until
-                         * end or ':' is found.
-                         */
-                        while ((*l != '\0') && ITEM_SEP(*l))
-                                l++;
-                        }
-                else if (found)
-                        {
-                        ssl_cipher_apply_rule(algorithms, mask,
-                                algo_strength, mask_strength, rule, -1,
-                                co_list, head_p, tail_p);
-                        }
-                else
-                        {
-                        while ((*l != '\0') && ITEM_SEP(*l))
-                                l++;
-                        }
-                if (*l == '\0') break; /* done */
-                }
-
-        return(retval);
-        }
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
-                STACK_OF(SSL_CIPHER) **cipher_list,
-                STACK_OF(SSL_CIPHER) **cipher_list_by_id,
-                const char *rule_str)
-        {
-        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-        unsigned long disabled_mask;
-        STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
-        const char *rule_p;
-        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-        SSL_CIPHER **ca_list = NULL;
-
-        /*
-         * Return with error if nothing to do.
-         */
-        if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-                return NULL;
-
-        if (init_ciphers)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-                if (init_ciphers) load_ciphers();
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                }
-
-        /*
-         * To reduce the work to do we only want to process the compiled
-         * in algorithms, so we first get the mask of disabled ciphers.
-         */
-        disabled_mask = ssl_cipher_get_disabled();
-
-        /*
-         * Now we have to collect the available ciphers from the compiled
-         * in ciphers. We cannot get more than the number compiled in, so
-         * it is used for allocation.
-         */
-        num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
-        printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif    /* KSSL_DEBUG */
-        co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-        if (co_list == NULL)
-                {
-                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-                return(NULL);   /* Failure */
-                }
-
-        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-                                   co_list, &head, &tail);
-
-        /*
-         * We also need cipher aliases for selecting based on the rule_str.
-         * There might be two types of entries in the rule_str: 1) names
-         * of ciphers themselves 2) aliases for groups of ciphers.
-         * For 1) we need the available ciphers and for 2) the cipher
-         * groups of cipher_aliases added together in one list (otherwise
-         * we would be happy with just the cipher_aliases table).
-         */
-        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
-        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-        ca_list =
-                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
-        if (ca_list == NULL)
-                {
-                OPENSSL_free(co_list);
-                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-                return(NULL);   /* Failure */
-                }
-        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
-                                   head);
-
-        /*
-         * If the rule_string begins with DEFAULT, apply the default rule
-         * before using the (possibly available) additional rules.
-         */
-        ok = 1;
-        rule_p = rule_str;
-        if (strncmp(rule_str,"DEFAULT",7) == 0)
-                {
-                ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                        co_list, &head, &tail, ca_list);
-                rule_p += 7;
-                if (*rule_p == ':')
-                        rule_p++;
-                }
-
-        if (ok && (strlen(rule_p) > 0))
-                ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
-                                                ca_list);
-
-        OPENSSL_free(ca_list);  /* Not needed anymore */
-
-        if (!ok)
-                {       /* Rule processing failure */
-                OPENSSL_free(co_list);
-                return(NULL);
-                }
-        /*
-         * Allocate new "cipherstack" for the result, return with error
-         * if we cannot get one.
-         */
-        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
-                {
-                OPENSSL_free(co_list);
-                return(NULL);
-                }
-
-        /*
-         * The cipher selection for the list is done. The ciphers are added
-         * to the resulting precedence to the STACK_OF(SSL_CIPHER).
-         */
-        for (curr = head; curr != NULL; curr = curr->next)
-                {
-#ifdef OPENSSL_FIPS
-                if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
-                if (curr->active)
-#endif
-                        {
-                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
-                        printf("<%s>\n",curr->cipher->name);
-#endif
-                        }
-                }
-        OPENSSL_free(co_list);  /* Not needed any longer */
-
-        tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
-        if (tmp_cipher_list == NULL)
-                {
-                sk_SSL_CIPHER_free(cipherstack);
-                return NULL;
-                }
-        if (*cipher_list != NULL)
-                sk_SSL_CIPHER_free(*cipher_list);
-        *cipher_list = cipherstack;
-        if (*cipher_list_by_id != NULL)
-                sk_SSL_CIPHER_free(*cipher_list_by_id);
-        *cipher_list_by_id = tmp_cipher_list;
-        sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
-        return(cipherstack);
-        }
-
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
-        {
-        int is_export,pkl,kl;
-        char *ver,*exp_str;
-        char *kx,*au,*enc,*mac;
-        unsigned long alg,alg2,alg_s;
-#ifdef KSSL_DEBUG
-        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
-#else
-        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
-
-        alg=cipher->algorithms;
-        alg_s=cipher->algo_strength;
-        alg2=cipher->algorithm2;
-
-        is_export=SSL_C_IS_EXPORT(cipher);
-        pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-        kl=SSL_C_EXPORT_KEYLENGTH(cipher);
-        exp_str=is_export?" export":"";
-
-        if (alg & SSL_SSLV2)
-                ver="SSLv2";
-        else if (alg & SSL_SSLV3)
-                ver="SSLv3";
-        else
-                ver="unknown";
-
-        switch (alg&SSL_MKEY_MASK)
-                {
-        case SSL_kRSA:
-                kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
-                break;
-        case SSL_kDHr:
-                kx="DH/RSA";
-                break;
-        case SSL_kDHd:
-                kx="DH/DSS";
-                break;
-        case SSL_kKRB5:         /* VRS */
-        case SSL_KRB5:          /* VRS */
-            kx="KRB5";
-            break;
-        case SSL_kFZA:
-                kx="Fortezza";
-                break;
-        case SSL_kEDH:
-                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
-                break;
-        default:
-                kx="unknown";
-                }
-
-        switch (alg&SSL_AUTH_MASK)
-                {
-        case SSL_aRSA:
-                au="RSA";
-                break;
-        case SSL_aDSS:
-                au="DSS";
-                break;
-        case SSL_aDH:
-                au="DH";
-                break;
-        case SSL_aKRB5:         /* VRS */
-        case SSL_KRB5:          /* VRS */
-            au="KRB5";
-            break;
-        case SSL_aFZA:
-        case SSL_aNULL:
-                au="None";
-                break;
-        default:
-                au="unknown";
-                break;
-                }
-
-        switch (alg&SSL_ENC_MASK)
-                {
-        case SSL_DES:
-                enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
-                break;
-        case SSL_3DES:
-                enc="3DES(168)";
-                break;
-        case SSL_RC4:
-                enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
-                  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
-                break;
-        case SSL_RC2:
-                enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
-                break;
-        case SSL_IDEA:
-                enc="IDEA(128)";
-                break;
-        case SSL_eFZA:
-                enc="Fortezza";
-                break;
-        case SSL_eNULL:
-                enc="None";
-                break;
-        case SSL_AES:
-                switch(cipher->strength_bits)
-                        {
-                case 128: enc="AES(128)"; break;
-                case 192: enc="AES(192)"; break;
-                case 256: enc="AES(256)"; break;
-                default: enc="AES(?""?""?)"; break;
-                        }
-                break;
-        default:
-                enc="unknown";
-                break;
-                }
-
-        switch (alg&SSL_MAC_MASK)
-                {
-        case SSL_MD5:
-                mac="MD5";
-                break;
-        case SSL_SHA1:
-                mac="SHA1";
-                break;
-        default:
-                mac="unknown";
-                break;
-                }
-
-        if (buf == NULL)
-                {
-                len=128;
-                buf=OPENSSL_malloc(len);
-                if (buf == NULL) return("OPENSSL_malloc Error");
-                }
-        else if (len < 128)
-                return("Buffer too small");
-
-#ifdef KSSL_DEBUG
-        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
-#else
-        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
-#endif /* KSSL_DEBUG */
-        return(buf);
-        }
-
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
-        {
-        int i;
-
-        if (c == NULL) return("(NONE)");
-        i=(int)(c->id>>24L);
-        if (i == 3)
-                return("TLSv1/SSLv3");
-        else if (i == 2)
-                return("SSLv2");
-        else
-                return("unknown");
-        }
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
-        {
-        if (c != NULL)
-                return(c->name);
-        return("(NONE)");
-        }
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
-        {
-        int ret=0;
-
-        if (c != NULL)
-                {
-                if (alg_bits != NULL) *alg_bits = c->alg_bits;
-                ret = c->strength_bits;
-                }
-        return(ret);
-        }
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-        {
-        SSL_COMP *ctmp;
-        int i,nn;
-
-        if ((n == 0) || (sk == NULL)) return(NULL);
-        nn=sk_SSL_COMP_num(sk);
-        for (i=0; i<nn; i++)
-                {
-                ctmp=sk_SSL_COMP_value(sk,i);
-                if (ctmp->id == n)
-                        return(ctmp);
-                }
-        return(NULL);
-        }
-
-static int sk_comp_cmp(const SSL_COMP * const *a,
-                        const SSL_COMP * const *b)
-        {
-        return((*a)->id-(*b)->id);
-        }
-
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
-        {
-        return(ssl_comp_methods);
-        }
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
-        {
-        SSL_COMP *comp;
-        STACK_OF(SSL_COMP) *sk;
-
-        if (cm == NULL || cm->type == NID_undef)
-                return 1;
-
-        MemCheck_off();
-        comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-        comp->id=id;
-        comp->method=cm;
-        if (ssl_comp_methods == NULL)
-                sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
-        else
-                sk=ssl_comp_methods;
-        if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
-                {
-                MemCheck_on();
-                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
-                return(1);
-                }
-        else
-                {
-                MemCheck_on();
-                return(0);
-                }
-        }
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 4bcf591298..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[]=
-        {
-{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE),    "CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_CLIENT_FINISHED),       "CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_CLIENT_HELLO),  "CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),     "CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_D2I_SSL_SESSION),       "d2i_SSL_SESSION"},
-{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
-{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),   "GET_CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_GET_CLIENT_HELLO),      "GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_GET_SERVER_FINISHED),   "GET_SERVER_FINISHED"},
-{ERR_FUNC(SSL_F_GET_SERVER_HELLO),      "GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_GET_SERVER_VERIFY),     "GET_SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_I2D_SSL_SESSION),       "i2d_SSL_SESSION"},
-{ERR_FUNC(SSL_F_READ_N),        "READ_N"},
-{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE),   "REQUEST_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
-{ERR_FUNC(SSL_F_SERVER_HELLO),  "SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_SSL23_ACCEPT),  "SSL23_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO),    "SSL23_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
-{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO),        "SSL23_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO),        "SSL23_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_PEEK),    "SSL23_PEEK"},
-{ERR_FUNC(SSL_F_SSL23_READ),    "SSL23_READ"},
-{ERR_FUNC(SSL_F_SSL23_WRITE),   "SSL23_WRITE"},
-{ERR_FUNC(SSL_F_SSL2_ACCEPT),   "SSL2_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL2_CONNECT),  "SSL2_CONNECT"},
-{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
-{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),    "SSL2_GENERATE_KEY_MATERIAL"},
-{ERR_FUNC(SSL_F_SSL2_PEEK),     "SSL2_PEEK"},
-{ERR_FUNC(SSL_F_SSL2_READ),     "SSL2_READ"},
-{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL),    "SSL2_READ_INTERNAL"},
-{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE),  "SSL2_SET_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL2_WRITE),    "SSL2_WRITE"},
-{ERR_FUNC(SSL_F_SSL3_ACCEPT),   "SSL3_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),    "SSL3_CALLBACK_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),      "SSL3_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),     "SSL3_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CONNECT),  "SSL3_CONNECT"},
-{ERR_FUNC(SSL_F_SSL3_CTRL),     "SSL3_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_ENC),      "SSL3_ENC"},
-{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),       "SSL3_GENERATE_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),  "SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),  "SSL3_GET_CERT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),   "SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),  "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_FINISHED),     "SSL3_GET_FINISHED"},
-{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),      "SSL3_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_RECORD),       "SSL3_GET_RECORD"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),   "SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),  "SSL3_GET_SERVER_DONE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),        "SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL3_PEEK),     "SSL3_PEEK"},
-{ERR_FUNC(SSL_F_SSL3_READ_BYTES),       "SSL3_READ_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_READ_N),   "SSL3_READ_N"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),  "SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY),       "SSL3_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),  "SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO),        "SSL3_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS),    "SSL3_SETUP_BUFFERS"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),  "SSL3_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),      "SSL3_WRITE_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),    "SSL3_WRITE_PENDING"},
-{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),    "SSL_add_dir_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),   "SSL_add_file_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_BAD_METHOD),        "SSL_BAD_METHOD"},
-{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),      "SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CERT_DUP),  "SSL_CERT_DUP"},
-{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
-{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),  "SSL_CERT_INSTANTIATE"},
-{ERR_FUNC(SSL_F_SSL_CERT_NEW),  "SSL_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),    "SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),      "SSL_CIPHER_STRENGTH_SORT"},
-{ERR_FUNC(SSL_F_SSL_CLEAR),     "SSL_clear"},
-{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),       "SSL_COMP_add_compression_method"},
-{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST),        "SSL_CREATE_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CTRL),      "SSL_ctrl"},
-{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),     "SSL_CTX_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CTX_NEW),   "SSL_CTX_new"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),       "SSL_CTX_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),   "SSL_CTX_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),        "SSL_CTX_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),       "SSL_CTX_set_ssl_version"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST),     "SSL_CTX_set_trust"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE),       "SSL_CTX_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),  "SSL_CTX_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),    "SSL_CTX_use_certificate_chain_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),  "SSL_CTX_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY),        "SSL_CTX_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),   "SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),   "SSL_CTX_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY),     "SSL_CTX_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),        "SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),        "SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE),      "SSL_do_handshake"},
-{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),   "SSL_GET_NEW_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),  "SSL_GET_PREV_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),      "SSL_GET_SERVER_SEND_CERT"},
-{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),     "SSL_GET_SIGN_PKEY"},
-{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"},
-{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"},
-{ERR_FUNC(SSL_F_SSL_NEW),       "SSL_new"},
-{ERR_FUNC(SSL_F_SSL_READ),      "SSL_read"},
-{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),       "SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),        "SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_FUNC(SSL_F_SSL_SESSION_NEW),       "SSL_SESSION_new"},
-{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),  "SSL_SESSION_print_fp"},
-{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),     "SSL_SESS_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_SET_CERT),  "SSL_SET_CERT"},
-{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),   "SSL_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_SET_FD),    "SSL_set_fd"},
-{ERR_FUNC(SSL_F_SSL_SET_PKEY),  "SSL_SET_PKEY"},
-{ERR_FUNC(SSL_F_SSL_SET_PURPOSE),       "SSL_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_SET_RFD),   "SSL_set_rfd"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION),       "SSL_set_session"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),    "SSL_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-{ERR_FUNC(SSL_F_SSL_SET_WFD),   "SSL_set_wfd"},
-{ERR_FUNC(SSL_F_SSL_SHUTDOWN),  "SSL_shutdown"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),  "SSL_UNDEFINED_CONST_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),        "SSL_UNDEFINED_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE),   "SSL_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1),      "SSL_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE),      "SSL_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY),    "SSL_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1),       "SSL_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE),       "SSL_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),    "SSL_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),    "SSL_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL_WRITE),     "SSL_write"},
-{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),      "TLS1_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_TLS1_ENC),      "TLS1_ENC"},
-{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),  "TLS1_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
-{0,NULL}
-        };
-
-static ERR_STRING_DATA SSL_str_reasons[]=
-        {
-{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
-{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
-{ERR_REASON(SSL_R_BAD_ALERT_RECORD)      ,"bad alert record"},
-{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
-{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
-{ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},
-{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
-{ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
-{ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},
-{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
-{ERR_REASON(SSL_R_BAD_DH_P_LENGTH)       ,"bad dh p length"},
-{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH)     ,"bad digest length"},
-{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE)     ,"bad dsa signature"},
-{ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
-{ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
-{ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
-{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},
-{ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},
-{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
-{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
-{ERR_REASON(SSL_R_BAD_RSA_DECRYPT)       ,"bad rsa decrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT)       ,"bad rsa encrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH)      ,"bad rsa e length"},
-{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
-{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE)     ,"bad rsa signature"},
-{ERR_REASON(SSL_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(SSL_R_BAD_SSL_FILETYPE)      ,"bad ssl filetype"},
-{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
-{ERR_REASON(SSL_R_BAD_STATE)             ,"bad state"},
-{ERR_REASON(SSL_R_BAD_WRITE_RETRY)       ,"bad write retry"},
-{ERR_REASON(SSL_R_BIO_NOT_SET)           ,"bio not set"},
-{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
-{ERR_REASON(SSL_R_BN_LIB)                ,"bn lib"},
-{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
-{ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},
-{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},
-{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
-{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},
-{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
-{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
-{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
-{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
-{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
-{ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
-{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
-{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
-{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
-{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
-{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
-{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
-{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
-{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
-{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
-{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
-{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
-{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
-{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
-{ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
-{ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
-{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
-{ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
-{ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
-{ERR_REASON(SSL_R_INVALID_TRUST)         ,"invalid trust"},
-{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG)      ,"key arg too long"},
-{ERR_REASON(SSL_R_KRB5)                  ,"krb5"},
-{ERR_REASON(SSL_R_KRB5_C_CC_PRINC)       ,"krb5 client cc principal (no tkt?)"},
-{ERR_REASON(SSL_R_KRB5_C_GET_CRED)       ,"krb5 client get cred"},
-{ERR_REASON(SSL_R_KRB5_C_INIT)           ,"krb5 client init"},
-{ERR_REASON(SSL_R_KRB5_C_MK_REQ)         ,"krb5 client mk_req (expired tkt?)"},
-{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET)     ,"krb5 server bad ticket"},
-{ERR_REASON(SSL_R_KRB5_S_INIT)           ,"krb5 server init"},
-{ERR_REASON(SSL_R_KRB5_S_RD_REQ)         ,"krb5 server rd_req (keytab perms?)"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED)    ,"krb5 server tkt expired"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_NYV)        ,"krb5 server tkt not yet valid"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW)       ,"krb5 server tkt skew"},
-{ERR_REASON(SSL_R_LENGTH_MISMATCH)       ,"length mismatch"},
-{ERR_REASON(SSL_R_LENGTH_TOO_SHORT)      ,"length too short"},
-{ERR_REASON(SSL_R_LIBRARY_BUG)           ,"library bug"},
-{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
-{ERR_REASON(SSL_R_MESSAGE_TOO_LONG)      ,"message too long"},
-{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT)   ,"missing dh dsa cert"},
-{ERR_REASON(SSL_R_MISSING_DH_KEY)        ,"missing dh key"},
-{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT)   ,"missing dh rsa cert"},
-{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
-{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
-{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
-{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
-{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
-{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SET)    ,"no certificate set"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
-{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE)  ,"no ciphers available"},
-{ERR_REASON(SSL_R_NO_CIPHERS_PASSED)     ,"no ciphers passed"},
-{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED)  ,"no ciphers specified"},
-{ERR_REASON(SSL_R_NO_CIPHER_LIST)        ,"no cipher list"},
-{ERR_REASON(SSL_R_NO_CIPHER_MATCH)       ,"no cipher match"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
-{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
-{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
-{ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
-{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
-{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
-{ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
-{ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
-{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
-{ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
-{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
-{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
-{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
-{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
-{ERR_REASON(SSL_R_PATH_TOO_LONG)         ,"path too long"},
-{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR)            ,"peer error"},
-{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
-{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
-{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
-{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
-{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},
-{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
-{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
-{ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
-{ERR_REASON(SSL_R_RECORD_TOO_SMALL)      ,"record too small"},
-{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
-{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
-{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
-{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
-{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-{ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
-{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
-{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
-{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
-{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
-{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
-{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
-{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
-{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
-{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
-{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE)    ,"unexpected message"},
-{ERR_REASON(SSL_R_UNEXPECTED_RECORD)     ,"unexpected record"},
-{ERR_REASON(SSL_R_UNINITIALIZED)         ,"uninitialized"},
-{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE)    ,"unknown alert type"},
-{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE)   ,"unknown cipher type"},
-{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
-{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE)     ,"unknown pkey type"},
-{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL)      ,"unknown protocol"},
-{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
-{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},
-{ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
-{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},
-{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
-{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     ,"write bio not set"},
-{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
-{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    ,"wrong message type"},
-{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  ,"wrong signature size"},
-{ERR_REASON(SSL_R_WRONG_SSL_VERSION)     ,"wrong ssl version"},
-{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
-{ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},
-{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{0,NULL}
-        };
-
-#endif
-
-void ERR_load_SSL_strings(void)
-        {
-        static int init=1;
-
-        if (init)
-                {
-                init=0;
-#ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,SSL_str_functs);
-                ERR_load_strings(0,SSL_str_reasons);
-#endif
-
-                }
-        }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
-        {
-#ifndef OPENSSL_NO_ERR
-        ERR_load_crypto_strings();
-        ERR_load_SSL_strings();
-#endif
-        }
-
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 0f4b7a475b..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,2355 +0,0 @@
-/*! \file ssl/ssl_lib.c
- *  \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#ifdef REF_CHECK
-#  include <assert.h>
-#endif
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#include <openssl/fips.h>
-
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method={
-        /* evil casts, but these functions are only called if there's a library bug */
-        (int (*)(SSL *,int))ssl_undefined_function,
-        (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
-        ssl_undefined_function,
-        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
-        (int (*)(SSL*, int))ssl_undefined_function,
-        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
-        };
-
-int SSL_clear(SSL *s)
-        {
-
-        if (s->method == NULL)
-                {
-                SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
-                return(0);
-                }
-
-        if (ssl_clear_bad_session(s))
-                {
-                SSL_SESSION_free(s->session);
-                s->session=NULL;
-                }
-
-        s->error=0;
-        s->hit=0;
-        s->shutdown=0;
-
-#if 0 /* Disabled since version 1.10 of this file (early return not
-       * needed because SSL_clear is not called when doing renegotiation) */
-        /* This is set if we are doing dynamic renegotiation so keep
-         * the old cipher.  It is sort of a SSL_clear_lite :-) */
-        if (s->new_session) return(1);
-#else
-        if (s->new_session)
-                {
-                SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
-                return 0;
-                }
-#endif
-
-        s->type=0;
-
-        s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
-
-        s->version=s->method->version;
-        s->client_version=s->version;
-        s->rwstate=SSL_NOTHING;
-        s->rstate=SSL_ST_READ_HEADER;
-#if 0
-        s->read_ahead=s->ctx->read_ahead;
-#endif
-
-        if (s->init_buf != NULL)
-                {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf=NULL;
-                }
-
-        ssl_clear_cipher_ctx(s);
-
-        s->first_packet=0;
-
-#if 1
-        /* Check to see if we were changed into a different method, if
-         * so, revert back if we are not doing session-id reuse. */
-        if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
-                {
-                s->method->ssl_free(s);
-                s->method=s->ctx->method;
-                if (!s->method->ssl_new(s))
-                        return(0);
-                }
-        else
-#endif
-                s->method->ssl_clear(s);
-        return(1);
-        }
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
-        {
-        STACK_OF(SSL_CIPHER) *sk;
-
-        ctx->method=meth;
-
-        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-                &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
-        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
-                {
-                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-                return(0);
-                }
-        return(1);
-        }
-
-SSL *SSL_new(SSL_CTX *ctx)
-        {
-        SSL *s;
-
-        if (ctx == NULL)
-                {
-                SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
-                return(NULL);
-                }
-        if (ctx->method == NULL)
-                {
-                SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
-                return(NULL);
-                }
-
-        s=(SSL *)OPENSSL_malloc(sizeof(SSL));
-        if (s == NULL) goto err;
-        memset(s,0,sizeof(SSL));
-
-#ifndef OPENSSL_NO_KRB5
-        s->kssl_ctx = kssl_ctx_new();
-#endif  /* OPENSSL_NO_KRB5 */
-
-        s->options=ctx->options;
-        s->mode=ctx->mode;
-        s->max_cert_list=ctx->max_cert_list;
-
-        if (ctx->cert != NULL)
-                {
-                /* Earlier library versions used to copy the pointer to
-                 * the CERT, not its contents; only when setting new
-                 * parameters for the per-SSL copy, ssl_cert_new would be
-                 * called (and the direct reference to the per-SSL_CTX
-                 * settings would be lost, but those still were indirectly
-                 * accessed for various purposes, and for that reason they
-                 * used to be known as s->ctx->default_cert).
-                 * Now we don't look at the SSL_CTX's CERT after having
-                 * duplicated it once. */
-
-                s->cert = ssl_cert_dup(ctx->cert);
-                if (s->cert == NULL)
-                        goto err;
-                }
-        else
-                s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
-
-        s->read_ahead=ctx->read_ahead;
-        s->msg_callback=ctx->msg_callback;
-        s->msg_callback_arg=ctx->msg_callback_arg;
-        s->verify_mode=ctx->verify_mode;
-        s->verify_depth=ctx->verify_depth;
-        s->sid_ctx_length=ctx->sid_ctx_length;
-        OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
-        memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
-        s->verify_callback=ctx->default_verify_callback;
-        s->generate_session_id=ctx->generate_session_id;
-        s->purpose = ctx->purpose;
-        s->trust = ctx->trust;
-        s->quiet_shutdown=ctx->quiet_shutdown;
-
-        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-        s->ctx=ctx;
-
-        s->verify_result=X509_V_OK;
-
-        s->method=ctx->method;
-
-        if (!s->method->ssl_new(s))
-                goto err;
-
-        s->references=1;
-        s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
-
-        SSL_clear(s);
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-        return(s);
-err:
-        if (s != NULL)
-                {
-                if (s->cert != NULL)
-                        ssl_cert_free(s->cert);
-                if (s->ctx != NULL)
-                        SSL_CTX_free(s->ctx); /* decrement reference count */
-                OPENSSL_free(s);
-                }
-        SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
-        return(NULL);
-        }
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len)
-    {
-    if(sid_ctx_len > sizeof ctx->sid_ctx)
-        {
-        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-        return 0;
-        }
-    ctx->sid_ctx_length=sid_ctx_len;
-    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
-
-    return 1;
-    }
-
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len)
-    {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
-        {
-        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-        return 0;
-        }
-    ssl->sid_ctx_length=sid_ctx_len;
-    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
-
-    return 1;
-    }
-
-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        ctx->generate_session_id = cb;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        return 1;
-        }
-
-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
-        {
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-        ssl->generate_session_id = cb;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-        return 1;
-        }
-
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                unsigned int id_len)
-        {
-        /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-         * we can "construct" a session to give us the desired check - ie. to
-         * find if there's a session in the hash table that would conflict with
-         * any new session built out of this id/id_len and the ssl_version in
-         * use by this SSL. */
-        SSL_SESSION r, *p;
-
-        if(id_len > sizeof r.session_id)
-                return 0;
-
-        r.ssl_version = ssl->version;
-        r.session_id_length = id_len;
-        memcpy(r.session_id, id, id_len);
-        /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-         * callback is calling us to check the uniqueness of a shorter ID, it
-         * must be compared as a padded-out ID because that is what it will be
-         * converted to when the callback has finished choosing it. */
-        if((r.ssl_version == SSL2_VERSION) &&
-                        (id_len < SSL2_SSL_SESSION_ID_LENGTH))
-                {
-                memset(r.session_id + id_len, 0,
-                        SSL2_SSL_SESSION_ID_LENGTH - id_len);
-                r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-                }
-
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-        return (p != NULL);
-        }
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-        {
-        return X509_PURPOSE_set(&s->purpose, purpose);
-        }
-
-int SSL_set_purpose(SSL *s, int purpose)
-        {
-        return X509_PURPOSE_set(&s->purpose, purpose);
-        }
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
-        {
-        return X509_TRUST_set(&s->trust, trust);
-        }
-
-int SSL_set_trust(SSL *s, int trust)
-        {
-        return X509_TRUST_set(&s->trust, trust);
-        }
-
-void SSL_free(SSL *s)
-        {
-        int i;
-
-        if(s == NULL)
-            return;
-
-        i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
-        REF_PRINT("SSL",s);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"SSL_free, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-        if (s->bbio != NULL)
-                {
-                /* If the buffering BIO is in place, pop it off */
-                if (s->bbio == s->wbio)
-                        {
-                        s->wbio=BIO_pop(s->wbio);
-                        }
-                BIO_free(s->bbio);
-                s->bbio=NULL;
-                }
-        if (s->rbio != NULL)
-                BIO_free_all(s->rbio);
-        if ((s->wbio != NULL) && (s->wbio != s->rbio))
-                BIO_free_all(s->wbio);
-
-        if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
-
-        /* add extra stuff */
-        if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
-        if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-        /* Make the next call work :-) */
-        if (s->session != NULL)
-                {
-                ssl_clear_bad_session(s);
-                SSL_SESSION_free(s->session);
-                }
-
-        ssl_clear_cipher_ctx(s);
-
-        if (s->cert != NULL) ssl_cert_free(s->cert);
-        /* Free up if allocated */
-
-        if (s->ctx) SSL_CTX_free(s->ctx);
-
-        if (s->client_CA != NULL)
-                sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
-
-        if (s->method != NULL) s->method->ssl_free(s);
-
-#ifndef OPENSSL_NO_KRB5
-        if (s->kssl_ctx != NULL)
-                kssl_ctx_free(s->kssl_ctx);
-#endif  /* OPENSSL_NO_KRB5 */
-
-        OPENSSL_free(s);
-        }
-
-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
-        {
-        /* If the output buffering BIO is still in place, remove it
-         */
-        if (s->bbio != NULL)
-                {
-                if (s->wbio == s->bbio)
-                        {
-                        s->wbio=s->wbio->next_bio;
-                        s->bbio->next_bio=NULL;
-                        }
-                }
-        if ((s->rbio != NULL) && (s->rbio != rbio))
-                BIO_free_all(s->rbio);
-        if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
-                BIO_free_all(s->wbio);
-        s->rbio=rbio;
-        s->wbio=wbio;
-        }
-
-BIO *SSL_get_rbio(const SSL *s)
-        { return(s->rbio); }
-
-BIO *SSL_get_wbio(const SSL *s)
-        { return(s->wbio); }
-
-int SSL_get_fd(const SSL *s)
-        {
-        return(SSL_get_rfd(s));
-        }
-
-int SSL_get_rfd(const SSL *s)
-        {
-        int ret= -1;
-        BIO *b,*r;
-
-        b=SSL_get_rbio(s);
-        r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
-        if (r != NULL)
-                BIO_get_fd(r,&ret);
-        return(ret);
-        }
-
-int SSL_get_wfd(const SSL *s)
-        {
-        int ret= -1;
-        BIO *b,*r;
-
-        b=SSL_get_wbio(s);
-        r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
-        if (r != NULL)
-                BIO_get_fd(r,&ret);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s,int fd)
-        {
-        int ret=0;
-        BIO *bio=NULL;
-
-        bio=BIO_new(BIO_s_socket());
-
-        if (bio == NULL)
-                {
-                SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
-                goto err;
-                }
-        BIO_set_fd(bio,fd,BIO_NOCLOSE);
-        SSL_set_bio(s,bio,bio);
-        ret=1;
-err:
-        return(ret);
-        }
-
-int SSL_set_wfd(SSL *s,int fd)
-        {
-        int ret=0;
-        BIO *bio=NULL;
-
-        if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-                || ((int)BIO_get_fd(s->rbio,NULL) != fd))
-                {
-                bio=BIO_new(BIO_s_socket());
-
-                if (bio == NULL)
-                        { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
-                BIO_set_fd(bio,fd,BIO_NOCLOSE);
-                SSL_set_bio(s,SSL_get_rbio(s),bio);
-                }
-        else
-                SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
-        ret=1;
-err:
-        return(ret);
-        }
-
-int SSL_set_rfd(SSL *s,int fd)
-        {
-        int ret=0;
-        BIO *bio=NULL;
-
-        if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-                || ((int)BIO_get_fd(s->wbio,NULL) != fd))
-                {
-                bio=BIO_new(BIO_s_socket());
-
-                if (bio == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
-                        goto err;
-                        }
-                BIO_set_fd(bio,fd,BIO_NOCLOSE);
-                SSL_set_bio(s,bio,SSL_get_wbio(s));
-                }
-        else
-                SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
-        ret=1;
-err:
-        return(ret);
-        }
-#endif
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
-        {
-        size_t ret = 0;
-        
-        if (s->s3 != NULL)
-                {
-                ret = s->s3->tmp.finish_md_len;
-                if (count > ret)
-                        count = ret;
-                memcpy(buf, s->s3->tmp.finish_md, count);
-                }
-        return ret;
-        }
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
-        {
-        size_t ret = 0;
-        
-        if (s->s3 != NULL)
-                {
-                ret = s->s3->tmp.peer_finish_md_len;
-                if (count > ret)
-                        count = ret;
-                memcpy(buf, s->s3->tmp.peer_finish_md, count);
-                }
-        return ret;
-        }
-
-
-int SSL_get_verify_mode(const SSL *s)
-        {
-        return(s->verify_mode);
-        }
-
-int SSL_get_verify_depth(const SSL *s)
-        {
-        return(s->verify_depth);
-        }
-
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
-        {
-        return(s->verify_callback);
-        }
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
-        {
-        return(ctx->verify_mode);
-        }
-
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
-        {
-        return(ctx->verify_depth);
-        }
-
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
-        {
-        return(ctx->default_verify_callback);
-        }
-
-void SSL_set_verify(SSL *s,int mode,
-                    int (*callback)(int ok,X509_STORE_CTX *ctx))
-        {
-        s->verify_mode=mode;
-        if (callback != NULL)
-                s->verify_callback=callback;
-        }
-
-void SSL_set_verify_depth(SSL *s,int depth)
-        {
-        s->verify_depth=depth;
-        }
-
-void SSL_set_read_ahead(SSL *s,int yes)
-        {
-        s->read_ahead=yes;
-        }
-
-int SSL_get_read_ahead(const SSL *s)
-        {
-        return(s->read_ahead);
-        }
-
-int SSL_pending(const SSL *s)
-        {
-        /* SSL_pending cannot work properly if read-ahead is enabled
-         * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
-         * and it is impossible to fix since SSL_pending cannot report
-         * errors that may be observed while scanning the new data.
-         * (Note that SSL_pending() is often used as a boolean value,
-         * so we'd better not return -1.)
-         */
-        return(s->method->ssl_pending(s));
-        }
-
-X509 *SSL_get_peer_certificate(const SSL *s)
-        {
-        X509 *r;
-        
-        if ((s == NULL) || (s->session == NULL))
-                r=NULL;
-        else
-                r=s->session->peer;
-
-        if (r == NULL) return(r);
-
-        CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
-
-        return(r);
-        }
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
-        {
-        STACK_OF(X509) *r;
-        
-        if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
-                r=NULL;
-        else
-                r=s->session->sess_cert->cert_chain;
-
-        /* If we are a client, cert_chain includes the peer's own
-         * certificate; if we are a server, it does not. */
-        
-        return(r);
-        }
-
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify.  We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,const SSL *f)
-        {
-        CERT *tmp;
-
-        /* Do we need to to SSL locking? */
-        SSL_set_session(t,SSL_get_session(f));
-
-        /* what if we are setup as SSLv2 but want to talk SSLv3 or
-         * vice-versa */
-        if (t->method != f->method)
-                {
-                t->method->ssl_free(t); /* cleanup current */
-                t->method=f->method;    /* change method */
-                t->method->ssl_new(t);  /* setup new */
-                }
-
-        tmp=t->cert;
-        if (f->cert != NULL)
-                {
-                CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-                t->cert=f->cert;
-                }
-        else
-                t->cert=NULL;
-        if (tmp != NULL) ssl_cert_free(tmp);
-        SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
-        }
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
-        {
-        if (    (ctx == NULL) ||
-                (ctx->cert == NULL) ||
-                (ctx->cert->key->x509 == NULL))
-                {
-                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return(0);
-                }
-        if      (ctx->cert->key->privatekey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-                return(0);
-                }
-        return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
-        }
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(const SSL *ssl)
-        {
-        if (ssl == NULL)
-                {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (ssl->cert == NULL)
-                {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return 0;
-                }
-        if (ssl->cert->key->x509 == NULL)
-                {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return(0);
-                }
-        if (ssl->cert->key->privatekey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-                return(0);
-                }
-        return(X509_check_private_key(ssl->cert->key->x509,
-                ssl->cert->key->privatekey));
-        }
-
-int SSL_accept(SSL *s)
-        {
-        if (s->handshake_func == 0)
-                /* Not properly initialized yet */
-                SSL_set_accept_state(s);
-
-        return(s->method->ssl_accept(s));
-        }
-
-int SSL_connect(SSL *s)
-        {
-        if (s->handshake_func == 0)
-                /* Not properly initialized yet */
-                SSL_set_connect_state(s);
-
-        return(s->method->ssl_connect(s));
-        }
-
-long SSL_get_default_timeout(const SSL *s)
-        {
-        return(s->method->get_timeout());
-        }
-
-int SSL_read(SSL *s,void *buf,int num)
-        {
-        if (s->handshake_func == 0)
-                {
-                SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
-                return -1;
-                }
-
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-                {
-                s->rwstate=SSL_NOTHING;
-                return(0);
-                }
-        return(s->method->ssl_read(s,buf,num));
-        }
-
-int SSL_peek(SSL *s,void *buf,int num)
-        {
-        if (s->handshake_func == 0)
-                {
-                SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
-                return -1;
-                }
-
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-                {
-                return(0);
-                }
-        return(s->method->ssl_peek(s,buf,num));
-        }
-
-int SSL_write(SSL *s,const void *buf,int num)
-        {
-        if (s->handshake_func == 0)
-                {
-                SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
-                return -1;
-                }
-
-        if (s->shutdown & SSL_SENT_SHUTDOWN)
-                {
-                s->rwstate=SSL_NOTHING;
-                SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
-                return(-1);
-                }
-        return(s->method->ssl_write(s,buf,num));
-        }
-
-int SSL_shutdown(SSL *s)
-        {
-        /* Note that this function behaves differently from what one might
-         * expect.  Return values are 0 for no success (yet),
-         * 1 for success; but calling it once is usually not enough,
-         * even if blocking I/O is used (see ssl3_shutdown).
-         */
-
-        if (s->handshake_func == 0)
-                {
-                SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
-                return -1;
-                }
-
-        if ((s != NULL) && !SSL_in_init(s))
-                return(s->method->ssl_shutdown(s));
-        else
-                return(1);
-        }
-
-int SSL_renegotiate(SSL *s)
-        {
-        if (s->new_session == 0)
-                {
-                s->new_session=1;
-                }
-        return(s->method->ssl_renegotiate(s));
-        }
-
-int SSL_renegotiate_pending(SSL *s)
-        {
-        /* becomes true when negotiation is requested;
-         * false again once a handshake has finished */
-        return (s->new_session != 0);
-        }
-
-long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
-        {
-        long l;
-
-        switch (cmd)
-                {
-        case SSL_CTRL_GET_READ_AHEAD:
-                return(s->read_ahead);
-        case SSL_CTRL_SET_READ_AHEAD:
-                l=s->read_ahead;
-                s->read_ahead=larg;
-                return(l);
-
-        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-                s->msg_callback_arg = parg;
-                return 1;
-
-        case SSL_CTRL_OPTIONS:
-                return(s->options|=larg);
-        case SSL_CTRL_MODE:
-                return(s->mode|=larg);
-        case SSL_CTRL_GET_MAX_CERT_LIST:
-                return(s->max_cert_list);
-        case SSL_CTRL_SET_MAX_CERT_LIST:
-                l=s->max_cert_list;
-                s->max_cert_list=larg;
-                return(l);
-        default:
-                return(s->method->ssl_ctrl(s,cmd,larg,parg));
-                }
-        }
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
-        {
-        switch(cmd)
-                {
-        case SSL_CTRL_SET_MSG_CALLBACK:
-                s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
-                return 1;
-                
-        default:
-                return(s->method->ssl_callback_ctrl(s,cmd,fp));
-                }
-        }
-
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
-        {
-        return ctx->sessions;
-        }
-
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
-        {
-        long l;
-
-        switch (cmd)
-                {
-        case SSL_CTRL_GET_READ_AHEAD:
-                return(ctx->read_ahead);
-        case SSL_CTRL_SET_READ_AHEAD:
-                l=ctx->read_ahead;
-                ctx->read_ahead=larg;
-                return(l);
-                
-        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-                ctx->msg_callback_arg = parg;
-                return 1;
-
-        case SSL_CTRL_GET_MAX_CERT_LIST:
-                return(ctx->max_cert_list);
-        case SSL_CTRL_SET_MAX_CERT_LIST:
-                l=ctx->max_cert_list;
-                ctx->max_cert_list=larg;
-                return(l);
-
-        case SSL_CTRL_SET_SESS_CACHE_SIZE:
-                l=ctx->session_cache_size;
-                ctx->session_cache_size=larg;
-                return(l);
-        case SSL_CTRL_GET_SESS_CACHE_SIZE:
-                return(ctx->session_cache_size);
-        case SSL_CTRL_SET_SESS_CACHE_MODE:
-                l=ctx->session_cache_mode;
-                ctx->session_cache_mode=larg;
-                return(l);
-        case SSL_CTRL_GET_SESS_CACHE_MODE:
-                return(ctx->session_cache_mode);
-
-        case SSL_CTRL_SESS_NUMBER:
-                return(ctx->sessions->num_items);
-        case SSL_CTRL_SESS_CONNECT:
-                return(ctx->stats.sess_connect);
-        case SSL_CTRL_SESS_CONNECT_GOOD:
-                return(ctx->stats.sess_connect_good);
-        case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-                return(ctx->stats.sess_connect_renegotiate);
-        case SSL_CTRL_SESS_ACCEPT:
-                return(ctx->stats.sess_accept);
-        case SSL_CTRL_SESS_ACCEPT_GOOD:
-                return(ctx->stats.sess_accept_good);
-        case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-                return(ctx->stats.sess_accept_renegotiate);
-        case SSL_CTRL_SESS_HIT:
-                return(ctx->stats.sess_hit);
-        case SSL_CTRL_SESS_CB_HIT:
-                return(ctx->stats.sess_cb_hit);
-        case SSL_CTRL_SESS_MISSES:
-                return(ctx->stats.sess_miss);
-        case SSL_CTRL_SESS_TIMEOUTS:
-                return(ctx->stats.sess_timeout);
-        case SSL_CTRL_SESS_CACHE_FULL:
-                return(ctx->stats.sess_cache_full);
-        case SSL_CTRL_OPTIONS:
-                return(ctx->options|=larg);
-        case SSL_CTRL_MODE:
-                return(ctx->mode|=larg);
-        default:
-                return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
-                }
-        }
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
-        {
-        switch(cmd)
-                {
-        case SSL_CTRL_SET_MSG_CALLBACK:
-                ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
-                return 1;
-
-        default:
-                return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
-                }
-        }
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
-        {
-        long l;
-
-        l=a->id-b->id;
-        if (l == 0L)
-                return(0);
-        else
-                return((l > 0)?1:-1);
-        }
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp)
-        {
-        long l;
-
-        l=(*ap)->id-(*bp)->id;
-        if (l == 0L)
-                return(0);
-        else
-                return((l > 0)?1:-1);
-        }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
-        {
-        if (s != NULL)
-                {
-                if (s->cipher_list != NULL)
-                        {
-                        return(s->cipher_list);
-                        }
-                else if ((s->ctx != NULL) &&
-                        (s->ctx->cipher_list != NULL))
-                        {
-                        return(s->ctx->cipher_list);
-                        }
-                }
-        return(NULL);
-        }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
-        {
-        if (s != NULL)
-                {
-                if (s->cipher_list_by_id != NULL)
-                        {
-                        return(s->cipher_list_by_id);
-                        }
-                else if ((s->ctx != NULL) &&
-                        (s->ctx->cipher_list_by_id != NULL))
-                        {
-                        return(s->ctx->cipher_list_by_id);
-                        }
-                }
-        return(NULL);
-        }
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
-        {
-        SSL_CIPHER *c;
-        STACK_OF(SSL_CIPHER) *sk;
-
-        if (s == NULL) return(NULL);
-        sk=SSL_get_ciphers(s);
-        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
-                return(NULL);
-        c=sk_SSL_CIPHER_value(sk,n);
-        if (c == NULL) return(NULL);
-        return(c->name);
-        }
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
-        {
-        STACK_OF(SSL_CIPHER) *sk;
-        
-        sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
-                &ctx->cipher_list_by_id,str);
-        /* ssl_create_cipher_list may return an empty stack if it
-         * was unable to find a cipher matching the given rule string
-         * (for example if the rule string specifies a cipher which
-         * has been disabled). This is not an error as far as 
-         * ssl_create_cipher_list is concerned, and hence 
-         * ctx->cipher_list and ctx->cipher_list_by_id has been
-         * updated. */
-        if (sk == NULL)
-                return 0;
-        else if (sk_SSL_CIPHER_num(sk) == 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-                return 0;
-                }
-        return 1;
-        }
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,const char *str)
-        {
-        STACK_OF(SSL_CIPHER) *sk;
-        
-        sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
-                &s->cipher_list_by_id,str);
-        /* see comment in SSL_CTX_set_cipher_list */
-        if (sk == NULL)
-                return 0;
-        else if (sk_SSL_CIPHER_num(sk) == 0)
-                {
-                SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-                return 0;
-                }
-        return 1;
-        }
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
-        {
-        char *end;
-        STACK_OF(SSL_CIPHER) *sk;
-        SSL_CIPHER *c;
-        size_t curlen = 0;
-        int i;
-
-        if ((s->session == NULL) || (s->session->ciphers == NULL) ||
-                (len < 2))
-                return(NULL);
-
-        sk=s->session->ciphers;
-        buf[0] = '\0';
-        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-                {
-                c=sk_SSL_CIPHER_value(sk,i);
-                end = buf + curlen;
-                if (strlcat(buf, c->name, len) >= len ||
-                    (curlen = strlcat(buf, ":", len)) >= len)
-                        {
-                        /* remove truncated cipher from list */
-                        *end = '\0';
-                        break;
-                        }
-                }
-        /* remove trailing colon */
-        if ((end = strrchr(buf, ':')) != NULL)
-                *end = '\0';
-        return(buf);
-        }
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
-        {
-        int i,j=0;
-        SSL_CIPHER *c;
-        unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
-        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
-        if (sk == NULL) return(0);
-        q=p;
-
-        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-                {
-                c=sk_SSL_CIPHER_value(sk,i);
-#ifndef OPENSSL_NO_KRB5
-                if ((c->algorithms & SSL_KRB5) && nokrb5)
-                    continue;
-#endif /* OPENSSL_NO_KRB5 */                    
-
-                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
-                p+=j;
-                }
-        return(p-q);
-        }
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-                                               STACK_OF(SSL_CIPHER) **skp)
-        {
-        SSL_CIPHER *c;
-        STACK_OF(SSL_CIPHER) *sk;
-        int i,n;
-
-        n=ssl_put_cipher_by_char(s,NULL,NULL);
-        if ((num%n) != 0)
-                {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-                return(NULL);
-                }
-        if ((skp == NULL) || (*skp == NULL))
-                sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
-        else
-                {
-                sk= *skp;
-                sk_SSL_CIPHER_zero(sk);
-                }
-
-        for (i=0; i<num; i+=n)
-                {
-                c=ssl_get_cipher_by_char(s,p);
-                p+=n;
-                if (c != NULL)
-                        {
-                        if (!sk_SSL_CIPHER_push(sk,c))
-                                {
-                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        }
-                }
-
-        if (skp != NULL)
-                *skp=sk;
-        return(sk);
-err:
-        if ((skp == NULL) || (*skp == NULL))
-                sk_SSL_CIPHER_free(sk);
-        return(NULL);
-        }
-
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
-        {
-        unsigned long l;
-
-        l=(unsigned long)
-                ((unsigned int) a->session_id[0]     )|
-                ((unsigned int) a->session_id[1]<< 8L)|
-                ((unsigned long)a->session_id[2]<<16L)|
-                ((unsigned long)a->session_id[3]<<24L);
-        return(l);
-        }
-
-/* NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
- * able to construct an SSL_SESSION that will collide with any existing session
- * with a matching session ID. */
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
-        {
-        if (a->ssl_version != b->ssl_version)
-                return(1);
-        if (a->session_id_length != b->session_id_length)
-                return(1);
-        return(memcmp(a->session_id,b->session_id,a->session_id_length));
-        }
-
-/* These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed via
- * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
-
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
-        {
-        SSL_CTX *ret=NULL;
-        
-        if (meth == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
-                return(NULL);
-                }
-
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (meth->version < TLS1_VERSION))      
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-                }
-#endif
-
-        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-                goto err;
-                }
-        ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
-        if (ret == NULL)
-                goto err;
-
-        memset(ret,0,sizeof(SSL_CTX));
-
-        ret->method=meth;
-
-        ret->cert_store=NULL;
-        ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
-        ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
-        ret->session_cache_head=NULL;
-        ret->session_cache_tail=NULL;
-
-        /* We take the system default */
-        ret->session_timeout=meth->get_timeout();
-
-        ret->new_session_cb=0;
-        ret->remove_session_cb=0;
-        ret->get_session_cb=0;
-        ret->generate_session_id=0;
-
-        memset((char *)&ret->stats,0,sizeof(ret->stats));
-
-        ret->references=1;
-        ret->quiet_shutdown=0;
-
-/*      ret->cipher=NULL;*/
-/*      ret->s2->challenge=NULL;
-        ret->master_key=NULL;
-        ret->key_arg=NULL;
-        ret->s2->conn_id=NULL; */
-
-        ret->info_callback=NULL;
-
-        ret->app_verify_callback=0;
-        ret->app_verify_arg=NULL;
-
-        ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
-        ret->read_ahead=0;
-        ret->msg_callback=0;
-        ret->msg_callback_arg=NULL;
-        ret->verify_mode=SSL_VERIFY_NONE;
-        ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
-        ret->sid_ctx_length=0;
-        ret->default_verify_callback=NULL;
-        if ((ret->cert=ssl_cert_new()) == NULL)
-                goto err;
-
-        ret->default_passwd_callback=0;
-        ret->default_passwd_callback_userdata=NULL;
-        ret->client_cert_cb=0;
-
-        ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
-                        LHASH_COMP_FN(SSL_SESSION_cmp));
-        if (ret->sessions == NULL) goto err;
-        ret->cert_store=X509_STORE_new();
-        if (ret->cert_store == NULL) goto err;
-
-        ssl_create_cipher_list(ret->method,
-                &ret->cipher_list,&ret->cipher_list_by_id,
-                SSL_DEFAULT_CIPHER_LIST);
-        if (ret->cipher_list == NULL
-            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
-                goto err2;
-                }
-
-        if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
-                goto err2;
-                }
-        if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-                goto err2;
-                }
-        if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-                goto err2;
-                }
-
-        if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
-                goto err;
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
-        ret->extra_certs=NULL;
-        ret->comp_methods=SSL_COMP_get_compression_methods();
-
-        return(ret);
-err:
-        SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-err2:
-        if (ret != NULL) SSL_CTX_free(ret);
-        return(NULL);
-        }
-
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
-    { OPENSSL_free(comp); }
-#endif
-
-void SSL_CTX_free(SSL_CTX *a)
-        {
-        int i;
-
-        if (a == NULL) return;
-
-        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
-        REF_PRINT("SSL_CTX",a);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"SSL_CTX_free, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-
-        /*
-         * Free internal session cache. However: the remove_cb() may reference
-         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
-         * after the sessions were flushed.
-         * As the ex_data handling routines might also touch the session cache,
-         * the most secure solution seems to be: empty (flush) the cache, then
-         * free ex_data, then finally free the cache.
-         * (See ticket [openssl.org #212].)
-         */
-        if (a->sessions != NULL)
-                SSL_CTX_flush_sessions(a,0);
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
-        if (a->sessions != NULL)
-                lh_free(a->sessions);
-
-        if (a->cert_store != NULL)
-                X509_STORE_free(a->cert_store);
-        if (a->cipher_list != NULL)
-                sk_SSL_CIPHER_free(a->cipher_list);
-        if (a->cipher_list_by_id != NULL)
-                sk_SSL_CIPHER_free(a->cipher_list_by_id);
-        if (a->cert != NULL)
-                ssl_cert_free(a->cert);
-        if (a->client_CA != NULL)
-                sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
-        if (a->extra_certs != NULL)
-                sk_X509_pop_free(a->extra_certs,X509_free);
-#if 0 /* This should never be done, since it removes a global database */
-        if (a->comp_methods != NULL)
-                sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-#else
-        a->comp_methods = NULL;
-#endif
-        OPENSSL_free(a);
-        }
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
-        {
-        ctx->default_passwd_callback=cb;
-        }
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
-        {
-        ctx->default_passwd_callback_userdata=u;
-        }
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
-        {
-        ctx->app_verify_callback=cb;
-        ctx->app_verify_arg=arg;
-        }
-
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
-        {
-        ctx->verify_mode=mode;
-        ctx->default_verify_callback=cb;
-        }
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
-        {
-        ctx->verify_depth=depth;
-        }
-
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
-        {
-        CERT_PKEY *cpk;
-        int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
-        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
-        int rsa_tmp_export,dh_tmp_export,kl;
-        unsigned long mask,emask;
-
-        if (c == NULL) return;
-
-        kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
-        rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
-        rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
-                (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
-        rsa_tmp=rsa_tmp_export=0;
-#endif
-#ifndef OPENSSL_NO_DH
-        dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-        dh_tmp_export=(c->dh_tmp_cb != NULL ||
-                (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
-        dh_tmp=dh_tmp_export=0;
-#endif
-
-        cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-        rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
-        rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-        cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-        rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
-        cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-        dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
-        cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-        dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
-        dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-        cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
-        dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
-        dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-
-        mask=0;
-        emask=0;
-
-#ifdef CIPHER_DEBUG
-        printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-                rsa_tmp,rsa_tmp_export,dh_tmp,
-                rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
-#endif
-
-        if (rsa_enc || (rsa_tmp && rsa_sign))
-                mask|=SSL_kRSA;
-        if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-                emask|=SSL_kRSA;
-
-#if 0
-        /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-        if (    (dh_tmp || dh_rsa || dh_dsa) && 
-                (rsa_enc || rsa_sign || dsa_sign))
-                mask|=SSL_kEDH;
-        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
-                (rsa_enc || rsa_sign || dsa_sign))
-                emask|=SSL_kEDH;
-#endif
-
-        if (dh_tmp_export) 
-                emask|=SSL_kEDH;
-
-        if (dh_tmp)
-                mask|=SSL_kEDH;
-
-        if (dh_rsa) mask|=SSL_kDHr;
-        if (dh_rsa_export) emask|=SSL_kDHr;
-
-        if (dh_dsa) mask|=SSL_kDHd;
-        if (dh_dsa_export) emask|=SSL_kDHd;
-
-        if (rsa_enc || rsa_sign)
-                {
-                mask|=SSL_aRSA;
-                emask|=SSL_aRSA;
-                }
-
-        if (dsa_sign)
-                {
-                mask|=SSL_aDSS;
-                emask|=SSL_aDSS;
-                }
-
-        mask|=SSL_aNULL;
-        emask|=SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
-        mask|=SSL_kKRB5|SSL_aKRB5;
-        emask|=SSL_kKRB5|SSL_aKRB5;
-#endif
-
-        c->mask=mask;
-        c->export_mask=emask;
-        c->valid=1;
-        }
-
-/* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
-        {
-        unsigned long alg,mask,kalg;
-        CERT *c;
-        int i,is_export;
-
-        c=s->cert;
-        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-        alg=s->s3->tmp.new_cipher->algorithms;
-        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-        mask=is_export?c->export_mask:c->mask;
-        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-
-        if      (kalg & SSL_kDHr)
-                i=SSL_PKEY_DH_RSA;
-        else if (kalg & SSL_kDHd)
-                i=SSL_PKEY_DH_DSA;
-        else if (kalg & SSL_aDSS)
-                i=SSL_PKEY_DSA_SIGN;
-        else if (kalg & SSL_aRSA)
-                {
-                if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
-                        i=SSL_PKEY_RSA_SIGN;
-                else
-                        i=SSL_PKEY_RSA_ENC;
-                }
-        else if (kalg & SSL_aKRB5)
-                {
-                /* VRS something else here? */
-                return(NULL);
-                }
-        else /* if (kalg & SSL_aNULL) */
-                {
-                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
-                return(NULL);
-                }
-        if (c->pkeys[i].x509 == NULL) return(NULL);
-        return(c->pkeys[i].x509);
-        }
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
-        {
-        unsigned long alg;
-        CERT *c;
-
-        alg=cipher->algorithms;
-        c=s->cert;
-
-        if ((alg & SSL_aDSS) &&
-                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-                return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
-        else if (alg & SSL_aRSA)
-                {
-                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-                        return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
-                else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-                        return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-                else
-                        return(NULL);
-                }
-        else /* if (alg & SSL_aNULL) */
-                {
-                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
-                return(NULL);
-                }
-        }
-
-void ssl_update_cache(SSL *s,int mode)
-        {
-        int i;
-
-        /* If the session_id_length is 0, we are not supposed to cache it,
-         * and it would be rather hard to do anyway :-) */
-        if (s->session->session_id_length == 0) return;
-
-        i=s->ctx->session_cache_mode;
-        if ((i & mode) && (!s->hit)
-                && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
-                    || SSL_CTX_add_session(s->ctx,s->session))
-                && (s->ctx->new_session_cb != NULL))
-                {
-                CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
-                if (!s->ctx->new_session_cb(s,s->session))
-                        SSL_SESSION_free(s->session);
-                }
-
-        /* auto flush every 255 connections */
-        if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
-                ((i & mode) == mode))
-                {
-                if (  (((mode & SSL_SESS_CACHE_CLIENT)
-                        ?s->ctx->stats.sess_connect_good
-                        :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
-                        {
-                        SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
-                        }
-                }
-        }
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s)
-        {
-        return(s->method);
-        }
-
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
-        {
-        int conn= -1;
-        int ret=1;
-
-        if (s->method != meth)
-                {
-                if (s->handshake_func != NULL)
-                        conn=(s->handshake_func == s->method->ssl_connect);
-
-                if (s->method->version == meth->version)
-                        s->method=meth;
-                else
-                        {
-                        s->method->ssl_free(s);
-                        s->method=meth;
-                        ret=s->method->ssl_new(s);
-                        }
-
-                if (conn == 1)
-                        s->handshake_func=meth->ssl_connect;
-                else if (conn == 0)
-                        s->handshake_func=meth->ssl_accept;
-                }
-        return(ret);
-        }
-
-int SSL_get_error(const SSL *s,int i)
-        {
-        int reason;
-        unsigned long l;
-        BIO *bio;
-
-        if (i > 0) return(SSL_ERROR_NONE);
-
-        /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
-         * etc, where we do encode the error */
-        if ((l=ERR_peek_error()) != 0)
-                {
-                if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-                        return(SSL_ERROR_SYSCALL);
-                else
-                        return(SSL_ERROR_SSL);
-                }
-
-        if ((i < 0) && SSL_want_read(s))
-                {
-                bio=SSL_get_rbio(s);
-                if (BIO_should_read(bio))
-                        return(SSL_ERROR_WANT_READ);
-                else if (BIO_should_write(bio))
-                        /* This one doesn't make too much sense ... We never try
-                         * to write to the rbio, and an application program where
-                         * rbio and wbio are separate couldn't even know what it
-                         * should wait for.
-                         * However if we ever set s->rwstate incorrectly
-                         * (so that we have SSL_want_read(s) instead of
-                         * SSL_want_write(s)) and rbio and wbio *are* the same,
-                         * this test works around that bug; so it might be safer
-                         * to keep it. */
-                        return(SSL_ERROR_WANT_WRITE);
-                else if (BIO_should_io_special(bio))
-                        {
-                        reason=BIO_get_retry_reason(bio);
-                        if (reason == BIO_RR_CONNECT)
-                                return(SSL_ERROR_WANT_CONNECT);
-                        else if (reason == BIO_RR_ACCEPT)
-                                return(SSL_ERROR_WANT_ACCEPT);
-                        else
-                                return(SSL_ERROR_SYSCALL); /* unknown */
-                        }
-                }
-
-        if ((i < 0) && SSL_want_write(s))
-                {
-                bio=SSL_get_wbio(s);
-                if (BIO_should_write(bio))
-                        return(SSL_ERROR_WANT_WRITE);
-                else if (BIO_should_read(bio))
-                        /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
-                        return(SSL_ERROR_WANT_READ);
-                else if (BIO_should_io_special(bio))
-                        {
-                        reason=BIO_get_retry_reason(bio);
-                        if (reason == BIO_RR_CONNECT)
-                                return(SSL_ERROR_WANT_CONNECT);
-                        else if (reason == BIO_RR_ACCEPT)
-                                return(SSL_ERROR_WANT_ACCEPT);
-                        else
-                                return(SSL_ERROR_SYSCALL);
-                        }
-                }
-        if ((i < 0) && SSL_want_x509_lookup(s))
-                {
-                return(SSL_ERROR_WANT_X509_LOOKUP);
-                }
-
-        if (i == 0)
-                {
-                if (s->version == SSL2_VERSION)
-                        {
-                        /* assume it is the socket being closed */
-                        return(SSL_ERROR_ZERO_RETURN);
-                        }
-                else
-                        {
-                        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-                                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-                                return(SSL_ERROR_ZERO_RETURN);
-                        }
-                }
-        return(SSL_ERROR_SYSCALL);
-        }
-
-int SSL_do_handshake(SSL *s)
-        {
-        int ret=1;
-
-        if (s->handshake_func == NULL)
-                {
-                SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
-                return(-1);
-                }
-
-        s->method->ssl_renegotiate_check(s);
-
-        if (SSL_in_init(s) || SSL_in_before(s))
-                {
-                ret=s->handshake_func(s);
-                }
-        return(ret);
-        }
-
-/* For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it */
-void SSL_set_accept_state(SSL *s)
-        {
-        s->server=1;
-        s->shutdown=0;
-        s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
-        s->handshake_func=s->method->ssl_accept;
-        /* clear the current cipher */
-        ssl_clear_cipher_ctx(s);
-        }
-
-void SSL_set_connect_state(SSL *s)
-        {
-        s->server=0;
-        s->shutdown=0;
-        s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
-        s->handshake_func=s->method->ssl_connect;
-        /* clear the current cipher */
-        ssl_clear_cipher_ctx(s);
-        }
-
-int ssl_undefined_function(SSL *s)
-        {
-        SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return(0);
-        }
-
-int ssl_undefined_const_function(const SSL *s)
-        {
-        SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return(0);
-        }
-
-SSL_METHOD *ssl_bad_method(int ver)
-        {
-        SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return(NULL);
-        }
-
-const char *SSL_get_version(const SSL *s)
-        {
-        if (s->version == TLS1_VERSION)
-                return("TLSv1");
-        else if (s->version == SSL3_VERSION)
-                return("SSLv3");
-        else if (s->version == SSL2_VERSION)
-                return("SSLv2");
-        else
-                return("unknown");
-        }
-
-SSL *SSL_dup(SSL *s)
-        {
-        STACK_OF(X509_NAME) *sk;
-        X509_NAME *xn;
-        SSL *ret;
-        int i;
-                 
-        if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-            return(NULL);
-
-        ret->version = s->version;
-        ret->type = s->type;
-        ret->method = s->method;
-
-        if (s->session != NULL)
-                {
-                /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
-                SSL_copy_session_id(ret,s);
-                }
-        else
-                {
-                /* No session has been established yet, so we have to expect
-                 * that s->cert or ret->cert will be changed later --
-                 * they should not both point to the same object,
-                 * and thus we can't use SSL_copy_session_id. */
-
-                ret->method->ssl_free(ret);
-                ret->method = s->method;
-                ret->method->ssl_new(ret);
-
-                if (s->cert != NULL)
-                        {
-                        if (ret->cert != NULL)
-                                {
-                                ssl_cert_free(ret->cert);
-                                }
-                        ret->cert = ssl_cert_dup(s->cert);
-                        if (ret->cert == NULL)
-                                goto err;
-                        }
-                                
-                SSL_set_session_id_context(ret,
-                        s->sid_ctx, s->sid_ctx_length);
-                }
-
-        ret->options=s->options;
-        ret->mode=s->mode;
-        SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
-        SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
-        ret->msg_callback = s->msg_callback;
-        ret->msg_callback_arg = s->msg_callback_arg;
-        SSL_set_verify(ret,SSL_get_verify_mode(s),
-                SSL_get_verify_callback(s));
-        SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
-        ret->generate_session_id = s->generate_session_id;
-
-        SSL_set_info_callback(ret,SSL_get_info_callback(s));
-        
-        ret->debug=s->debug;
-
-        /* copy app data, a little dangerous perhaps */
-        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
-                goto err;
-
-        /* setup rbio, and wbio */
-        if (s->rbio != NULL)
-                {
-                if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
-                        goto err;
-                }
-        if (s->wbio != NULL)
-                {
-                if (s->wbio != s->rbio)
-                        {
-                        if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
-                                goto err;
-                        }
-                else
-                        ret->wbio=ret->rbio;
-                }
-        ret->rwstate = s->rwstate;
-        ret->in_handshake = s->in_handshake;
-        ret->handshake_func = s->handshake_func;
-        ret->server = s->server;
-        ret->new_session = s->new_session;
-        ret->quiet_shutdown = s->quiet_shutdown;
-        ret->shutdown=s->shutdown;
-        ret->state=s->state; /* SSL_dup does not really work at any state, though */
-        ret->rstate=s->rstate;
-        ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
-        ret->hit=s->hit;
-        ret->purpose=s->purpose;
-        ret->trust=s->trust;
-
-        /* dup the cipher_list and cipher_list_by_id stacks */
-        if (s->cipher_list != NULL)
-                {
-                if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
-                        goto err;
-                }
-        if (s->cipher_list_by_id != NULL)
-                if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
-                        == NULL)
-                        goto err;
-
-        /* Dup the client_CA list */
-        if (s->client_CA != NULL)
-                {
-                if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
-                ret->client_CA=sk;
-                for (i=0; i<sk_X509_NAME_num(sk); i++)
-                        {
-                        xn=sk_X509_NAME_value(sk,i);
-                        if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
-                                {
-                                X509_NAME_free(xn);
-                                goto err;
-                                }
-                        }
-                }
-
-        if (0)
-                {
-err:
-                if (ret != NULL) SSL_free(ret);
-                ret=NULL;
-                }
-        return(ret);
-        }
-
-void ssl_clear_cipher_ctx(SSL *s)
-        {
-        if (s->enc_read_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                OPENSSL_free(s->enc_read_ctx);
-                s->enc_read_ctx=NULL;
-                }
-        if (s->enc_write_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                OPENSSL_free(s->enc_write_ctx);
-                s->enc_write_ctx=NULL;
-                }
-        if (s->expand != NULL)
-                {
-                COMP_CTX_free(s->expand);
-                s->expand=NULL;
-                }
-        if (s->compress != NULL)
-                {
-                COMP_CTX_free(s->compress);
-                s->compress=NULL;
-                }
-        }
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(const SSL *s)
-        {
-        if (s->cert != NULL)
-                return(s->cert->key->x509);
-        else
-                return(NULL);
-        }
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
-        {
-        if (s->cert != NULL)
-                return(s->cert->key->privatekey);
-        else
-                return(NULL);
-        }
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
-        {
-        if ((s->session != NULL) && (s->session->cipher != NULL))
-                return(s->session->cipher);
-        return(NULL);
-        }
-
-int ssl_init_wbio_buffer(SSL *s,int push)
-        {
-        BIO *bbio;
-
-        if (s->bbio == NULL)
-                {
-                bbio=BIO_new(BIO_f_buffer());
-                if (bbio == NULL) return(0);
-                s->bbio=bbio;
-                }
-        else
-                {
-                bbio=s->bbio;
-                if (s->bbio == s->wbio)
-                        s->wbio=BIO_pop(s->wbio);
-                }
-        (void)BIO_reset(bbio);
-/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-        if (!BIO_set_read_buffer_size(bbio,1))
-                {
-                SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
-                return(0);
-                }
-        if (push)
-                {
-                if (s->wbio != bbio)
-                        s->wbio=BIO_push(bbio,s->wbio);
-                }
-        else
-                {
-                if (s->wbio == bbio)
-                        s->wbio=BIO_pop(bbio);
-                }
-        return(1);
-        }
-
-void ssl_free_wbio_buffer(SSL *s)
-        {
-        if (s->bbio == NULL) return;
-
-        if (s->bbio == s->wbio)
-                {
-                /* remove buffering */
-                s->wbio=BIO_pop(s->wbio);
-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
-                assert(s->wbio != NULL);
-#endif  
-        }
-        BIO_free(s->bbio);
-        s->bbio=NULL;
-        }
-        
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
-        {
-        ctx->quiet_shutdown=mode;
-        }
-
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
-        {
-        return(ctx->quiet_shutdown);
-        }
-
-void SSL_set_quiet_shutdown(SSL *s,int mode)
-        {
-        s->quiet_shutdown=mode;
-        }
-
-int SSL_get_quiet_shutdown(const SSL *s)
-        {
-        return(s->quiet_shutdown);
-        }
-
-void SSL_set_shutdown(SSL *s,int mode)
-        {
-        s->shutdown=mode;
-        }
-
-int SSL_get_shutdown(const SSL *s)
-        {
-        return(s->shutdown);
-        }
-
-int SSL_version(const SSL *s)
-        {
-        return(s->version);
-        }
-
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
-        {
-        return(ssl->ctx);
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
-        {
-        return(X509_STORE_set_default_paths(ctx->cert_store));
-        }
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                const char *CApath)
-        {
-        int r;
-        r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
-        return r;
-        }
-#endif
-
-void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val))
-        {
-        ssl->info_callback=cb;
-        }
-
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val)
-        {
-        return ssl->info_callback;
-        }
-
-int SSL_state(const SSL *ssl)
-        {
-        return(ssl->state);
-        }
-
-void SSL_set_verify_result(SSL *ssl,long arg)
-        {
-        ssl->verify_result=arg;
-        }
-
-long SSL_get_verify_result(const SSL *ssl)
-        {
-        return(ssl->verify_result);
-        }
-
-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int SSL_set_ex_data(SSL *s,int idx,void *arg)
-        {
-        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-        }
-
-void *SSL_get_ex_data(const SSL *s,int idx)
-        {
-        return(CRYPTO_get_ex_data(&s->ex_data,idx));
-        }
-
-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-                             CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
-                                new_func, dup_func, free_func);
-        }
-
-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
-        {
-        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-        }
-
-void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
-        {
-        return(CRYPTO_get_ex_data(&s->ex_data,idx));
-        }
-
-int ssl_ok(SSL *s)
-        {
-        return(1);
-        }
-
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
-        {
-        return(ctx->cert_store);
-        }
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
-        {
-        if (ctx->cert_store != NULL)
-                X509_STORE_free(ctx->cert_store);
-        ctx->cert_store=store;
-        }
-
-int SSL_want(const SSL *s)
-        {
-        return(s->rwstate);
-        }
-
-/*!
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
-                                                          int is_export,
-                                                          int keylength))
-    {
-    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
-    }
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
-                                                  int is_export,
-                                                  int keylength))
-    {
-    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
-    }
-#endif
-
-#ifdef DOXYGEN
-/*!
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl,int is_export,int keylength)
-    {}
-#endif
-
-/*!
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
-                                                        int keylength))
-        {
-        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
-        }
-
-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
-                                                int keylength))
-        {
-        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
-        }
-#endif
-
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-        {
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
-        }
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-        {
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
-        }
-
-
-
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-#include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 6a0b7595f4..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,623 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/comp.h>
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/stack.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBSSL
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define PKCS1_CHECK
-
-#define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
-                         l|=(((unsigned long)(*((c)++)))<< 8), \
-                         l|=(((unsigned long)(*((c)++)))<<16), \
-                         l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
-                         l|=((unsigned long)(*((c)++)))<<16, \
-                         l|=((unsigned long)(*((c)++)))<< 8, \
-                         l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                                } \
-                        }
-
-#define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
-                            (((unsigned int)(c[1]))    )),c+=2)
-#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
-                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
-
-#define n2l3(c,l)       ((l =(((unsigned long)(c[0]))<<16)| \
-                             (((unsigned long)(c[1]))<< 8)| \
-                             (((unsigned long)(c[2]))    )),c+=3)
-
-#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
-                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
-                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT     0
-#define SSL_ENCRYPT     1
-
-#define TWO_BYTE_BIT    0x80
-#define SEC_ESC_BIT     0x40
-#define TWO_BYTE_MASK   0x7fff
-#define THREE_BYTE_MASK 0x3fff
-
-#define INC32(a)        ((a)=((a)+1)&0xffffffffL)
-#define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
-#define MAX_MAC_SIZE    20 /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-#define SSL_MKEY_MASK           0x0000003FL
-#define SSL_kRSA                0x00000001L /* RSA key exchange */
-#define SSL_kDHr                0x00000002L /* DH cert RSA CA cert */
-#define SSL_kDHd                0x00000004L /* DH cert DSA CA cert */
-#define SSL_kFZA                0x00000008L
-#define SSL_kEDH                0x00000010L /* tmp DH key no DH cert */
-#define SSL_kKRB5               0x00000020L /* Kerberos5 key exchange */
-#define SSL_EDH                 (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-
-#define SSL_AUTH_MASK           0x00000FC0L
-#define SSL_aRSA                0x00000040L /* Authenticate with RSA */
-#define SSL_aDSS                0x00000080L /* Authenticate with DSS */
-#define SSL_DSS                 SSL_aDSS
-#define SSL_aFZA                0x00000100L
-#define SSL_aNULL               0x00000200L /* no Authenticate, ADH */
-#define SSL_aDH                 0x00000400L /* no Authenticate, ADH */
-#define SSL_aKRB5               0x00000800L /* Authenticate with KRB5 */
-
-#define SSL_NULL                (SSL_eNULL)
-#define SSL_ADH                 (SSL_kEDH|SSL_aNULL)
-#define SSL_RSA                 (SSL_kRSA|SSL_aRSA)
-#define SSL_DH                  (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_FZA                 (SSL_aFZA|SSL_kFZA|SSL_eFZA)
-#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
-
-#define SSL_ENC_MASK            0x0087F000L
-#define SSL_DES                 0x00001000L
-#define SSL_3DES                0x00002000L
-#define SSL_RC4                 0x00004000L
-#define SSL_RC2                 0x00008000L
-#define SSL_IDEA                0x00010000L
-#define SSL_eFZA                0x00020000L
-#define SSL_eNULL               0x00040000L
-#define SSL_AES                 0x00800000L
-
-#define SSL_MAC_MASK            0x00180000L
-#define SSL_MD5                 0x00080000L
-#define SSL_SHA1                0x00100000L
-#define SSL_SHA                 (SSL_SHA1)
-
-#define SSL_SSL_MASK            0x00600000L
-#define SSL_SSLV2               0x00200000L
-#define SSL_SSLV3               0x00400000L
-#define SSL_TLSV1               SSL_SSLV3       /* for now */
-
-/* we have used 007fffff - 9 bits left to go */
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-#define SSL_EXP_MASK            0x00000003L
-#define SSL_NOT_EXP             0x00000001L
-#define SSL_EXPORT              0x00000002L
-
-#define SSL_STRONG_MASK         0x000000fcL
-#define SSL_STRONG_NONE         0x00000004L
-#define SSL_EXP40               0x00000008L
-#define SSL_MICRO               (SSL_EXP40)
-#define SSL_EXP56               0x00000010L
-#define SSL_MINI                (SSL_EXP56)
-#define SSL_LOW                 0x00000020L
-#define SSL_MEDIUM              0x00000040L
-#define SSL_HIGH                0x00000080L
-#define SSL_FIPS                0x00000100L
-
-/* we have used 000001ff - 23 bits left to go */
-
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- *          is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
-                                 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithms, \
-                                (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-
-#define SSL_ALL                 0xffffffffL
-#define SSL_ALL_CIPHERS         (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
-                                SSL_MAC_MASK)
-#define SSL_ALL_STRENGTHS       (SSL_EXP_MASK|SSL_STRONG_MASK)
-
-/* Mostly for SSLv3 */
-#define SSL_PKEY_RSA_ENC        0
-#define SSL_PKEY_RSA_SIGN       1
-#define SSL_PKEY_DSA_SIGN       2
-#define SSL_PKEY_DH_RSA         3
-#define SSL_PKEY_DH_DSA         4
-#define SSL_PKEY_NUM            5
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*
-#define CERT_INVALID            0
-#define CERT_PUBLIC_KEY         1
-#define CERT_PRIVATE_KEY        2
-*/
-
-typedef struct cert_pkey_st
-        {
-        X509 *x509;
-        EVP_PKEY *privatekey;
-        } CERT_PKEY;
-
-typedef struct cert_st
-        {
-        /* Current active set */
-        CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-                         * Probably it would make more sense to store
-                         * an index, not a pointer. */
- 
-        /* The following masks are for the key and auth
-         * algorithms that are supported by the certs below */
-        int valid;
-        unsigned long mask;
-        unsigned long export_mask;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa_tmp;
-        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_DH
-        DH *dh_tmp;
-        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-
-        CERT_PKEY pkeys[SSL_PKEY_NUM];
-
-        int references; /* >1 only if SSL_copy_session_id is used */
-        } CERT;
-
-
-typedef struct sess_cert_st
-        {
-        STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-
-        /* The 'peer_...' members are used only by clients. */
-        int peer_cert_type;
-
-        CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
-        CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
-        /* Obviously we don't have the private keys of these,
-         * so maybe we shouldn't even use the CERT_PKEY type here. */
-
-#ifndef OPENSSL_NO_RSA
-        RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_DH
-        DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-
-        int references; /* actually always 1 at the moment */
-        } SESS_CERT;
-
-
-/*#define MAC_DEBUG     */
-
-/*#define ERR_DEBUG     */
-/*#define ABORT_DEBUG   */
-/*#define PKT_DEBUG 1   */
-/*#define DES_DEBUG     */
-/*#define DES_OFB_DEBUG */
-/*#define SSL_DEBUG     */
-/*#define RSA_DEBUG     */ 
-/*#define IDEA_DEBUG    */ 
-
-#define FP_ICC  (int (*)(const void *,const void *))
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
-                ((ssl)->method->get_cipher_by_char(ptr))
-
-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
- * It is a bit of a mess of functions, but hell, think of it as
- * an opaque structure :-) */
-typedef struct ssl3_enc_method
-        {
-        int (*enc)(SSL *, int);
-        int (*mac)(SSL *, unsigned char *, int);
-        int (*setup_key_block)(SSL *);
-        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
-        int (*change_cipher_state)(SSL *, int);
-        int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
-        int finish_mac_length;
-        int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
-        const char *client_finished_label;
-        int client_finished_label_len;
-        const char *server_finished_label;
-        int server_finished_label_len;
-        int (*alert_value)(int);
-        } SSL3_ENC_METHOD;
-
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
-        {
-        int comp_id;    /* The identifier byte for this compression type */
-        char *name;     /* Text name used for the compression type */
-        COMP_METHOD *method; /* The method :-) */
-        } SSL3_COMP;
-
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-#ifdef OPENSSL_SYS_VMS
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
-#endif
-
-
-SSL_METHOD *ssl_bad_method(int ver);
-SSL_METHOD *sslv2_base_method(void);
-SSL_METHOD *sslv23_base_method(void);
-SSL_METHOD *sslv3_base_method(void);
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-                                               STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
-                                             STACK_OF(SSL_CIPHER) **sorted,
-                                             const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-                       const EVP_MD **md,SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int     ssl2_new(SSL *s);
-void    ssl2_free(SSL *s);
-int     ssl2_accept(SSL *s);
-int     ssl2_connect(SSL *s);
-int     ssl2_read(SSL *s, void *buf, int len);
-int     ssl2_peek(SSL *s, void *buf, int len);
-int     ssl2_write(SSL *s, const void *buf, int len);
-int     ssl2_shutdown(SSL *s);
-void    ssl2_clear(SSL *s);
-long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
-int     ssl2_pending(const SSL *s);
-
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
-int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
-int ssl3_renegotiate_check(SSL *ssl); 
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
-        const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
-int     ssl3_setup_buffers(SSL *s);
-int     ssl3_new(SSL *s);
-void    ssl3_free(SSL *s);
-int     ssl3_accept(SSL *s);
-int     ssl3_connect(SSL *s);
-int     ssl3_read(SSL *s, void *buf, int len);
-int     ssl3_peek(SSL *s, void *buf, int len);
-int     ssl3_write(SSL *s, const void *buf, int len);
-int     ssl3_shutdown(SSL *s);
-void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
-int     ssl3_pending(const SSL *s);
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
-SSL_METHOD *tlsv1_base_method(void );
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
-        const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-
-
-#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index fb0bd4d045..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,817 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ssl->cert,x));
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-
-        ret=SSL_use_certificate(ssl,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
-        {
-        X509 *x;
-        int ret;
-
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_use_certificate(ssl,x);
-        X509_free(x);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-        {
-        EVP_PKEY *pkey;
-        int ret;
-
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-#endif
-
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-        {
-        int i,ok=0,bad=0;
-
-        i=ssl_cert_type(NULL,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return(0);
-                }
-
-        if (c->pkeys[i].x509 != NULL)
-                {
-                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp,pkey);
-                EVP_PKEY_free(pktmp);
-                ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((pkey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(pkey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                     if (!X509_check_private_key(c->pkeys[i].x509,pkey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
-                                if (c->pkeys[i].x509 == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(
-                                                c->pkeys[i].x509,pkey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                }
-        else
-                ok=1;
-
-        if (bad)
-                {
-                X509_free(c->pkeys[i].x509);
-                c->pkeys[i].x509=NULL;
-                return(0);
-                }
-
-        ERR_clear_error(); /* make sure no error from X509_check_private_key()
-                            * is left if we have chosen to ignore it */
-        if (c->pkeys[i].privatekey != NULL)
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        c->pkeys[i].privatekey=pkey;
-        c->key= &(c->pkeys[i]);
-
-        c->valid=0;
-        return(1);
-        }
-
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_use_RSAPrivateKey(ssl,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-        {
-        int ret;
-
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ssl->cert))
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        ret=ssl_set_pkey(ssl->cert,pkey);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_use_PrivateKey(ssl,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-        {
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_cert(ctx->cert, x));
-        }
-
-static int ssl_set_cert(CERT *c, X509 *x)
-        {
-        EVP_PKEY *pkey;
-        int i,ok=0,bad=0;
-
-        pkey=X509_get_pubkey(x);
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
-                return(0);
-                }
-
-        i=ssl_cert_type(x,pkey);
-        if (i < 0)
-                {
-                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return(0);
-                }
-
-        if (c->pkeys[i].privatekey != NULL)
-                {
-                EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
-                ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
-                /* Don't check the public/private key, this is mostly
-                 * for smart cards. */
-                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-                         RSA_METHOD_FLAG_NO_CHECK))
-                         ok=1;
-                else
-#endif
-                {
-                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
-                        {
-                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
-                                {
-                                i=(i == SSL_PKEY_DH_RSA)?
-                                        SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
-
-                                if (c->pkeys[i].privatekey == NULL)
-                                        ok=1;
-                                else
-                                        {
-                                        if (!X509_check_private_key(x,
-                                                c->pkeys[i].privatekey))
-                                                bad=1;
-                                        else
-                                                ok=1;
-                                        }
-                                }
-                        else
-                                bad=1;
-                        }
-                else
-                        ok=1;
-                } /* OPENSSL_NO_RSA */
-                }
-        else
-                ok=1;
-
-        EVP_PKEY_free(pkey);
-        if (bad)
-                {
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-                c->pkeys[i].privatekey=NULL;
-                }
-
-        if (c->pkeys[i].x509 != NULL)
-                X509_free(c->pkeys[i].x509);
-        CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-        c->pkeys[i].x509=x;
-        c->key= &(c->pkeys[i]);
-
-        c->valid=0;
-        return(1);
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j;
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                x=d2i_X509_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
-                goto end;
-                }
-
-        ret=SSL_CTX_use_certificate(ctx,x);
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
-        {
-        X509 *x;
-        int ret;
-
-        x=d2i_X509(NULL,&d,(long)len);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_CTX_use_certificate(ctx,x);
-        X509_free(x);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-        {
-        int ret;
-        EVP_PKEY *pkey;
-
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        if ((pkey=EVP_PKEY_new()) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-                return(0);
-                }
-
-        RSA_up_ref(rsa);
-        EVP_PKEY_assign_RSA(pkey,rsa);
-
-        ret=ssl_set_pkey(ctx->cert, pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        RSA *rsa=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if      (type == SSL_FILETYPE_ASN1)
-                {
-                j=ERR_R_ASN1_LIB;
-                rsa=d2i_RSAPrivateKey_bio(in,NULL);
-                }
-        else if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (rsa == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
-        {
-        int ret;
-        const unsigned char *p;
-        RSA *rsa;
-
-        p=d;
-        if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-        RSA_free(rsa);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-        {
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-                return(0);
-                }
-        if (!ssl_cert_inst(&ctx->cert))
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        return(ssl_set_pkey(ctx->cert,pkey));
-        }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-        {
-        int j,ret=0;
-        BIO *in;
-        EVP_PKEY *pkey=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-        if (type == SSL_FILETYPE_PEM)
-                {
-                j=ERR_R_PEM_LIB;
-                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-                }
-        else
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-                }
-        if (pkey == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
-                goto end;
-                }
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-end:
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
-
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
-             long len)
-        {
-        int ret;
-        unsigned char *p;
-        EVP_PKEY *pkey;
-
-        p=d;
-        if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-                return(0);
-                }
-
-        ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-        EVP_PKEY_free(pkey);
-        return(ret);
-        }
-
-
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-        {
-        BIO *in;
-        int ret=0;
-        X509 *x=NULL;
-
-        in=BIO_new(BIO_s_file_internal());
-        if (in == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
-                goto end;
-                }
-
-        if (BIO_read_filename(in,file) <= 0)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
-                goto end;
-                }
-
-        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-        if (x == NULL)
-                {
-                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
-                goto end;
-                }
-
-        ret=SSL_CTX_use_certificate(ctx,x);
-        if (ERR_peek_error() != 0)
-                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
-        if (ret)
-                {
-                /* If we could set up our certificate, now proceed to
-                 * the CA certificates.
-                 */
-                X509 *ca;
-                int r;
-                unsigned long err;
-                
-                if (ctx->extra_certs != NULL) 
-                        {
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        ctx->extra_certs = NULL;
-                        }
-
-                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
-                        != NULL)
-                        {
-                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-                        if (!r) 
-                                {
-                                X509_free(ca);
-                                ret = 0;
-                                goto end;
-                                }
-                        /* Note that we must not free r if it was successfully
-                         * added to the chain (while we must free the main
-                         * certificate, since its reference count is increased
-                         * by SSL_CTX_use_certificate). */
-                        }
-                /* When the while loop ends, it's usually just EOF. */
-                err = ERR_peek_last_error();
-                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-                        ERR_clear_error();
-                else 
-                        ret = 0; /* some real error */
-                }
-
-end:
-        if (x != NULL) X509_free(x);
-        if (in != NULL) BIO_free(in);
-        return(ret);
-        }
-#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 2ba8b9612e..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,755 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#include "ssl_locl.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-SSL_SESSION *SSL_get_session(const SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
-        {
-        return(ssl->session);
-        }
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
-        {
-        SSL_SESSION *sess;
-        /* Need to lock this all up rather than just use CRYPTO_add so that
-         * somebody doesn't free ssl->session between when we check it's
-         * non-null and when we up the reference count. */
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
-        sess = ssl->session;
-        if(sess)
-                sess->references++;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
-        return(sess);
-        }
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
-                        new_func, dup_func, free_func);
-        }
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
-        {
-        return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-        }
-
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
-        {
-        return(CRYPTO_get_ex_data(&s->ex_data,idx));
-        }
-
-SSL_SESSION *SSL_SESSION_new(void)
-        {
-        SSL_SESSION *ss;
-
-        ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
-        if (ss == NULL)
-                {
-                SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        memset(ss,0,sizeof(SSL_SESSION));
-
-        ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
-        ss->references=1;
-        ss->timeout=60*5+4; /* 5 minute timeout by default */
-        ss->time=(unsigned long)time(NULL);
-        ss->prev=NULL;
-        ss->next=NULL;
-        ss->compress_meth=0;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-        return(ss);
-        }
-
-/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
- * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
- * until we have no conflict is going to complete in one iteration pretty much
- * "most" of the time (btw: understatement). So, if it takes us 10 iterations
- * and we still can't avoid a conflict - well that's a reasonable point to call
- * it quits. Either the RAND code is broken or someone is trying to open roughly
- * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
- * store that many sessions is perhaps a more interesting question ... */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len)
-{
-        unsigned int retry = 0;
-        do
-                if(RAND_pseudo_bytes(id, *id_len) <= 0)
-                        return 0;
-        while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-                (++retry < MAX_SESS_ID_ATTEMPTS));
-        if(retry < MAX_SESS_ID_ATTEMPTS)
-                return 1;
-        /* else - woops a session_id match */
-        /* XXX We should also check the external cache --
-         * but the probability of a collision is negligible, and
-         * we could not prevent the concurrent creation of sessions
-         * with identical IDs since we currently don't have means
-         * to atomically check whether a session ID already exists
-         * and make a reservation for it if it does not
-         * (this problem applies to the internal cache as well).
-         */
-        return 0;
-}
-
-int ssl_get_new_session(SSL *s, int session)
-        {
-        /* This gets used by clients and servers. */
-
-        unsigned int tmp;
-        SSL_SESSION *ss=NULL;
-        GEN_SESSION_CB cb = def_generate_session_id;
-
-        if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
-        /* If the context has a default timeout, use it */
-        if (s->ctx->session_timeout == 0)
-                ss->timeout=SSL_get_default_timeout(s);
-        else
-                ss->timeout=s->ctx->session_timeout;
-
-        if (s->session != NULL)
-                {
-                SSL_SESSION_free(s->session);
-                s->session=NULL;
-                }
-
-        if (session)
-                {
-                if (s->version == SSL2_VERSION)
-                        {
-                        ss->ssl_version=SSL2_VERSION;
-                        ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-                        }
-                else if (s->version == SSL3_VERSION)
-                        {
-                        ss->ssl_version=SSL3_VERSION;
-                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-                        }
-                else if (s->version == TLS1_VERSION)
-                        {
-                        ss->ssl_version=TLS1_VERSION;
-                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-                        }
-                else
-                        {
-                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
-                        SSL_SESSION_free(ss);
-                        return(0);
-                        }
-                /* Choose which callback will set the session ID */
-                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-                if(s->generate_session_id)
-                        cb = s->generate_session_id;
-                else if(s->ctx->generate_session_id)
-                        cb = s->ctx->generate_session_id;
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-                /* Choose a session ID */
-                tmp = ss->session_id_length;
-                if(!cb(s, ss->session_id, &tmp))
-                        {
-                        /* The callback failed */
-                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                                SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
-                        SSL_SESSION_free(ss);
-                        return(0);
-                        }
-                /* Don't allow the callback to set the session length to zero.
-                 * nor set it higher than it was. */
-                if(!tmp || (tmp > ss->session_id_length))
-                        {
-                        /* The callback set an illegal length */
-                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                                SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
-                        SSL_SESSION_free(ss);
-                        return(0);
-                        }
-                /* If the session length was shrunk and we're SSLv2, pad it */
-                if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
-                        memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
-                else
-                        ss->session_id_length = tmp;
-                /* Finally, check for a conflict */
-                if(SSL_has_matching_session_id(s, ss->session_id,
-                                                ss->session_id_length))
-                        {
-                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                                SSL_R_SSL_SESSION_ID_CONFLICT);
-                        SSL_SESSION_free(ss);
-                        return(0);
-                        }
-                }
-        else
-                {
-                ss->session_id_length=0;
-                }
-
-        if (s->sid_ctx_length > sizeof ss->sid_ctx)
-                {
-                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-                SSL_SESSION_free(ss);
-                return 0;
-                }
-        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
-        ss->sid_ctx_length=s->sid_ctx_length;
-        s->session=ss;
-        ss->ssl_version=s->version;
-        ss->verify_result = X509_V_OK;
-
-        return(1);
-        }
-
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
-        {
-        /* This is used only by servers. */
-
-        SSL_SESSION *ret=NULL,data;
-        int fatal = 0;
-
-        data.ssl_version=s->version;
-        data.session_id_length=len;
-        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-                goto err;
-        memcpy(data.session_id,session_id,len);
-
-        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-                {
-                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-                ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
-                if (ret != NULL)
-                    /* don't allow other threads to steal it: */
-                    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-                }
-
-        if (ret == NULL)
-                {
-                int copy=1;
-        
-                s->ctx->stats.sess_miss++;
-                ret=NULL;
-                if (s->ctx->get_session_cb != NULL
-                    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
-                       != NULL)
-                        {
-                        s->ctx->stats.sess_cb_hit++;
-
-                        /* Increment reference count now if the session callback
-                         * asks us to do so (note that if the session structures
-                         * returned by the callback are shared between threads,
-                         * it must handle the reference count itself [i.e. copy == 0],
-                         * or things won't be thread-safe). */
-                        if (copy)
-                                CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
-                        /* Add the externally cached session to the internal
-                         * cache as well if and only if we are supposed to. */
-                        if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
-                                /* The following should not return 1, otherwise,
-                                 * things are very strange */
-                                SSL_CTX_add_session(s->ctx,ret);
-                        }
-                if (ret == NULL)
-                        goto err;
-                }
-
-        /* Now ret is non-NULL, and we own one of its reference counts. */
-
-        if((s->verify_mode&SSL_VERIFY_PEER)
-           && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
-               || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
-            {
-                /* We've found the session named by the client, but we don't
-                 * want to use it in this context. */
-                
-                if (s->sid_ctx_length == 0)
-                        {
-                        /* application should have used SSL[_CTX]_set_session_id_context
-                         * -- we could tolerate this and just pretend we never heard
-                         * of this session, but then applications could effectively
-                         * disable the session cache by accident without anyone noticing */
-
-                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-                        fatal = 1;
-                        goto err;
-                        }
-                else
-                        {
-#if 0 /* The client cannot always know when a session is not appropriate,
-           * so we shouldn't generate an error message. */
-
-                        SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
-                        goto err; /* treat like cache miss */
-                        }
-                }
-
-        if (ret->cipher == NULL)
-                {
-                unsigned char buf[5],*p;
-                unsigned long l;
-
-                p=buf;
-                l=ret->cipher_id;
-                l2n(l,p);
-                if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
-                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
-                else 
-                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
-                if (ret->cipher == NULL)
-                        goto err;
-                }
-
-
-#if 0 /* This is way too late. */
-
-        /* If a thread got the session, then 'swaped', and another got
-         * it and then due to a time-out decided to 'OPENSSL_free' it we could
-         * be in trouble.  So I'll increment it now, then double decrement
-         * later - am I speaking rubbish?. */
-        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
-
-        if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
-                {
-                s->ctx->stats.sess_timeout++;
-                /* remove it from the cache */
-                SSL_CTX_remove_session(s->ctx,ret);
-                goto err;
-                }
-
-        s->ctx->stats.sess_hit++;
-
-        /* ret->time=time(NULL); */ /* rezero timeout? */
-        /* again, just leave the session 
-         * if it is the same session, we have just incremented and
-         * then decremented the reference count :-) */
-        if (s->session != NULL)
-                SSL_SESSION_free(s->session);
-        s->session=ret;
-        s->verify_result = s->session->verify_result;
-        return(1);
-
- err:
-        if (ret != NULL)
-                SSL_SESSION_free(ret);
-        if (fatal)
-                return -1;
-        else
-                return 0;
-        }
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
-        {
-        int ret=0;
-        SSL_SESSION *s;
-
-        /* add just 1 reference count for the SSL_CTX's session cache
-         * even though it has two ways of access: each session is in a
-         * doubly linked list and an lhash */
-        CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
-        /* if session c is in already in cache, we take back the increment later */
-
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
-        
-        /* s != NULL iff we already had a session with the given PID.
-         * In this case, s == c should hold (then we did not really modify
-         * ctx->sessions), or we're in trouble. */
-        if (s != NULL && s != c)
-                {
-                /* We *are* in trouble ... */
-                SSL_SESSION_list_remove(ctx,s);
-                SSL_SESSION_free(s);
-                /* ... so pretend the other session did not exist in cache
-                 * (we cannot handle two SSL_SESSION structures with identical
-                 * session ID in the same cache, which could happen e.g. when
-                 * two threads concurrently obtain the same session from an external
-                 * cache) */
-                s = NULL;
-                }
-
-        /* Put at the head of the queue unless it is already in the cache */
-        if (s == NULL)
-                SSL_SESSION_list_add(ctx,c);
-
-        if (s != NULL)
-                {
-                /* existing cache entry -- decrement previously incremented reference
-                 * count because it already takes into account the cache */
-
-                SSL_SESSION_free(s); /* s == c */
-                ret=0;
-                }
-        else
-                {
-                /* new cache entry -- remove old ones if cache has become too large */
-                
-                ret=1;
-
-                if (SSL_CTX_sess_get_cache_size(ctx) > 0)
-                        {
-                        while (SSL_CTX_sess_number(ctx) >
-                                SSL_CTX_sess_get_cache_size(ctx))
-                                {
-                                if (!remove_session_lock(ctx,
-                                        ctx->session_cache_tail, 0))
-                                        break;
-                                else
-                                        ctx->stats.sess_cache_full++;
-                                }
-                        }
-                }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        return(ret);
-        }
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-        return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
-        {
-        SSL_SESSION *r;
-        int ret=0;
-
-        if ((c != NULL) && (c->session_id_length != 0))
-                {
-                if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-                if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
-                        {
-                        ret=1;
-                        r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
-                        SSL_SESSION_list_remove(ctx,c);
-                        }
-
-                if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
-                if (ret)
-                        {
-                        r->not_resumable=1;
-                        if (ctx->remove_session_cb != NULL)
-                                ctx->remove_session_cb(ctx,r);
-                        SSL_SESSION_free(r);
-                        }
-                }
-        else
-                ret=0;
-        return(ret);
-        }
-
-void SSL_SESSION_free(SSL_SESSION *ss)
-        {
-        int i;
-
-        if(ss == NULL)
-            return;
-
-        i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
-        REF_PRINT("SSL_SESSION",ss);
-#endif
-        if (i > 0) return;
-#ifdef REF_CHECK
-        if (i < 0)
-                {
-                fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
-                abort(); /* ok */
-                }
-#endif
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
-        OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
-        OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
-        OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
-        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
-        if (ss->peer != NULL) X509_free(ss->peer);
-        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-        OPENSSL_cleanse(ss,sizeof(*ss));
-        OPENSSL_free(ss);
-        }
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
-        {
-        int ret=0;
-        SSL_METHOD *meth;
-
-        if (session != NULL)
-                {
-                meth=s->ctx->method->get_ssl_method(session->ssl_version);
-                if (meth == NULL)
-                        meth=s->method->get_ssl_method(session->ssl_version);
-                if (meth == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-                        return(0);
-                        }
-
-                if (meth != s->method)
-                        {
-                        if (!SSL_set_ssl_method(s,meth))
-                                return(0);
-                        if (s->ctx->session_timeout == 0)
-                                session->timeout=SSL_get_default_timeout(s);
-                        else
-                                session->timeout=s->ctx->session_timeout;
-                        }
-
-#ifndef OPENSSL_NO_KRB5
-                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
-                    session->krb5_client_princ_len > 0)
-                {
-                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
-                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
-                            session->krb5_client_princ_len);
-                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
-                }
-#endif /* OPENSSL_NO_KRB5 */
-
-                /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
-                CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
-                if (s->session != NULL)
-                        SSL_SESSION_free(s->session);
-                s->session=session;
-                s->verify_result = s->session->verify_result;
-                /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
-                ret=1;
-                }
-        else
-                {
-                if (s->session != NULL)
-                        {
-                        SSL_SESSION_free(s->session);
-                        s->session=NULL;
-                        }
-
-                meth=s->ctx->method;
-                if (meth != s->method)
-                        {
-                        if (!SSL_set_ssl_method(s,meth))
-                                return(0);
-                        }
-                ret=1;
-                }
-        return(ret);
-        }
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-        {
-        if (s == NULL) return(0);
-        s->timeout=t;
-        return(1);
-        }
-
-long SSL_SESSION_get_timeout(const SSL_SESSION *s)
-        {
-        if (s == NULL) return(0);
-        return(s->timeout);
-        }
-
-long SSL_SESSION_get_time(const SSL_SESSION *s)
-        {
-        if (s == NULL) return(0);
-        return(s->time);
-        }
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
-        {
-        if (s == NULL) return(0);
-        s->time=t;
-        return(t);
-        }
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
-        {
-        long l;
-        if (s == NULL) return(0);
-        l=s->session_timeout;
-        s->session_timeout=t;
-        return(l);
-        }
-
-long SSL_CTX_get_timeout(const SSL_CTX *s)
-        {
-        if (s == NULL) return(0);
-        return(s->session_timeout);
-        }
-
-typedef struct timeout_param_st
-        {
-        SSL_CTX *ctx;
-        long time;
-        LHASH *cache;
-        } TIMEOUT_PARAM;
-
-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
-        {
-        if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
-                {
-                /* The reason we don't call SSL_CTX_remove_session() is to
-                 * save on locking overhead */
-                lh_delete(p->cache,s);
-                SSL_SESSION_list_remove(p->ctx,s);
-                s->not_resumable=1;
-                if (p->ctx->remove_session_cb != NULL)
-                        p->ctx->remove_session_cb(p->ctx,s);
-                SSL_SESSION_free(s);
-                }
-        }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
-        {
-        unsigned long i;
-        TIMEOUT_PARAM tp;
-
-        tp.ctx=s;
-        tp.cache=s->sessions;
-        if (tp.cache == NULL) return;
-        tp.time=t;
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        i=tp.cache->down_load;
-        tp.cache->down_load=0;
-        lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
-        tp.cache->down_load=i;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        }
-
-int ssl_clear_bad_session(SSL *s)
-        {
-        if (    (s->session != NULL) &&
-                !(s->shutdown & SSL_SENT_SHUTDOWN) &&
-                !(SSL_in_init(s) || SSL_in_before(s)))
-                {
-                SSL_CTX_remove_session(s->ctx,s->session);
-                return(1);
-                }
-        else
-                return(0);
-        }
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
-        {
-        if ((s->next == NULL) || (s->prev == NULL)) return;
-
-        if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
-                { /* last element in list */
-                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-                        { /* only one element in list */
-                        ctx->session_cache_head=NULL;
-                        ctx->session_cache_tail=NULL;
-                        }
-                else
-                        {
-                        ctx->session_cache_tail=s->prev;
-                        s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-                        }
-                }
-        else
-                {
-                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-                        { /* first element in list */
-                        ctx->session_cache_head=s->next;
-                        s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-                        }
-                else
-                        { /* middle of list */
-                        s->next->prev=s->prev;
-                        s->prev->next=s->next;
-                        }
-                }
-        s->prev=s->next=NULL;
-        }
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
-        {
-        if ((s->next != NULL) && (s->prev != NULL))
-                SSL_SESSION_list_remove(ctx,s);
-
-        if (ctx->session_cache_head == NULL)
-                {
-                ctx->session_cache_head=s;
-                ctx->session_cache_tail=s;
-                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-                s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-                }
-        else
-                {
-                s->next=ctx->session_cache_head;
-                s->next->prev=s;
-                s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-                ctx->session_cache_head=s;
-                }
-        }
-
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index b16d253081..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,502 +0,0 @@
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-const char *SSL_state_string_long(const SSL *s)
-        {
-        const char *str;
-
-        switch (s->state)
-                {
-case SSL_ST_BEFORE: str="before SSL initialization"; break;
-case SSL_ST_ACCEPT: str="before accept initialization"; break;
-case SSL_ST_CONNECT: str="before connect initialization"; break;
-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
-case SSL_ST_RENEGOTIATE:        str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_CW_CLNT_HELLO_A:   str="SSLv3 write client hello A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B:   str="SSLv3 write client hello B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A:   str="SSLv3 read server hello A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B:   str="SSLv3 read server hello B"; break;
-case SSL3_ST_CR_CERT_A:         str="SSLv3 read server certificate A"; break;
-case SSL3_ST_CR_CERT_B:         str="SSLv3 read server certificate B"; break;
-case SSL3_ST_CR_KEY_EXCH_A:     str="SSLv3 read server key exchange A"; break;
-case SSL3_ST_CR_KEY_EXCH_B:     str="SSLv3 read server key exchange B"; break;
-case SSL3_ST_CR_CERT_REQ_A:     str="SSLv3 read server certificate request A"; break;
-case SSL3_ST_CR_CERT_REQ_B:     str="SSLv3 read server certificate request B"; break;
-case SSL3_ST_CR_SRVR_DONE_A:    str="SSLv3 read server done A"; break;
-case SSL3_ST_CR_SRVR_DONE_B:    str="SSLv3 read server done B"; break;
-case SSL3_ST_CW_CERT_A:         str="SSLv3 write client certificate A"; break;
-case SSL3_ST_CW_CERT_B:         str="SSLv3 write client certificate B"; break;
-case SSL3_ST_CW_CERT_C:         str="SSLv3 write client certificate C"; break;
-case SSL3_ST_CW_CERT_D:         str="SSLv3 write client certificate D"; break;
-case SSL3_ST_CW_KEY_EXCH_A:     str="SSLv3 write client key exchange A"; break;
-case SSL3_ST_CW_KEY_EXCH_B:     str="SSLv3 write client key exchange B"; break;
-case SSL3_ST_CW_CERT_VRFY_A:    str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B:    str="SSLv3 write certificate verify B"; break;
-
-case SSL3_ST_CW_CHANGE_A:
-case SSL3_ST_SW_CHANGE_A:       str="SSLv3 write change cipher spec A"; break;
-case SSL3_ST_CW_CHANGE_B:       
-case SSL3_ST_SW_CHANGE_B:       str="SSLv3 write change cipher spec B"; break;
-case SSL3_ST_CW_FINISHED_A:     
-case SSL3_ST_SW_FINISHED_A:     str="SSLv3 write finished A"; break;
-case SSL3_ST_CW_FINISHED_B:     
-case SSL3_ST_SW_FINISHED_B:     str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:       
-case SSL3_ST_SR_CHANGE_A:       str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:       
-case SSL3_ST_SR_CHANGE_B:       str="SSLv3 read change cipher spec B"; break;
-case SSL3_ST_CR_FINISHED_A:     
-case SSL3_ST_SR_FINISHED_A:     str="SSLv3 read finished A"; break;
-case SSL3_ST_CR_FINISHED_B:     
-case SSL3_ST_SR_FINISHED_B:     str="SSLv3 read finished B"; break;
-
-case SSL3_ST_CW_FLUSH:
-case SSL3_ST_SW_FLUSH:          str="SSLv3 flush data"; break;
-
-case SSL3_ST_SR_CLNT_HELLO_A:   str="SSLv3 read client hello A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B:   str="SSLv3 read client hello B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C:   str="SSLv3 read client hello C"; break;
-case SSL3_ST_SW_HELLO_REQ_A:    str="SSLv3 write hello request A"; break;
-case SSL3_ST_SW_HELLO_REQ_B:    str="SSLv3 write hello request B"; break;
-case SSL3_ST_SW_HELLO_REQ_C:    str="SSLv3 write hello request C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A:   str="SSLv3 write server hello A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B:   str="SSLv3 write server hello B"; break;
-case SSL3_ST_SW_CERT_A:         str="SSLv3 write certificate A"; break;
-case SSL3_ST_SW_CERT_B:         str="SSLv3 write certificate B"; break;
-case SSL3_ST_SW_KEY_EXCH_A:     str="SSLv3 write key exchange A"; break;
-case SSL3_ST_SW_KEY_EXCH_B:     str="SSLv3 write key exchange B"; break;
-case SSL3_ST_SW_CERT_REQ_A:     str="SSLv3 write certificate request A"; break;
-case SSL3_ST_SW_CERT_REQ_B:     str="SSLv3 write certificate request B"; break;
-case SSL3_ST_SW_SRVR_DONE_A:    str="SSLv3 write server done A"; break;
-case SSL3_ST_SW_SRVR_DONE_B:    str="SSLv3 write server done B"; break;
-case SSL3_ST_SR_CERT_A:         str="SSLv3 read client certificate A"; break;
-case SSL3_ST_SR_CERT_B:         str="SSLv3 read client certificate B"; break;
-case SSL3_ST_SR_KEY_EXCH_A:     str="SSLv3 read client key exchange A"; break;
-case SSL3_ST_SR_KEY_EXCH_B:     str="SSLv3 read client key exchange B"; break;
-case SSL3_ST_SR_CERT_VRFY_A:    str="SSLv3 read certificate verify A"; break;
-case SSL3_ST_SR_CERT_VRFY_B:    str="SSLv3 read certificate verify B"; break;
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A:  str="SSLv2/v3 write client hello A"; break;
-case SSL23_ST_CW_CLNT_HELLO_B:  str="SSLv2/v3 write client hello B"; break;
-case SSL23_ST_CR_SRVR_HELLO_A:  str="SSLv2/v3 read server hello A"; break;
-case SSL23_ST_CR_SRVR_HELLO_B:  str="SSLv2/v3 read server hello B"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A:  str="SSLv2/v3 read client hello A"; break;
-case SSL23_ST_SR_CLNT_HELLO_B:  str="SSLv2/v3 read client hello B"; break;
-#endif
-
-default:        str="unknown state"; break;
-                }
-        return(str);
-        }
-
-const char *SSL_rstate_string_long(const SSL *s)
-        {
-        const char *str;
-
-        switch (s->rstate)
-                {
-        case SSL_ST_READ_HEADER: str="read header"; break;
-        case SSL_ST_READ_BODY: str="read body"; break;
-        case SSL_ST_READ_DONE: str="read done"; break;
-        default: str="unknown"; break;
-                }
-        return(str);
-        }
-
-const char *SSL_state_string(const SSL *s)
-        {
-        const char *str;
-
-        switch (s->state)
-                {
-case SSL_ST_BEFORE:                             str="PINIT "; break;
-case SSL_ST_ACCEPT:                             str="AINIT "; break;
-case SSL_ST_CONNECT:                            str="CINIT "; break;
-case SSL_ST_OK:                                 str="SSLOK "; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION:           str="2CSENC"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION:           str="2SSENC"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A:               str="2SCH_A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B:               str="2SCH_B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A:                str="2GSH_A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B:                str="2GSH_B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:          str="2SCMKA"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:          str="2SCMKB"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A:            str="2SCF_A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B:            str="2SCF_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:         str="2SCC_A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:         str="2SCC_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:         str="2SCC_C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:         str="2SCC_D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A:               str="2GSV_A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B:               str="2GSV_B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A:             str="2GSF_A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B:             str="2GSF_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A:                str="2GCH_A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B:                str="2GCH_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C:                str="2GCH_C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A:               str="2SSH_A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B:               str="2SSH_B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A:           str="2GCMKA"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B:           str="2GCMKA"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A:              str="2SSV_A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B:              str="2SSV_B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C:              str="2SSV_C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A:             str="2GCF_A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B:             str="2GCF_B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A:            str="2SSF_A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B:            str="2SSF_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:        str="2SRC_A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:        str="2SRC_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:        str="2SRC_C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:        str="2SRC_D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE:       str="2X9GSC"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:       str="2X9GCC"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_SW_FLUSH:
-case SSL3_ST_CW_FLUSH:                          str="3FLUSH"; break;
-case SSL3_ST_CW_CLNT_HELLO_A:                   str="3WCH_A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B:                   str="3WCH_B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A:                   str="3RSH_A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B:                   str="3RSH_B"; break;
-case SSL3_ST_CR_CERT_A:                         str="3RSC_A"; break;
-case SSL3_ST_CR_CERT_B:                         str="3RSC_B"; break;
-case SSL3_ST_CR_KEY_EXCH_A:                     str="3RSKEA"; break;
-case SSL3_ST_CR_KEY_EXCH_B:                     str="3RSKEB"; break;
-case SSL3_ST_CR_CERT_REQ_A:                     str="3RCR_A"; break;
-case SSL3_ST_CR_CERT_REQ_B:                     str="3RCR_B"; break;
-case SSL3_ST_CR_SRVR_DONE_A:                    str="3RSD_A"; break;
-case SSL3_ST_CR_SRVR_DONE_B:                    str="3RSD_B"; break;
-case SSL3_ST_CW_CERT_A:                         str="3WCC_A"; break;
-case SSL3_ST_CW_CERT_B:                         str="3WCC_B"; break;
-case SSL3_ST_CW_CERT_C:                         str="3WCC_C"; break;
-case SSL3_ST_CW_CERT_D:                         str="3WCC_D"; break;
-case SSL3_ST_CW_KEY_EXCH_A:                     str="3WCKEA"; break;
-case SSL3_ST_CW_KEY_EXCH_B:                     str="3WCKEB"; break;
-case SSL3_ST_CW_CERT_VRFY_A:                    str="3WCV_A"; break;
-case SSL3_ST_CW_CERT_VRFY_B:                    str="3WCV_B"; break;
-
-case SSL3_ST_SW_CHANGE_A:
-case SSL3_ST_CW_CHANGE_A:                       str="3WCCSA"; break;
-case SSL3_ST_SW_CHANGE_B:
-case SSL3_ST_CW_CHANGE_B:                       str="3WCCSB"; break;
-case SSL3_ST_SW_FINISHED_A:
-case SSL3_ST_CW_FINISHED_A:                     str="3WFINA"; break;
-case SSL3_ST_SW_FINISHED_B:
-case SSL3_ST_CW_FINISHED_B:                     str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
-case SSL3_ST_CR_CHANGE_A:                       str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
-case SSL3_ST_CR_CHANGE_B:                       str="3RCCSB"; break;
-case SSL3_ST_SR_FINISHED_A:
-case SSL3_ST_CR_FINISHED_A:                     str="3RFINA"; break;
-case SSL3_ST_SR_FINISHED_B:
-case SSL3_ST_CR_FINISHED_B:                     str="3RFINB"; break;
-
-case SSL3_ST_SW_HELLO_REQ_A:                    str="3WHR_A"; break;
-case SSL3_ST_SW_HELLO_REQ_B:                    str="3WHR_B"; break;
-case SSL3_ST_SW_HELLO_REQ_C:                    str="3WHR_C"; break;
-case SSL3_ST_SR_CLNT_HELLO_A:                   str="3RCH_A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B:                   str="3RCH_B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C:                   str="3RCH_C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A:                   str="3WSH_A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B:                   str="3WSH_B"; break;
-case SSL3_ST_SW_CERT_A:                         str="3WSC_A"; break;
-case SSL3_ST_SW_CERT_B:                         str="3WSC_B"; break;
-case SSL3_ST_SW_KEY_EXCH_A:                     str="3WSKEA"; break;
-case SSL3_ST_SW_KEY_EXCH_B:                     str="3WSKEB"; break;
-case SSL3_ST_SW_CERT_REQ_A:                     str="3WCR_A"; break;
-case SSL3_ST_SW_CERT_REQ_B:                     str="3WCR_B"; break;
-case SSL3_ST_SW_SRVR_DONE_A:                    str="3WSD_A"; break;
-case SSL3_ST_SW_SRVR_DONE_B:                    str="3WSD_B"; break;
-case SSL3_ST_SR_CERT_A:                         str="3RCC_A"; break;
-case SSL3_ST_SR_CERT_B:                         str="3RCC_B"; break;
-case SSL3_ST_SR_KEY_EXCH_A:                     str="3RCKEA"; break;
-case SSL3_ST_SR_KEY_EXCH_B:                     str="3RCKEB"; break;
-case SSL3_ST_SR_CERT_VRFY_A:                    str="3RCV_A"; break;
-case SSL3_ST_SR_CERT_VRFY_B:                    str="3RCV_B"; break;
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A:                  str="23WCHA"; break;
-case SSL23_ST_CW_CLNT_HELLO_B:                  str="23WCHB"; break;
-case SSL23_ST_CR_SRVR_HELLO_A:                  str="23RSHA"; break;
-case SSL23_ST_CR_SRVR_HELLO_B:                  str="23RSHA"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A:                  str="23RCHA"; break;
-case SSL23_ST_SR_CLNT_HELLO_B:                  str="23RCHB"; break;
-#endif
-
-default:                                        str="UNKWN "; break;
-                }
-        return(str);
-        }
-
-const char *SSL_alert_type_string_long(int value)
-        {
-        value>>=8;
-        if (value == SSL3_AL_WARNING)
-                return("warning");
-        else if (value == SSL3_AL_FATAL)
-                return("fatal");
-        else
-                return("unknown");
-        }
-
-const char *SSL_alert_type_string(int value)
-        {
-        value>>=8;
-        if (value == SSL3_AL_WARNING)
-                return("W");
-        else if (value == SSL3_AL_FATAL)
-                return("F");
-        else
-                return("U");
-        }
-
-const char *SSL_alert_desc_string(int value)
-        {
-        const char *str;
-
-        switch (value & 0xff)
-                {
-        case SSL3_AD_CLOSE_NOTIFY:              str="CN"; break;
-        case SSL3_AD_UNEXPECTED_MESSAGE:        str="UM"; break;
-        case SSL3_AD_BAD_RECORD_MAC:            str="BM"; break;
-        case SSL3_AD_DECOMPRESSION_FAILURE:     str="DF"; break;
-        case SSL3_AD_HANDSHAKE_FAILURE:         str="HF"; break;
-        case SSL3_AD_NO_CERTIFICATE:            str="NC"; break;
-        case SSL3_AD_BAD_CERTIFICATE:           str="BC"; break;
-        case SSL3_AD_UNSUPPORTED_CERTIFICATE:   str="UC"; break;
-        case SSL3_AD_CERTIFICATE_REVOKED:       str="CR"; break;
-        case SSL3_AD_CERTIFICATE_EXPIRED:       str="CE"; break;
-        case SSL3_AD_CERTIFICATE_UNKNOWN:       str="CU"; break;
-        case SSL3_AD_ILLEGAL_PARAMETER:         str="IP"; break;
-        case TLS1_AD_DECRYPTION_FAILED:         str="DC"; break;
-        case TLS1_AD_RECORD_OVERFLOW:           str="RO"; break;
-        case TLS1_AD_UNKNOWN_CA:                str="CA"; break;
-        case TLS1_AD_ACCESS_DENIED:             str="AD"; break;
-        case TLS1_AD_DECODE_ERROR:              str="DE"; break;
-        case TLS1_AD_DECRYPT_ERROR:             str="CY"; break;
-        case TLS1_AD_EXPORT_RESTRICTION:        str="ER"; break;
-        case TLS1_AD_PROTOCOL_VERSION:          str="PV"; break;
-        case TLS1_AD_INSUFFICIENT_SECURITY:     str="IS"; break;
-        case TLS1_AD_INTERNAL_ERROR:            str="IE"; break;
-        case TLS1_AD_USER_CANCELLED:            str="US"; break;
-        case TLS1_AD_NO_RENEGOTIATION:          str="NR"; break;
-        default:                                str="UK"; break;
-                }
-        return(str);
-        }
-
-const char *SSL_alert_desc_string_long(int value)
-        {
-        const char *str;
-
-        switch (value & 0xff)
-                {
-        case SSL3_AD_CLOSE_NOTIFY:
-                str="close notify";
-                break;
-        case SSL3_AD_UNEXPECTED_MESSAGE:
-                str="unexpected_message";
-                break;
-        case SSL3_AD_BAD_RECORD_MAC:
-                str="bad record mac";
-                break;
-        case SSL3_AD_DECOMPRESSION_FAILURE:
-                str="decompression failure";
-                break;
-        case SSL3_AD_HANDSHAKE_FAILURE:
-                str="handshake failure";
-                break;
-        case SSL3_AD_NO_CERTIFICATE:
-                str="no certificate";
-                break;
-        case SSL3_AD_BAD_CERTIFICATE:
-                str="bad certificate";
-                break;
-        case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-                str="unsupported certificate";
-                break;
-        case SSL3_AD_CERTIFICATE_REVOKED:
-                str="certificate revoked";
-                break;
-        case SSL3_AD_CERTIFICATE_EXPIRED:
-                str="certificate expired";
-                break;
-        case SSL3_AD_CERTIFICATE_UNKNOWN:
-                str="certificate unknown";
-                break;
-        case SSL3_AD_ILLEGAL_PARAMETER:
-                str="illegal parameter";
-                break;
-        case TLS1_AD_DECRYPTION_FAILED:
-                str="decryption failed";
-                break;
-        case TLS1_AD_RECORD_OVERFLOW:
-                str="record overflow";
-                break;
-        case TLS1_AD_UNKNOWN_CA:
-                str="unknown CA";
-                break;
-        case TLS1_AD_ACCESS_DENIED:
-                str="access denied";
-                break;
-        case TLS1_AD_DECODE_ERROR:
-                str="decode error";
-                break;
-        case TLS1_AD_DECRYPT_ERROR:
-                str="decrypt error";
-                break;
-        case TLS1_AD_EXPORT_RESTRICTION:
-                str="export restriction";
-                break;
-        case TLS1_AD_PROTOCOL_VERSION:
-                str="protocol version";
-                break;
-        case TLS1_AD_INSUFFICIENT_SECURITY:
-                str="insufficient security";
-                break;
-        case TLS1_AD_INTERNAL_ERROR:
-                str="internal error";
-                break;
-        case TLS1_AD_USER_CANCELLED:
-                str="user canceled";
-                break;
-        case TLS1_AD_NO_RENEGOTIATION:
-                str="no renegotiation";
-                break;
-        default: str="unknown"; break;
-                }
-        return(str);
-        }
-
-const char *SSL_rstate_string(const SSL *s)
-        {
-        const char *str;
-
-        switch (s->rstate)
-                {
-        case SSL_ST_READ_HEADER:str="RH"; break;
-        case SSL_ST_READ_BODY:  str="RB"; break;
-        case SSL_ST_READ_DONE:  str="RD"; break;
-        default: str="unknown"; break;
-                }
-        return(str);
-        }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 8655a31333..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
-                {
-                SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=SSL_SESSION_print(b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
-        {
-        unsigned int i;
-        char *s;
-
-        if (x == NULL) goto err;
-        if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
-        if (x->ssl_version == SSL2_VERSION)
-                s="SSLv2";
-        else if (x->ssl_version == SSL3_VERSION)
-                s="SSLv3";
-        else if (x->ssl_version == TLS1_VERSION)
-                s="TLSv1";
-        else
-                s="unknown";
-        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
-
-        if (x->cipher == NULL)
-                {
-                if (((x->cipher_id) & 0xff000000) == 0x02000000)
-                        {
-                        if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
-                                goto err;
-                        }
-                else
-                        {
-                        if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
-                                goto err;
-                        }
-                }
-        else
-                {
-                if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
-                        goto err;
-                }
-        if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
-        for (i=0; i<x->session_id_length; i++)
-                {
-                if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
-                }
-        if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
-        for (i=0; i<x->sid_ctx_length; i++)
-                {
-                if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
-                        goto err;
-                }
-        if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
-        for (i=0; i<(unsigned int)x->master_key_length; i++)
-                {
-                if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
-                }
-        if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
-        if (x->key_arg_length == 0)
-                {
-                if (BIO_puts(bp,"None") <= 0) goto err;
-                }
-        else
-                for (i=0; i<x->key_arg_length; i++)
-                        {
-                        if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
-                        }
-#ifndef OPENSSL_NO_KRB5
-       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;
-            if (x->krb5_client_princ_len == 0)
-            {
-                if (BIO_puts(bp,"None") <= 0) goto err;
-                }
-        else
-                for (i=0; i<x->krb5_client_princ_len; i++)
-                        {
-                        if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
-                        }
-#endif /* OPENSSL_NO_KRB5 */
-        if (x->compress_meth != 0)
-                {
-                SSL_COMP *comp;
-
-                ssl_cipher_get_evp(x,NULL,NULL,&comp);
-                if (comp == NULL)
-                        {
-                        if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
-                        }
-                else
-                        {
-                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
-                        }
-                }       
-        if (x->time != 0L)
-                {
-                if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
-                }
-        if (x->timeout != 0L)
-                {
-                if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
-                }
-        if (BIO_puts(bp,"\n") <= 0) goto err;
-
-        if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
-        if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
-                X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
-                
-        return(1);
-err:
-        return(0);
-        }
-
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index 57205fb429..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *tls1_get_client_method(int ver);
-static SSL_METHOD *tls1_get_client_method(int ver)
-        {
-        if (ver == TLS1_VERSION)
-                return(TLSv1_client_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *TLSv1_client_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_client_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_client_data.ssl_connect=ssl3_connect;
-                        TLSv1_client_data.get_ssl_method=tls1_get_client_method;
-                        init=0;
-                        }
-                
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&TLSv1_client_data);
-        }
-
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 2c6246abf5..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,816 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/comp.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/fips.h>
-
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                        int sec_len, unsigned char *seed, int seed_len,
-                        unsigned char *out, int olen)
-        {
-        int chunk,n;
-        unsigned int j;
-        HMAC_CTX ctx;
-        HMAC_CTX ctx_tmp;
-        unsigned char A1[EVP_MAX_MD_SIZE];
-        unsigned int A1_len;
-        
-        chunk=EVP_MD_size(md);
-
-        HMAC_CTX_init(&ctx);
-        HMAC_CTX_init(&ctx_tmp);
-        HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
-        HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
-        HMAC_Update(&ctx,seed,seed_len);
-        HMAC_Final(&ctx,A1,&A1_len);
-
-        n=0;
-        for (;;)
-                {
-                HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
-                HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
-                HMAC_Update(&ctx,A1,A1_len);
-                HMAC_Update(&ctx_tmp,A1,A1_len);
-                HMAC_Update(&ctx,seed,seed_len);
-
-                if (olen > chunk)
-                        {
-                        HMAC_Final(&ctx,out,&j);
-                        out+=j;
-                        olen-=j;
-                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
-                        }
-                else    /* last one */
-                        {
-                        HMAC_Final(&ctx,A1,&A1_len);
-                        memcpy(out,A1,olen);
-                        break;
-                        }
-                }
-        HMAC_CTX_cleanup(&ctx);
-        HMAC_CTX_cleanup(&ctx_tmp);
-        OPENSSL_cleanse(A1,sizeof(A1));
-        }
-
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
-                     unsigned char *label, int label_len,
-                     const unsigned char *sec, int slen, unsigned char *out1,
-                     unsigned char *out2, int olen)
-        {
-        int len,i;
-        const unsigned char *S1,*S2;
-
-        len=slen/2;
-        S1=sec;
-        S2= &(sec[len]);
-        len+=(slen&1); /* add for odd, make longer */
-
-        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-
-        for (i=0; i<olen; i++)
-                out1[i]^=out2[i];
-        }
-
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
-             unsigned char *tmp, int num)
-        {
-        unsigned char *p;
-        unsigned char buf[SSL3_RANDOM_SIZE*2+
-                TLS_MD_MAX_CONST_SIZE];
-        p=buf;
-
-        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
-                TLS_MD_KEY_EXPANSION_CONST_SIZE);
-        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
-        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
-                 s->session->master_key,s->session->master_key_length,
-                 km,tmp,num);
-#ifdef KSSL_DEBUG
-        printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
-                s->session->master_key_length);
-        {
-        int i;
-        for (i=0; i < s->session->master_key_length; i++)
-                {
-                printf("%02X", s->session->master_key[i]);
-                }
-        printf("\n");  }
-#endif    /* KSSL_DEBUG */
-        }
-
-int tls1_change_cipher_state(SSL *s, int which)
-        {
-        static const unsigned char empty[]="";
-        unsigned char *p,*key_block,*mac_secret;
-        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
-                SSL3_RANDOM_SIZE*2];
-        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
-        unsigned char iv2[EVP_MAX_IV_LENGTH*2];
-        unsigned char *ms,*key,*iv,*er1,*er2;
-        int client_write;
-        EVP_CIPHER_CTX *dd;
-        const EVP_CIPHER *c;
-        const SSL_COMP *comp;
-        const EVP_MD *m;
-        int is_export,n,i,j,k,exp_label_len,cl;
-        int reuse_dd = 0;
-
-        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-        c=s->s3->tmp.new_sym_enc;
-        m=s->s3->tmp.new_hash;
-        comp=s->s3->tmp.new_compression;
-        key_block=s->s3->tmp.key_block;
-
-#ifdef KSSL_DEBUG
-        printf("tls1_change_cipher_state(which= %d) w/\n", which);
-        printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
-                comp);
-        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
-        printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
-                c->nid,c->block_size,c->key_len,c->iv_len);
-        printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
-        {
-        int i;
-        for (i=0; i<s->s3->tmp.key_block_length; i++)
-                printf("%02x", key_block[i]);  printf("\n");
-        }
-#endif  /* KSSL_DEBUG */
-
-        if (which & SSL3_CC_READ)
-                {
-                if (s->enc_read_ctx != NULL)
-                        reuse_dd = 1;
-                else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-                        goto err;
-                dd= s->enc_read_ctx;
-                s->read_hash=m;
-                if (s->expand != NULL)
-                        {
-                        COMP_CTX_free(s->expand);
-                        s->expand=NULL;
-                        }
-                if (comp != NULL)
-                        {
-                        s->expand=COMP_CTX_new(comp->method);
-                        if (s->expand == NULL)
-                                {
-                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-                                goto err2;
-                                }
-                        if (s->s3->rrec.comp == NULL)
-                                s->s3->rrec.comp=(unsigned char *)
-                                        OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
-                        if (s->s3->rrec.comp == NULL)
-                                goto err;
-                        }
-                memset(&(s->s3->read_sequence[0]),0,8);
-                mac_secret= &(s->s3->read_mac_secret[0]);
-                }
-        else
-                {
-                if (s->enc_write_ctx != NULL)
-                        reuse_dd = 1;
-                else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-                        goto err;
-                if ((s->enc_write_ctx == NULL) &&
-                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-                        goto err;
-                dd= s->enc_write_ctx;
-                s->write_hash=m;
-                if (s->compress != NULL)
-                        {
-                        COMP_CTX_free(s->compress);
-                        s->compress=NULL;
-                        }
-                if (comp != NULL)
-                        {
-                        s->compress=COMP_CTX_new(comp->method);
-                        if (s->compress == NULL)
-                                {
-                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-                                goto err2;
-                                }
-                        }
-                memset(&(s->s3->write_sequence[0]),0,8);
-                mac_secret= &(s->s3->write_mac_secret[0]);
-                }
-
-        if (reuse_dd)
-                EVP_CIPHER_CTX_cleanup(dd);
-        EVP_CIPHER_CTX_init(dd);
-
-        p=s->s3->tmp.key_block;
-        i=EVP_MD_size(m);
-        cl=EVP_CIPHER_key_length(c);
-        j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-        k=EVP_CIPHER_iv_length(c);
-        er1= &(s->s3->client_random[0]);
-        er2= &(s->s3->server_random[0]);
-        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
-                {
-                ms=  &(p[ 0]); n=i+i;
-                key= &(p[ n]); n+=j+j;
-                iv=  &(p[ n]); n+=k+k;
-                exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
-                exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
-                client_write=1;
-                }
-        else
-                {
-                n=i;
-                ms=  &(p[ n]); n+=i+j;
-                key= &(p[ n]); n+=j+k;
-                iv=  &(p[ n]); n+=k;
-                exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
-                exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
-                client_write=0;
-                }
-
-        if (n > s->s3->tmp.key_block_length)
-                {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
-                goto err2;
-                }
-
-        memcpy(mac_secret,ms,i);
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
-        if (is_export)
-                {
-                /* In here I set both the read and write key/iv to the
-                 * same value since only the correct one will be used :-).
-                 */
-                p=buf;
-                memcpy(p,exp_label,exp_label_len);
-                p+=exp_label_len;
-                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-                         tmp1,tmp2,EVP_CIPHER_key_length(c));
-                key=tmp1;
-
-                if (k > 0)
-                        {
-                        p=buf;
-                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
-                                TLS_MD_IV_BLOCK_CONST_SIZE);
-                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
-                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                        p+=SSL3_RANDOM_SIZE;
-                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                        p+=SSL3_RANDOM_SIZE;
-                        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
-                                 iv1,iv2,k*2);
-                        if (client_write)
-                                iv=iv1;
-                        else
-                                iv= &(iv1[k]);
-                        }
-                }
-
-        s->session->key_arg_length=0;
-#ifdef KSSL_DEBUG
-        {
-        int i;
-        printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-        printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
-        printf("\n");
-        printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
-        printf("\n");
-        }
-#endif  /* KSSL_DEBUG */
-
-        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
-        OPENSSL_cleanse(tmp1,sizeof(tmp1));
-        OPENSSL_cleanse(tmp2,sizeof(tmp1));
-        OPENSSL_cleanse(iv1,sizeof(iv1));
-        OPENSSL_cleanse(iv2,sizeof(iv2));
-        return(1);
-err:
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
-        return(0);
-        }
-
-int tls1_setup_key_block(SSL *s)
-        {
-        unsigned char *p1,*p2;
-        const EVP_CIPHER *c;
-        const EVP_MD *hash;
-        int num;
-        SSL_COMP *comp;
-
-#ifdef KSSL_DEBUG
-        printf ("tls1_setup_key_block()\n");
-#endif  /* KSSL_DEBUG */
-
-        if (s->s3->tmp.key_block_length != 0)
-                return(1);
-
-        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
-                {
-                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-                return(0);
-                }
-
-        s->s3->tmp.new_sym_enc=c;
-        s->s3->tmp.new_hash=hash;
-
-        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
-        num*=2;
-
-        ssl3_cleanup_key_block(s);
-
-        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                goto err;
-        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                goto err;
-
-        s->s3->tmp.key_block_length=num;
-        s->s3->tmp.key_block=p1;
-
-
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
-        tls1_generate_key_block(s,p1,p2,num);
-        OPENSSL_cleanse(p2,num);
-        OPENSSL_free(p2);
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-
-        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-                {
-                /* enable vulnerability countermeasure for CBC ciphers with
-                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-                 */
-                s->s3->need_empty_fragments = 1;
-
-                if (s->session->cipher != NULL)
-                        {
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
-                                s->s3->need_empty_fragments = 0;
-                        
-#ifndef OPENSSL_NO_RC4
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
-                                s->s3->need_empty_fragments = 0;
-#endif
-                        }
-                }
-
-        return(1);
-err:
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-        return(0);
-        }
-
-int tls1_enc(SSL *s, int send)
-        {
-        SSL3_RECORD *rec;
-        EVP_CIPHER_CTX *ds;
-        unsigned long l;
-        int bs,i,ii,j,k,n=0;
-        const EVP_CIPHER *enc;
-
-        if (send)
-                {
-                if (s->write_hash != NULL)
-                        n=EVP_MD_size(s->write_hash);
-                ds=s->enc_write_ctx;
-                rec= &(s->s3->wrec);
-                if (s->enc_write_ctx == NULL)
-                        enc=NULL;
-                else
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-                }
-        else
-                {
-                if (s->read_hash != NULL)
-                        n=EVP_MD_size(s->read_hash);
-                ds=s->enc_read_ctx;
-                rec= &(s->s3->rrec);
-                if (s->enc_read_ctx == NULL)
-                        enc=NULL;
-                else
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-                }
-
-#ifdef KSSL_DEBUG
-        printf("tls1_enc(%d)\n", send);
-#endif    /* KSSL_DEBUG */
-
-        if ((s->session == NULL) || (ds == NULL) ||
-                (enc == NULL))
-                {
-                memmove(rec->data,rec->input,rec->length);
-                rec->input=rec->data;
-                }
-        else
-                {
-                l=rec->length;
-                bs=EVP_CIPHER_block_size(ds->cipher);
-
-                if ((bs != 1) && send)
-                        {
-                        i=bs-((int)l%bs);
-
-                        /* Add weird padding of upto 256 bytes */
-
-                        /* we need to add 'i' padding bytes of value j */
-                        j=i-1;
-                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
-                                {
-                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                        j++;
-                                }
-                        for (k=(int)l; k<(int)(l+i); k++)
-                                rec->input[k]=j;
-                        l+=i;
-                        rec->length+=i;
-                        }
-
-#ifdef KSSL_DEBUG
-                {
-                unsigned long ui;
-                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
-                        ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
-                        ds->cipher->iv_len);
-                printf("\t\tIV: ");
-                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
-                printf("\n");
-                printf("\trec->input=");
-                for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
-                printf("\n");
-                }
-#endif  /* KSSL_DEBUG */
-
-                if (!send)
-                        {
-                        if (l == 0 || l%bs != 0)
-                                {
-                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                                return 0;
-                                }
-                        }
-                
-                EVP_Cipher(ds,rec->data,rec->input,l);
-
-#ifdef KSSL_DEBUG
-                {
-                unsigned long i;
-                printf("\trec->data=");
-                for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
-                }
-#endif  /* KSSL_DEBUG */
-
-                if ((bs != 1) && !send)
-                        {
-                        ii=i=rec->data[l-1]; /* padding_length */
-                        i++;
-                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
-                                {
-                                /* First packet is even in size, so check */
-                                if ((memcmp(s->s3->read_sequence,
-                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
-                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                        i--;
-                                }
-                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
-                         * All of them must have value 'padding_length'. */
-                        if (i > (int)rec->length)
-                                {
-                                /* Incorrect padding. SSLerr() and ssl3_alert are done
-                                 * by caller: we don't want to reveal whether this is
-                                 * a decryption error or a MAC verification failure
-                                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-                                return -1;
-                                }
-                        for (j=(int)(l-i); j<(int)l; j++)
-                                {
-                                if (rec->data[j] != ii)
-                                        {
-                                        /* Incorrect padding */
-                                        return -1;
-                                        }
-                                }
-                        rec->length-=i;
-                        }
-                }
-        return(1);
-        }
-
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
-        {
-        unsigned int ret;
-        EVP_MD_CTX ctx;
-
-        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
-        EVP_DigestFinal_ex(&ctx,out,&ret);
-        EVP_MD_CTX_cleanup(&ctx);
-        return((int)ret);
-        }
-
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
-             const char *str, int slen, unsigned char *out)
-        {
-        unsigned int i;
-        EVP_MD_CTX ctx;
-        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-        unsigned char *q,buf2[12];
-
-        q=buf;
-        memcpy(q,str,slen);
-        q+=slen;
-
-        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-        EVP_DigestFinal_ex(&ctx,q,&i);
-        q+=i;
-        EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
-        EVP_DigestFinal_ex(&ctx,q,&i);
-        q+=i;
-
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
-                s->session->master_key,s->session->master_key_length,
-                out,buf2,sizeof buf2);
-        EVP_MD_CTX_cleanup(&ctx);
-
-        return sizeof buf2;
-        }
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
-        {
-        SSL3_RECORD *rec;
-        unsigned char *mac_sec,*seq;
-        const EVP_MD *hash;
-        unsigned int md_size;
-        int i;
-        HMAC_CTX hmac;
-        unsigned char buf[5]; 
-
-        if (send)
-                {
-                rec= &(ssl->s3->wrec);
-                mac_sec= &(ssl->s3->write_mac_secret[0]);
-                seq= &(ssl->s3->write_sequence[0]);
-                hash=ssl->write_hash;
-                }
-        else
-                {
-                rec= &(ssl->s3->rrec);
-                mac_sec= &(ssl->s3->read_mac_secret[0]);
-                seq= &(ssl->s3->read_sequence[0]);
-                hash=ssl->read_hash;
-                }
-
-        md_size=EVP_MD_size(hash);
-
-        buf[0]=rec->type;
-        buf[1]=TLS1_VERSION_MAJOR;
-        buf[2]=TLS1_VERSION_MINOR;
-        buf[3]=rec->length>>8;
-        buf[4]=rec->length&0xff;
-
-        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-        HMAC_CTX_init(&hmac);
-        HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-        HMAC_Update(&hmac,seq,8);
-        HMAC_Update(&hmac,buf,5);
-        HMAC_Update(&hmac,rec->input,rec->length);
-        HMAC_Final(&hmac,md,&md_size);
-        HMAC_CTX_cleanup(&hmac);
-
-#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
-#endif
-
-        for (i=7; i>=0; i--)
-                {
-                ++seq[i];
-                if (seq[i] != 0) break; 
-                }
-
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
-#endif
-        return(md_size);
-        }
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-             int len)
-        {
-        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
-        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-
-#ifdef KSSL_DEBUG
-        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
-#endif  /* KSSL_DEBUG */
-
-        /* Setup the stuff to munge */
-        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
-                TLS_MD_MASTER_SECRET_CONST_SIZE);
-        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                s->s3->client_random,SSL3_RANDOM_SIZE);
-        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                s->s3->server_random,SSL3_RANDOM_SIZE);
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,
-                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-                s->session->master_key,buff,sizeof buff);
-#ifdef KSSL_DEBUG
-        printf ("tls1_generate_master_secret() complete\n");
-#endif  /* KSSL_DEBUG */
-        return(SSL3_MASTER_SECRET_SIZE);
-        }
-
-int tls1_alert_code(int code)
-        {
-        switch (code)
-                {
-        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
-        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
-        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
-        case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
-        case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
-        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
-        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
-        case SSL_AD_NO_CERTIFICATE:     return(-1);
-        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
-        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
-        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
-        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
-        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
-        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
-        case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
-        case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
-        case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
-        case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
-        case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
-        case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
-        case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
-        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
-        case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
-        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
-        default:                        return(-1);
-                }
-        }
-
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index ca6c03d5af..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
-
-static long tls1_default_timeout(void);
-
-static SSL3_ENC_METHOD TLSv1_enc_data={
-        tls1_enc,
-        tls1_mac,
-        tls1_setup_key_block,
-        tls1_generate_master_secret,
-        tls1_change_cipher_state,
-        tls1_final_finish_mac,
-        TLS1_FINISH_MAC_LENGTH,
-        tls1_cert_verify_mac,
-        TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-        TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-        tls1_alert_code,
-        };
-
-static SSL_METHOD TLSv1_data= {
-        TLS1_VERSION,
-        tls1_new,
-        tls1_clear,
-        tls1_free,
-        ssl_undefined_function,
-        ssl_undefined_function,
-        ssl3_read,
-        ssl3_peek,
-        ssl3_write,
-        ssl3_shutdown,
-        ssl3_renegotiate,
-        ssl3_renegotiate_check,
-        ssl3_ctrl,
-        ssl3_ctx_ctrl,
-        ssl3_get_cipher_by_char,
-        ssl3_put_cipher_by_char,
-        ssl3_pending,
-        ssl3_num_ciphers,
-        ssl3_get_cipher,
-        ssl_bad_method,
-        tls1_default_timeout,
-        &TLSv1_enc_data,
-        ssl_undefined_function,
-        ssl3_callback_ctrl,
-        ssl3_ctx_callback_ctrl,
-        };
-
-static long tls1_default_timeout(void)
-        {
-        /* 2 hours, the 24 hours mentioned in the TLSv1 spec
-         * is way too long for http, the cache would over fill */
-        return(60*60*2);
-        }
-
-SSL_METHOD *tlsv1_base_method(void)
-        {
-        return(&TLSv1_data);
-        }
-
-int tls1_new(SSL *s)
-        {
-        if (!ssl3_new(s)) return(0);
-        s->method->ssl_clear(s);
-        return(1);
-        }
-
-void tls1_free(SSL *s)
-        {
-        ssl3_free(s);
-        }
-
-void tls1_clear(SSL *s)
-        {
-        ssl3_clear(s);
-        s->version=TLS1_VERSION;
-        }
-
-#if 0
-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
-        {
-        return(0);
-        }
-
-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
-        {
-        return(0);
-        }
-#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index fcc243f782..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_method(int ver);
-static SSL_METHOD *tls1_get_method(int ver)
-        {
-        if (ver == TLS1_VERSION)
-                return(TLSv1_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *TLSv1_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-                
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_data.ssl_connect=ssl3_connect;
-                        TLSv1_data.ssl_accept=ssl3_accept;
-                        TLSv1_data.get_ssl_method=tls1_get_method;
-                        init=0;
-                        }
-
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        
-        return(&TLSv1_data);
-        }
-
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index 1c1149e49f..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static SSL_METHOD *tls1_get_server_method(int ver);
-static SSL_METHOD *tls1_get_server_method(int ver)
-        {
-        if (ver == TLS1_VERSION)
-                return(TLSv1_server_method());
-        else
-                return(NULL);
-        }
-
-SSL_METHOD *TLSv1_server_method(void)
-        {
-        static int init=1;
-        static SSL_METHOD TLSv1_server_data;
-
-        if (init)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-                if (init)
-                        {
-                        memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
-                                sizeof(SSL_METHOD));
-                        TLSv1_server_data.ssl_accept=ssl3_accept;
-                        TLSv1_server_data.get_ssl_method=tls1_get_server_method;
-                        init=0;
-                        }
-                        
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-                }
-        return(&TLSv1_server_data);
-        }
-
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 21da59a73a..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 512
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = sha1
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-commonName                      = Common Name (eg, YOUR name)
-commonName_value                = Dodgy CA
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true,pathlen:1
-keyUsage = cRLSign, keyCertSign
-issuerAltName=issuer:copy
-
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DH certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = CU
-countryName_value             = CU
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = La Junta de la Revolucion
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Junta
-
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = Hermanos Locos
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_key           = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = Hermanos Locos
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Hermanos Locos CA
-
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 876a0d35f8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 512
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = md2
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-2.commonName                    = Common Name (eg, YOUR name)
-2.commonName_value              = Proxy 1
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 373a87e7c2..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 512
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = md2
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-2.commonName                    = Common Name (eg, YOUR name)
-2.commonName_value              = Proxy 1
-
-3.commonName                    = Common Name (eg, YOUR name)
-3.commonName_value              = Proxy 2
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,@proxy_ext
-
-[ proxy_ext ]
-language=id-ppl-anyLanguage
-pathlen=0
-policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - Server
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Tortilleras S.A.
-
-0.commonName                  = Common Name (eg, YOUR name)
-0.commonName_value            = Torti
-
-1.commonName                  = Common Name (eg, YOUR name)
-1.commonName_value            = Gordita
-
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - Server
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_key           = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Tortilleras S.A.
-
-0.commonName                  = Common Name (eg, YOUR name)
-0.commonName_value            = Torti
-
-1.commonName                  = Common Name (eg, YOUR name)
-1.commonName_value            = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 0c0ebb5f67..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 512
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = md2
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-[ v3_ee ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints = CA:false
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-issuerAltName=issuer:copy
-
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
-y
-y
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index e81fc0733a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/sh
-
-# This script is used by test/Makefile to check whether a sane 'bc'
-# is installed.
-# ('make test_bn' should not try to run 'bc' if it does not exist or if
-# it is a broken 'bc' version that is known to cause trouble.)
-#
-# If 'bc' works, we also test if it knows the 'print' command.
-#
-# In any case, output an appropriate command line for running (or not
-# running) bc.
-
-
-IFS=:
-try_without_dir=true
-# First we try "bc", then "$dir/bc" for each item in $PATH.
-for dir in dummy:$PATH; do
-    if [ "$try_without_dir" = true ]; then
-      # first iteration
-      bc=bc
-      try_without_dir=false
-    else
-      # second and later iterations
-      bc="$dir/bc"
-      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
-        bc=''
-      fi
-    fi
-
-    if [ ! "$bc" = '' ]; then
-        failure=none
-
-
-        # Test for SunOS 5.[78] bc bug
-        "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-EOF
-        if [ 0 != "`cat tmp.bctest`" ]; then
-            failure=SunOStest
-        fi
-
-
-        if [ "$failure" = none ]; then
-            # Test for SCO bc bug.
-            "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-EOF
-            if [ "0
-0" != "`cat tmp.bctest`" ]; then
-                failure=SCOtest
-            fi
-        fi
-
-
-        if [ "$failure" = none ]; then
-            # bc works; now check if it knows the 'print' command.
-            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
-            then
-                echo "$bc"
-            else
-                echo "sed 's/print.*//' | $bc"
-            fi
-            exit 0
-        fi
-
-        echo "$bc does not work properly ('$failure' failed).  Looking for another bc ..." >&2
-    fi
-done
-
-echo "No working bc found.  Consider installing GNU bc." >&2
-if [ "$1" = ignore ]; then
-  echo "cat >/dev/null"
-  exit 0
-fi
-exit 1
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 005c2f4822..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* test/methtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "meth.h"
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
-        {
-        METHOD_CTX *top,*tmp1,*tmp2;
-
-        top=METH_new(x509_lookup()); /* get a top level context */
-        if (top == NULL) goto err;
-
-        tmp1=METH_new(x509_by_file());
-        if (top == NULL) goto err;
-        METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
-        METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
-        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
-
-        tmp2=METH_new(x509_by_dir());
-        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
-        METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
-        METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
-        METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
-
-/*      tmp=METH_new(x509_by_issuer_dir);
-        METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
-        METH_push(top,METH_X509_BY_ISSUER,tmp);
-
-        tmp=METH_new(x509_by_issuer_primary);
-        METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
-        METH_push(top,METH_X509_BY_ISSUER,tmp);
-*/
-
-        METH_init(top);
-        METH_control(tmp1,METH_CONTROL_DUMP,stdout);
-        METH_control(tmp2,METH_CONTROL_DUMP,stdout);
-        EXIT(0);
-err:
-        ERR_load_crypto_strings();
-        ERR_print_errors_fp(stderr);
-        EXIT(1);
-        return(0);
-        }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN PKCS7-----
-MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
-SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
-AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
-eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
-MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
-bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
-ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
-FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
-9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
-BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
-bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
-BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
-j7Kie1x339mxW/w9VZNTUDQQweHh
------END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
-     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
-     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
-     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
-     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
-     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
-     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
-     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
-     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
-     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
-     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
-     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
-     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
-     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
-     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
-     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
-     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
-     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
-     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
-     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
-     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
-     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
-     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
-     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
-     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
-     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
-     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
-     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
-     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
-     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
-     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
-     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
-     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
-     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
-     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
-     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
-     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
-     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
-     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
-     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
-     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
-     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
-     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
-     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
-     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
-     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
-     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
-     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
-     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
-     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
-     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
-     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index a172e393ca..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* test/r160test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 3ffed12a03..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl crl'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testcrl.pem
-fi
-
-echo testing crl conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index faad3914a8..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir             = ./demoCA              # Where everything is kept
-certs           = $dir/certs            # Where the issued certs are kept
-crl_dir         = $dir/crl              # Where the issued crl are kept
-database        = $dir/index.txt        # database index file.
-new_certs_dir   = $dir/new_certs        # default place for new certs.
-
-certificate     = $dir/CAcert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-crl             = $dir/crl.pem          # The current CRL
-private_key     = $dir/private/CAkey.pem# The private key
-RANDFILE        = $dir/private/.rand    # private random number file
-
-default_days    = 365                   # how long to certify for
-default_crl_days= 30                    # how long before next CRL
-default_md      = md5                   # which md to use.
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy          = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-####################################################################
-[ req ]
-default_bits            = 512
-default_keyfile         = testkey.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-stateOrProvinceName             = State or Province Name (full name)
-stateOrProvinceName_default     = Queensland
-stateOrProvinceName_value       =
-
-localityName                    = Locality Name (eg, city)
-localityName_value              = Brisbane
-
-organizationName                = Organization Name (eg, company)
-organizationName_default        = 
-organizationName_value          = CryptSoft Pty Ltd
-
-organizationalUnitName          = Organizational Unit Name (eg, section)
-organizationalUnitName_default  =
-organizationalUnitName_value    = .
-
-commonName                      = Common Name (eg, YOUR name)
-commonName_value                = Eric Young
-
-emailAddress                    = Email Address
-emailAddress_value              = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index 5b2faa78f1..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=./apps\;../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export SH PATH
-
-SSLEAY_CONFIG="-config CAss.cnf"
-export SSLEAY_CONFIG
-
-OPENSSL="`pwd`/../util/shlib_wrap.sh openssl"
-export OPENSSL
-
-/bin/rm -fr demoCA
-$SH ../apps/CA.sh -newca <<EOF
-EOF
-
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-SSLEAY_CONFIG="-config Uss.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -newreq
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-
-SSLEAY_CONFIG="-config ../apps/openssl.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -sign  <<EOF
-y
-y
-EOF
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-
-$SH ../apps/CA.sh -verify newcert.pem
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-/bin/rm -fr demoCA newcert.pem newreq.pem
-#usage: CA -newcert|-newreq|-newca|-sign|-verify
-
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN X509 CRL-----
-MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
-MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
-MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
-MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
-MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
-MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
-MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
-NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
-NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
-AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
-wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
-JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
------END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index 4571ea2875..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh
-
-testsrc=Makefile
-test=./p
-cmd="../util/shlib_wrap.sh ../apps/openssl"
-
-cat $testsrc >$test;
-
-echo cat
-$cmd enc -non-fips-allow < $test > $test.cipher
-$cmd enc -non-fips-allow < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
-        exit 1
-else
-        /bin/rm $test.cipher $test.clear
-fi
-echo base64
-$cmd enc -non-fips-allow -a -e < $test > $test.cipher
-$cmd enc -non-fips-allow -a -d < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
-        exit 1
-else
-        /bin/rm $test.cipher $test.clear
-fi
-
-for i in `$cmd list-cipher-commands`
-do
-        echo $i
-        $cmd $i -non-fips-allow -bufsize 113 -e -k test < $test > $test.$i.cipher
-        $cmd $i -non-fips-allow -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
-        cmp $test $test.$i.clear
-        if [ $? != 0 ]
-        then
-                exit 1
-        else
-                /bin/rm $test.$i.cipher $test.$i.clear
-        fi
-
-        echo $i base64
-        $cmd $i -non-fips-allow -bufsize 113 -a -e -k test < $test > $test.$i.cipher
-        $cmd $i -non-fips-allow -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
-        cmp $test $test.$i.clear
-        if [ $? != 0 ]
-        then
-                exit 1
-        else
-                /bin/rm $test.$i.cipher $test.$i.clear
-        fi
-done
-rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-
-T=testcert
-KEY=512
-CA=../certs/testca.pem
-
-/bin/rm -f $T.1 $T.2 $T.key
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH;
-else
-    PATH=../apps:$PATH;
-fi
-export PATH
-
-echo "generating certificate request"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  req_new='-newkey dsa:../apps/dsa512.pem'
-else
-  req_new='-new'
-  echo "There should be a 2 sequences of .'s and some +'s."
-  echo "There should not be more that at most 80 per line"
-fi
-
-echo "This could take some time."
-
-rm -f testkey.pem testreq.pem
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
-if [ $? != 0 ]; then
-echo problems creating request
-exit 1
-fi
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
-if [ $? != 0 ]; then
-echo signature on req is wrong
-exit 1
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PKCS7-----
-MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
-cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
-DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
-BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
-HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
-ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
-aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
-aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
-VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
-UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
-AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
-BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
-ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
-IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
-bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
-OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
-IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
-ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
-cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
-QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
-MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
-AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
-cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
-AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
-dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
-Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
-TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
-AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
-2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
-47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
-AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
-ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
-BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
-ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
-MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
-sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
-XfZsaiiIgotQHjEA
------END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
-DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
-hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
-gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
------END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
------END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN SSL SESSION PARAMETERS-----
-MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
-bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
-ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
-YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
-A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
-LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
-TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
-hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
------END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/bin/sh
-
-digest='-sha1'
-reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
-x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
-verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
-dummycnf="../apps/openssl.cnf"
-
-CAkey="keyCA.ss"
-CAcert="certCA.ss"
-CAreq="reqCA.ss"
-CAconf="CAss.cnf"
-CAreq2="req2CA.ss"      # temp
-
-Uconf="Uss.cnf"
-Ukey="keyU.ss"
-Ureq="reqU.ss"
-Ucert="certU.ss"
-
-P1conf="P1ss.cnf"
-P1key="keyP1.ss"
-P1req="reqP1.ss"
-P1cert="certP1.ss"
-P1intermediate="tmp_intP1.ss"
-
-P2conf="P2ss.cnf"
-P2key="keyP2.ss"
-P2req="reqP2.ss"
-P2cert="certP2.ss"
-P2intermediate="tmp_intP2.ss"
-
-echo
-echo "make a certificate request using 'req'"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  req_new='-newkey dsa:../apps/dsa512.pem'
-else
-  req_new='-new'
-fi
-
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a certificate request"
-        exit 1
-fi
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to self sign a certificate request"
-        exit 1
-fi
-
-echo
-echo "convert a certificate into a certificate request using 'x509'"
-$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' convert a certificate to a certificate request"
-        exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq -noout
-if [ $? != 0 ]; then
-        echo first generated request is invalid
-        exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
-if [ $? != 0 ]; then
-        echo second generated request is invalid
-        exit 1
-fi
-
-$verifycmd -CAfile $CAcert $CAcert
-if [ $? != 0 ]; then
-        echo first generated cert is invalid
-        exit 1
-fi
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a user certificate request"
-        exit 1
-fi
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a user certificate request"
-        exit 1
-fi
-
-$verifycmd -CAfile $CAcert $Ucert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
-
-echo
-echo "make a proxy certificate request using 'req'"
-$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a proxy certificate request"
-        exit 1
-fi
-
-echo
-echo "sign proxy certificate request with the just created user certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a proxy certificate request"
-        exit 1
-fi
-
-cat $Ucert > $P1intermediate
-$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
-
-echo
-echo "make another proxy certificate request using 'req'"
-$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate another proxy certificate request"
-        exit 1
-fi
-
-echo
-echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a second proxy certificate request"
-        exit 1
-fi
-
-cat $Ucert $P1cert > $P2intermediate
-$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
-
-echo
-echo The generated CA certificate is $CAcert
-echo The generated CA private key is $CAkey
-
-echo The generated user certificate is $Ucert
-echo The generated user private key is $Ukey
-
-echo The first generated proxy certificate is $P1cert
-echo The first generated proxy private key is $P1key
-
-echo The second generated proxy certificate is $P2cert
-echo The second generated proxy private key is $P2key
-
-/bin/rm err.ss
-#/bin/rm $P1intermediate
-#/bin/rm $P2intermediate
-exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 8ac90ae5ee..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
-  key=../apps/server.pem
-else
-  key="$1"
-fi
-if [ "$2" = "" ]; then
-  cert=../apps/server.pem
-else
-  cert="$2"
-fi
-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
-
-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
-  dsa_cert=YES
-else
-  dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
-  CA="-CApath ../certs"
-else
-  CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
-  extra=""
-else
-  extra="$4"
-fi
-
-#############################################################################
-
-echo test sslv2
-$ssltest -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication
-$ssltest -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication
-  $ssltest -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication
-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3
-$ssltest $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2 via BIO pair
-$ssltest -bio_pair -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication via BIO pair
-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 via BIO pair
-$ssltest $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2/sslv3 w/o DHE via BIO pair
-  $ssltest -bio_pair -no_dhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-#############################################################################
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-  echo skipping anonymous DH tests
-else
-  echo test tls1 with 1024bit anonymous DH, multiple handshakes
-  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  echo skipping RSA tests
-else
-  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
-
-  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-    echo skipping RSA+DHE tests
-  else
-    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
-  fi
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/sh
-
-echo 'Testing a lot of proxy conditions.'
-echo 'Some of them may turn out being invalid, which is fine.'
-for auth in A B C BC; do
-    for cond in A B C 'A|B&!C'; do
-        sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
-        if [ $? = 3 ]; then exit 1; fi
-    done
-done
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
-MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
-/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
-Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
-zl9HYIMxATFyqSiD9jsx
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 738d569b8f..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
-
-More number for the questions about SSL overheads....
-
-The following numbers were generated on a pentium pro 200, running linux.
-They give an indication of the SSL protocol and encryption overheads.
-
-The program that generated them is an unreleased version of ssl/ssltest.c
-which is the SSLeay ssl protocol testing program.  It is a single process that
-talks both sides of the SSL protocol via a non-blocking memory buffer
-interface.
-
-How do I read this?  The protocol and cipher are reasonable obvious.
-The next number is the number of connections being made.  The next is the
-number of bytes exchanged bewteen the client and server side of the protocol.
-This is the number of bytes that the client sends to the server, and then
-the server sends back.  Because this is all happening in one process,
-the data is being encrypted, decrypted, encrypted and then decrypted again.
-It is a round trip of that many bytes.  Because the one process performs
-both the client and server sides of the protocol and it sends this many bytes
-each direction, multiply this number by 4 to generate the number
-of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
-elapsed doing a full SSL handshake, the second is the cost of one
-full handshake and the rest being session-id reuse.
-
-SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
-SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
-SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
-SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
-SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
-SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
-SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
-
-SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
-SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
-SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
-SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
-SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
-SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
-
-SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
-SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
-SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
-SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
-SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
-SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
-SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
-
-SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
-SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
-SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
-SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
-SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
-SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
-SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
-
-What does this all mean?  Well for a server, with no session-id reuse, with
-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
-a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
-about 49 connections a second.  Reality will be quite different :-).
-
-Remeber the first number is 1000 full ssl handshakes, the second is
-1 full and 999 with session-id reuse.  The RSA overheads for each exchange
-would be one public and one private operation, but the protocol/MAC/cipher
-cost would be quite similar in both the client and server.
-
-eric (adding numbers to speculation)
-
---- Appendix ---
-- The time measured is user time but these number a very rough.
-- Remember this is the cost of both client and server sides of the protocol.
-- The TCP/kernel overhead of connection establishment is normally the
-  killer in SSL.  Often delays in the TCP protocol will make session-id
-  reuse look slower that new sessions, but this would not be the case on
-  a loaded server.
-- The TCP round trip latencies, while slowing indervidual connections,
-  would have minimal impact on throughput.
-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
-- the required number of bytes are processed.
-- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
-- A 512bit server key was being used except where noted.
-- No server key verification was being performed on the client side of the
-  protocol.  This would slow things down very little.
-- The library being used is SSLeay 0.8.x.
-- The normal mesauring system was commands of the form
-  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
-  This modified version of ssltest should be in the next public release of
-  SSLeay.
-
-The general cipher performace number for this platform are
-
-SSLeay 0.8.2a 04-Sep-1997
-built on Fri Sep  5 17:37:05 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
-The 'numbers' are in 1000s of bytes per second processed.
-type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
-md2               131.02k      368.41k      500.57k      549.21k      566.09k
-mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
-md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
-sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
-sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
-rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
-des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
-des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
-idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
-rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
-blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
-                  sign    verify
-rsa  512 bits   0.0100s   0.0011s
-rsa 1024 bits   0.0451s   0.0012s
-rsa 2048 bits   0.2605s   0.0086s
-rsa 4096 bits   1.6883s   0.0302s
-
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 79bb6e0edf..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testp7.pem
-fi
-
-echo testing pkcs7 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 20394b34c4..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=pkcs7-1.pem
-fi
-
-echo "testing pkcs7 conversions (2)"
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 7e020210a5..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testreq.pem
-fi
-
-if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
-  echo "skipping req conversion test for $t"
-  exit 0
-fi
-
-echo testing req conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -verify -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -verify -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 67b4a98841..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  echo skipping rsa conversion test
-  exit 0
-fi
-
-cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testrsa.pem
-fi
-
-echo testing rsa conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index fb4a7213b9..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testsid.pem
-fi
-
-echo testing session-id conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 1b9c8661f3..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/sh
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../util/shlib_wrap.sh ../apps/openssl x509'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testx509.pem
-fi
-
-echo testing X509 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in fff.p -inform p -outform n >f.n
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> d"
-$cmd -in f.n -inform n -outform d >ff.d2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> n"
-$cmd -in f.d -inform d -outform n >ff.n1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> n"
-$cmd -in f.n -inform n -outform n >ff.n2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in f.p -inform p -outform n >ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> p"
-$cmd -in f.n -inform n -outform p >ff.p2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.n ff.n1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
-NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
-dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
-ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
-ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
-miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
-AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
-MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
-AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
-X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
-WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
-YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
-ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
-dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
-WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
-BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
-FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
-6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
-G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
-YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
-b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
-F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
-lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
-jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
------END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index 38838ea9a5..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TLS1_H 
-#define HEADER_TLS1_H 
-
-#include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    1
-
-#define TLS1_VERSION                    0x0301
-#define TLS1_VERSION_MAJOR              0x03
-#define TLS1_VERSION_MINOR              0x01
-
-#define TLS1_AD_DECRYPTION_FAILED       21
-#define TLS1_AD_RECORD_OVERFLOW         22
-#define TLS1_AD_UNKNOWN_CA              48      /* fatal */
-#define TLS1_AD_ACCESS_DENIED           49      /* fatal */
-#define TLS1_AD_DECODE_ERROR            50      /* fatal */
-#define TLS1_AD_DECRYPT_ERROR           51
-#define TLS1_AD_EXPORT_RESTRICTION      60      /* fatal */
-#define TLS1_AD_PROTOCOL_VERSION        70      /* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY   71      /* fatal */
-#define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
-#define TLS1_AD_USER_CANCELLED          90
-#define TLS1_AD_NO_RENEGOTIATION        100
-
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
-
-/* AES ciphersuites from RFC3268 */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    "EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA         "EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
-
-
-#define TLS_CT_RSA_SIGN                 1
-#define TLS_CT_DSS_SIGN                 2
-#define TLS_CT_RSA_FIXED_DH             3
-#define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_NUMBER                   4
-
-#define TLS1_FINISH_MAC_LENGTH          12
-
-#define TLS_MD_MAX_CONST_SIZE                   20
-#define TLS_MD_CLIENT_FINISH_CONST              "client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
-#define TLS_MD_SERVER_FINISH_CONST              "server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE         15
-#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
-#define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
-#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
-#define TLS_MD_IV_BLOCK_CONST                   "IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE              8
-#define TLS_MD_MASTER_SECRET_CONST              "master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE         13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-